Malicious PDF — malware analysis report

Static analysis result for SHA-256 67c77defc7909f2e…

MALICIOUS

PDF

45.6 KB Created: 2018-12-02 10:55:39 +03:00 Authoring application: Acrobat PDFMaker 7.0 for Word (via Acrobat Distiller 7.0 (Windows))
MD5: ae3e5f565e8109f232ada0d9eec8036c SHA-1: ab62d5acb6a1245e5137de83ff4cd47342be2808 SHA-256: 67c77defc7909f2ea08c2e0d4821697724659e00a31efaaf8c0ed847d1d9a3ee
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded URLs pointing to external PDF files, triggering the 'PDF_SEO_LINK_FARM' heuristic. The ML classifier also flagged the document as malicious. The primary attack pattern appears to be the creation of a link farm, potentially for SEO manipulation or to distribute a payload via the linked documents.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8634

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/how-to-do-set-it-and-forget-it-day-trading.pdf
    • http://www.gorillawalker.com/pickard-chilton-architecture.pdf
    • http://www.gorillawalker.com/bone-tumors-kindle-edition.pdf
    • http://www.gorillawalker.com/broken-midnight.pdf
    • http://www.gorillawalker.com/pro-tools-101-official-courseware.pdf
    • http://www.gorillawalker.com/brahmas-sutras-sanskrit-text-english-translation-commentary-and-notes-2.pdf
    • http://www.gorillawalker.com/connect-plus-math-by-aleks-52-weeks-access-card-for.pdf
    • http://www.gorillawalker.com/propaganda-understanding-the-power-of-persuasion-teen-issues-enslow.pdf
    • http://www.gorillawalker.com/john-j-mccloy-an-american-architect-of-postwar-germany-br.pdf
    • http://www.gorillawalker.com/american-mathematics-competitions-8-practice.pdf
    • http://www.gorillawalker.com/200-division-worksheets-with-4-digit-dividends-2-digit-divisors.pdf
    • http://www.gorillawalker.com/the-griffin-s-aide-de-camp-containing-hints-on-the.pdf
    • http://www.gorillawalker.com/peter-rabbit-and-eleven-other-favorite-tales-dover-children-s.pdf
    • http://www.gorillawalker.com/physicain-assisted-suicide-and-euthanasia.pdf
    • http://www.gorillawalker.com/capitalism-a-ghost-story.pdf
    • http://www.gorillawalker.com/vogue-patterns-magazine-september-october-1988-fashion-sewing-career-ralph.pdf
    • http://www.gorillawalker.com/volcanoes-100-facts-you-should-know.pdf
    • http://www.gorillawalker.com/the-american-psychiatric-publishing-textbook-of-suicide-assessment-and-management.pdf
    • http://www.gorillawalker.com/library-acquisition-policies-and-procedures-a-neal-schuman-professional-book.pdf
    • http://www.gorillawalker.com/electrochemical-processing-in-ulsi-fabrication-iii.pdf
    • http://www.gorillawalker.com/messianism-zionism-and-jewish-religious-radicalism-chicago-studies-in-the.pdf
    • http://www.gorillawalker.com/latinos-and-american-law-landmark-supreme-court-cases.pdf
    • http://www.gorillawalker.com/the-heath-anthology-of-american-literature-volume-d-modern-period.pdf
    • http://www.gorillawalker.com/what-counts-as-credible-evidence-in-applied-research-and-evaluation.pdf
    • http://www.gorillawalker.com/isaac-bashevis-singer-conversations-literary-conversations.pdf
    • http://www.gorillawalker.com/new-dictionary-of-the-history-of-ideas-005.pdf
    • http://www.gorillawalker.com/management-of-information-technology.pdf
    • http://www.gorillawalker.com/her-volunteer-cowboy-harland-county-series-book-6.pdf
    • http://www.gorillawalker.com/sales-book-sales-journal-log-book.pdf
    • http://www.gorillawalker.com/sons-of-heaven-stories-of-chinese-emperors-through-the-ages.pdf
    • http://www.gorillawalker.com/christian-dior-the-early-years-1947-1957.pdf
    • http://www.gorillawalker.com/private-matters-in-defense-of-the-personal-life.pdf
    • http://www.gorillawalker.com/huge-burial-mound-ten-noryo-flood-control-and-king-kodansha.pdf
    • http://www.gorillawalker.com/tropic-beauty-wall-calendar-2015.pdf
    • http://www.gorillawalker.com/portrait-of-cuba.pdf
    • http://www.gorillawalker.com/mixed-media-aself-portrait.pdf
    • http://www.gorillawalker.com/sex-and-war-how-biology-explains-warfare-and-terrorism-and.pdf
    • http://www.gorillawalker.com/the-new-encyclopedia-of-modern-sewing.pdf
    • http://www.gorillawalker.com/dr-blair-s-mandarin-chinese-in-no-time-the-revolutionary.pdf
    • http://www.gorillawalker.com/the-druid-plant-oracle.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.