Malicious PDF — malware analysis report

Static analysis result for SHA-256 5bf0357a7ba2f082…

MALICIOUS

PDF

39.7 KB Created: 2018-11-30 20:09:02 +03:00 Authoring application: Adobe InDesign CS4_J (6.0.5) (via Acrobat Distiller 7.0 (Windows))
MD5: 20602cfa217daab42344ff92f56da8b4 SHA-1: 2499a28717935151801ea56a858bc6c71a0e2da6 SHA-256: 5bf0357a7ba2f082c394e902c16787e9843d6cbf8488496a84dd5181fd7fee5e
100 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded links to external PDF files, identified by the PDF_SEO_LINK_FARM heuristic. This suggests the document is part of a link farm or SEO manipulation tactic, potentially to drive traffic or distribute malicious content. The ML_NYX_PDF_MALICIOUS heuristic also flagged the document as malicious with high confidence. While a 'download button' lure was detected, the primary malicious activity appears to be the mass linking.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
    Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/my-first-bilingual-book-home-english-urdu.pdf
    • http://www.gorillawalker.com/fast-and-easy-breakfast-recipes-kindle-edition.pdf
    • http://www.gorillawalker.com/mariner-outboards-3-4-6-cylinders-1977-1989-seloc-marine.pdf
    • http://www.gorillawalker.com/the-sailing-doctor.pdf
    • http://www.gorillawalker.com/algebra-1-studentworks-plus-dvd.pdf
    • http://www.gorillawalker.com/darwin-design-and-democracy-news-an-article-from-skeptic-altadena.pdf
    • http://www.gorillawalker.com/fred-hoyle-a-life-in-science.pdf
    • http://www.gorillawalker.com/the-political-identity-of-andrew-marvell.pdf
    • http://www.gorillawalker.com/twyla-tharp-library-of-american-choreographers.pdf
    • http://www.gorillawalker.com/build-your-own-burger-byob.pdf
    • http://www.gorillawalker.com/construction-law-journal-2004.pdf
    • http://www.gorillawalker.com/birdman-of-alcatraz-the-story-of-robert-stroud-gollancz-paperback.pdf
    • http://www.gorillawalker.com/heart-of-the-storm-vol-1-the-genesis-of-the.pdf
    • http://www.gorillawalker.com/not-a-box.pdf
    • http://www.gorillawalker.com/forensic-examination-of-hair-international-forensic-science-and-investigation.pdf
    • http://www.gorillawalker.com/shatter-me.pdf
    • http://www.gorillawalker.com/by-kenneth-falconer-fractals-a-very-short-introduction-very-short.pdf
    • http://www.gorillawalker.com/the-desolate-city-revolution-in-the-catholic-church.pdf
    • http://www.gorillawalker.com/beating-the-sicilian-3.pdf
    • http://www.gorillawalker.com/discrete-choice-methods-with-simulation.pdf
    • http://www.gorillawalker.com/mcdonnell-douglas-f-15-eagle.pdf
    • http://www.gorillawalker.com/accident-and-emergency-radiology-2e.pdf
    • http://www.gorillawalker.com/pspice-for-circuit-theory-and-electronic-devices-synthesis-lectures-on.pdf
    • http://www.gorillawalker.com/hablemos-claro-alcohol-y-drogas-straight-talk-drugs-and-alcohol.pdf
    • http://www.gorillawalker.com/waffen-ss-in-the-west-holland-belgium-france-1940.pdf
    • http://www.gorillawalker.com/dante-s-sacred-poem-flesh-and-the-centrality-of-the.pdf
    • http://www.gorillawalker.com/the-acoustical-foundations-of-music.pdf
    • http://www.gorillawalker.com/introduction-to-mathcad-11-with-mathcad-cd-custom-edition-for.pdf
    • http://www.gorillawalker.com/gesenius-hebrew-and-chaldee-lexicon-to-the-old-testament-scriptures.pdf
    • http://www.gorillawalker.com/touchstone-level-3-workbook.pdf
    • http://www.gorillawalker.com/kringle-street.pdf
    • http://www.gorillawalker.com/50-irish-fiddle-tunes.pdf
    • http://www.gorillawalker.com/mcat-success-chemistry-guide-logarithms-the-ph-scale-kindle-edition.pdf
    • http://www.gorillawalker.com/the-core-program-fifteen-minutes-a-day-that-can-change.pdf
    • http://www.gorillawalker.com/downtown-2-english-for-work-and-life.pdf
    • http://www.gorillawalker.com/en-espa-ol-eedition-cd-rom-5-pack-level-2.pdf
    • http://www.gorillawalker.com/the-shield-maiden-s-revenge-a-viking-novella-the-vikings.pdf
    • http://www.gorillawalker.com/mccall-s-cooking-school-recipe-card-desserts-51-macaroon-bavarian.pdf
    • http://www.gorillawalker.com/nazareth-s-song-millwood-hollow-series-2.pdf
    • http://www.gorillawalker.com/on-prophecy-thru-the-bible.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.