Malicious PDF — malware analysis report

Static analysis result for SHA-256 63f03c088a8a6b4f…

MALICIOUS

PDF

43.1 KB Created: 2018-11-23 21:09:40 +03:00 Authoring application: dvips 5.83 (MiKTeX 1.20b) Copyright 1998 Radical Eye Software (via Acrobat Distiller 4.0 for Windows)
MD5: 0b5014c568dcf7f00605622274caa7ec SHA-1: e3cae190340b2971e3103c55499a98a491f31d3a SHA-256: 63f03c088a8a6b4f9e812abcfb546984b1714b673d613dae11d4dc68ee6b36b8
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded URLs pointing to other PDF files on the same domain, as indicated by the 'PDF_SEO_LINK_FARM' heuristic. While no scripts were explicitly extracted, the ML classifier flagged the PDF as malicious, and the sheer volume of external links suggests a malicious intent, possibly for SEO manipulation or to distribute further malware. The document body was heavily obfuscated and unreadable.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8242

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/bad-unicorn-the-bad-unicorn-trilogy.pdf
    • http://www.gorillawalker.com/an-ancient-tear.pdf
    • http://www.gorillawalker.com/blues-guitar-steps-1-2-the-ultimate-beginner-series.pdf
    • http://www.gorillawalker.com/psycholgy-a-concise-introduction-why-zebras-don-t-get-ulcers.pdf
    • http://www.gorillawalker.com/time-lord-sir-sandford-fleming-and-the-creation-of-standard.pdf
    • http://www.gorillawalker.com/the-library-collaboration-and-flexible-scheduling-toolkit-everything-you-need.pdf
    • http://www.gorillawalker.com/blowout-prevention-well-control.pdf
    • http://www.gorillawalker.com/parasitology-non-athropods-borne-protozoa-1-kindle-edition.pdf
    • http://www.gorillawalker.com/bloom-s-how-to-write-about-alice-walker-bloom-s.pdf
    • http://www.gorillawalker.com/understanding-your-bowels-family-doctor-series.pdf
    • http://www.gorillawalker.com/the-red-wine-diet.pdf
    • http://www.gorillawalker.com/lourdes-grobet-lucha-libre.pdf
    • http://www.gorillawalker.com/low-carb-diet-recipes-34-atkins-breakfast-beverages-atkin-low.pdf
    • http://www.gorillawalker.com/close-case-samantha-kincaid-series.pdf
    • http://www.gorillawalker.com/hajime-nakamura-wagashi.pdf
    • http://www.gorillawalker.com/legal-and-ethical-issues-for-health-professionals.pdf
    • http://www.gorillawalker.com/rheumatic-disease-clinics-of-north-america-volume-13-2-august.pdf
    • http://www.gorillawalker.com/building-competitiveness-in-africa-s-agriculture-a-guide-to-value.pdf
    • http://www.gorillawalker.com/suicide-among-the-armed-forces-understanding-the-cost-of-service.pdf
    • http://www.gorillawalker.com/stargazer-evernight.pdf
    • http://www.gorillawalker.com/antichrist-cx-journal-of-the-so-called-antichrist-the-unedited.pdf
    • http://www.gorillawalker.com/happy-about-an-extra-hour-every-day-300-time-saving.pdf
    • http://www.gorillawalker.com/death-valley-photographer-s-guide.pdf
    • http://www.gorillawalker.com/by-mohammed-hassen-oromo-of-ethiopia-a-history-1570-1860.pdf
    • http://www.gorillawalker.com/the-oxford-picture-dictionary-english-chinese.pdf
    • http://www.gorillawalker.com/meet-the-authors-grades-5-8.pdf
    • http://www.gorillawalker.com/kent-state-what-happened-and-why.pdf
    • http://www.gorillawalker.com/the-time-has-come-our-journey-begins.pdf
    • http://www.gorillawalker.com/about-gartner-the-making-of-a-billion-dollar-it-advisory.pdf
    • http://www.gorillawalker.com/dicks-and-deedees-love-rockets.pdf
    • http://www.gorillawalker.com/the-complete-idiot-s-guide-to-surviving-peer-pressure-for.pdf
    • http://www.gorillawalker.com/godel-s-incompleteness-theorems-oxford-logic-guides.pdf
    • http://www.gorillawalker.com/graffiti-paris.pdf
    • http://www.gorillawalker.com/rand-mcnally-tampa-hillsborough-florida.pdf
    • http://www.gorillawalker.com/the-science-of-numerology.pdf
    • http://www.gorillawalker.com/thatcher-reagan-and-mulroney-in-search-of-a-new-bureaucracy.pdf
    • http://www.gorillawalker.com/student-workbook-to-accompany-lippincott-s-textbook-for-nursing-assistants.pdf
    • http://www.gorillawalker.com/the-impact-of-stravinsky-s-serial-conversion-on-composers-of.pdf
    • http://www.gorillawalker.com/el-patr-n-del-opio-spanish-edition.pdf
    • http://www.gorillawalker.com/american-media-history.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.