Malicious PDF — malware analysis report

Static analysis result for SHA-256 5c8da7ae74689813…

MALICIOUS

PDF

44.3 KB Created: 2018-12-07 18:27:31 +03:00 Authoring application: QuarkXPressª: LaserWriter 8 8.5.1 (via Acrobat Distiller 3.01 for Power Macintosh)
MD5: fa515b9388f47175001de007239159ff SHA-1: bd63579b6d83bc0e20edb62848a2870823657dfc SHA-256: 5c8da7ae74689813faf803ce277eadc88d1c96dab13c05934f0b464c07e43c01
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF was flagged by a machine learning classifier and a critical heuristic identified it as a link farm containing 32 external PDF links. The document body is heavily obfuscated, preventing analysis of its direct content. The primary attack pattern observed is the embedding of a large number of URLs, suggesting a malicious intent to redirect users to potentially harmful sites or for SEO manipulation.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8439

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/raman-amplification-in-fiber-optical-communication-systems-optics-and-photonics.pdf
    • http://www.gorillawalker.com/the-lever-of-riches-technological-creativity-and-economic-progress.pdf
    • http://www.gorillawalker.com/numbers-first-steps-board-books.pdf
    • http://www.gorillawalker.com/now-you-know-me-think-more-a-journey-with-autism.pdf
    • http://www.gorillawalker.com/discovering-french-nouveau-texas-bleu-pe-tx-edition-2005-level.pdf
    • http://www.gorillawalker.com/leslie-howard-the-lost-actor-revised-second-edition.pdf
    • http://www.gorillawalker.com/the-pleasure-of-their-company.pdf
    • http://www.gorillawalker.com/lettres-de-jean-arthur-rimbaud-gypte-arabie-thiopie-avec-une.pdf
    • http://www.gorillawalker.com/adult-critical-care-specialty-quick-exam-review.pdf
    • http://www.gorillawalker.com/wet-dreams-home-schooled.pdf
    • http://www.gorillawalker.com/against-calvinism.pdf
    • http://www.gorillawalker.com/1000-totally-unfair-words-for-scrabble-words-with-friends-outrageously.pdf
    • http://www.gorillawalker.com/stupid-laws-of-cuba-funny-dumb-and-strange-cuban-laws.pdf
    • http://www.gorillawalker.com/the-treasure-of-the-tuatha-de-danann-a-dual-language.pdf
    • http://www.gorillawalker.com/the-body-culture-and-society-an-introduction.pdf
    • http://www.gorillawalker.com/the-postcard.pdf
    • http://www.gorillawalker.com/the-wet-forever.pdf
    • http://www.gorillawalker.com/painting-below-zero-notes-on-a-life-in-art-hardback.pdf
    • http://www.gorillawalker.com/tunesmith-inside-the-art-of-songwriting.pdf
    • http://www.gorillawalker.com/the-oz-family-kitchen-more-than-100-simple-and-delicious.pdf
    • http://www.gorillawalker.com/run-children-run-to-bethlehem-2-part-opt-percussion-c.pdf
    • http://www.gorillawalker.com/fruits-basket-11-spanish-edition.pdf
    • http://www.gorillawalker.com/collins-beginner-s-chinese-dictionary-collins-language.pdf
    • http://www.gorillawalker.com/the-unofficial-guide-to-las-vegas-2007-unofficial-guides.pdf
    • http://www.gorillawalker.com/w-w-greece-sporades.pdf
    • http://www.gorillawalker.com/come-let-us-welcome-shabbat-shabbat-prayer.pdf
    • http://www.gorillawalker.com/captain-scott-famous-people-famous-lives.pdf
    • http://www.gorillawalker.com/ssat-elementary-level-secrets-study-guide-ssat-test-review-for.pdf
    • http://www.gorillawalker.com/ponds-formation-characteristics-and-uses-earth-sciences-in-the-21st.pdf
    • http://www.gorillawalker.com/diversities-in-early-childhood-education-rethinking-and-doing-changing-images.pdf
    • http://www.gorillawalker.com/semiconductors-and-semimetals-volume-19-nineteen-deep-levels-gaas-alloys.pdf
    • http://www.gorillawalker.com/obstetrics-and-gynecology-recall.pdf
    • http://www.gorillawalker.com/oranges-in-the-sun-short-stories-from-the-arabian-gulf.pdf
    • http://www.gorillawalker.com/a-concise-history-of-american-music-education.pdf
    • http://www.gorillawalker.com/alzheimer-s-disease-optimizing-drug-development-strategies.pdf
    • http://www.gorillawalker.com/the-red-boat.pdf
    • http://www.gorillawalker.com/first-peoples-a-documentary-survey-of-american-indian-history-4th.pdf
    • http://www.gorillawalker.com/a-genie-s-wisdom-a-fable-of-how-a-ceo.pdf
    • http://www.gorillawalker.com/vittorio-the-vampire-new-tales-of-the-vampires-by-rice.pdf
    • http://www.gorillawalker.com/call-it-science-fiction-part-3-prophet-of-doom-part.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.