Malicious PDF — malware analysis report

Static analysis result for SHA-256 689cc4404bd954b8…

MALICIOUS

PDF

41.3 KB Created: 2018-11-23 21:00:53 +03:00 Authoring application: iBooks Author (via Mac OS X 10.9.3 Quartz PDFContext)
MD5: edd9ec234f823718071e6fc7eef643e0 SHA-1: 0473ba796a982dda51d5f03dac64aecb36850b06 SHA-256: 689cc4404bd954b84276bd616957efdca3bcd150c19575c67aac0d07f2139b28
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded URLs pointing to external PDF files on the same domain, as indicated by the 'PDF_SEO_LINK_FARM' heuristic. This suggests the document is designed to manipulate search engine results or to act as a gateway to a large collection of potentially malicious or unwanted content. No scripts were extracted, but the embedded URLs are the primary indicators of malicious intent.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8872

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-dominguez-escalante-journal-their-expedition-through-colorado-utah-arizona.pdf
    • http://www.gorillawalker.com/evangelism-for-the-fainthearted.pdf
    • http://www.gorillawalker.com/water-treatment-processes-simple-options-new-directions-in-civil-engineering.pdf
    • http://www.gorillawalker.com/death-of-an-expert-witness-adam-dalgliesh-mystery-series-6.pdf
    • http://www.gorillawalker.com/womancode-perfect-your-cycle-amplify-your-fertility-supercharge-your-sex.pdf
    • http://www.gorillawalker.com/genomics-of-tropical-crop-plants-plant-genetics-and-genomics-crops.pdf
    • http://www.gorillawalker.com/the-concise-oxford-dictionary-of-the-christian-church-oxford-paperback.pdf
    • http://www.gorillawalker.com/stop-the-clock-the-optimal-anti-aging-strategy.pdf
    • http://www.gorillawalker.com/from-the-storm-kindle-edition.pdf
    • http://www.gorillawalker.com/the-sun-from-space-astronomy-and-astrophysics-library.pdf
    • http://www.gorillawalker.com/one-great-insight-is-worth-a-thousand-good-ideas-an.pdf
    • http://www.gorillawalker.com/deep-play.pdf
    • http://www.gorillawalker.com/tales-of-innocence-and-experience-an-exploration.pdf
    • http://www.gorillawalker.com/la-historia-del-evangelio-spanish-edition.pdf
    • http://www.gorillawalker.com/re-orientalism-and-indian-writing-in-english.pdf
    • http://www.gorillawalker.com/media-in-egypt-and-tunisia-from-control-to-transition-palgrave.pdf
    • http://www.gorillawalker.com/encyclopedia-of-electronic-circuits-volume-i.pdf
    • http://www.gorillawalker.com/combat-shooting-with-massad-ayoob.pdf
    • http://www.gorillawalker.com/why-parents-matter-parental-investment-and-child-outcomes.pdf
    • http://www.gorillawalker.com/spoiled-evelyn-the-mail-order-brides-of-boot-creek-book.pdf
    • http://www.gorillawalker.com/polar-exploration.pdf
    • http://www.gorillawalker.com/animal-psychology-seminars-held-at-strasbourg-university-october-1956-and.pdf
    • http://www.gorillawalker.com/67-need-to-know-tips-to-extend-your-car-s.pdf
    • http://www.gorillawalker.com/romeo-and-juliet-suite-no-2-op-64ter-study-score.pdf
    • http://www.gorillawalker.com/facades.pdf
    • http://www.gorillawalker.com/seventh-son-tales-of-alvin-maker-book-1.pdf
    • http://www.gorillawalker.com/history-and-genealogy-of-the-pomeroy-family-part-3-collateral.pdf
    • http://www.gorillawalker.com/cinema-unchained-the-films-of-quentin-tarantino.pdf
    • http://www.gorillawalker.com/my-creative-thoughts-inspired-by-global-best-selling-authors.pdf
    • http://www.gorillawalker.com/treating-the-borderline-family-a-systematic-approach-family-therapy.pdf
    • http://www.gorillawalker.com/high-heels-and-18-wheels-confessions-of-a-lady-trucker.pdf
    • http://www.gorillawalker.com/the-theory-of-catering.pdf
    • http://www.gorillawalker.com/carpets-from-china-xinjiang-and-tibet.pdf
    • http://www.gorillawalker.com/curriculum-the-teacher-s-initiative-3rd-edition.pdf
    • http://www.gorillawalker.com/undaunted-knights-in-black-leather.pdf
    • http://www.gorillawalker.com/fear-hall-the-beginning-fear-street-no-46.pdf
    • http://www.gorillawalker.com/penang-heritage-food-yesterday-s-recipes-for-today-s-cook.pdf
    • http://www.gorillawalker.com/tarumba-poems-spanish-edition.pdf
    • http://www.gorillawalker.com/of-human-phenomena.pdf
    • http://www.gorillawalker.com/venice-berlitz-pocket-travel-guides.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.