Malicious PDF — malware analysis report

Static analysis result for SHA-256 6d729b364b4f379e…

MALICIOUS

PDF

41.2 KB Created: 2018-11-15 19:35:56 +03:00 Authoring application: Adobe Acrobat Pro 11.0.18 (via Adobe PDF Library 11.0)
MD5: a777ab74919a0742d3531937203a7eef SHA-1: dd9848643c267de8875e1f5911a63d8c1c1a4e55 SHA-256: 6d729b364b4f379eaa4f092b573076f73b79d40e67a49bff7510a837424cffa0
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded links to external PDF files, as indicated by the 'PDF_SEO_LINK_FARM' heuristic. The ML classifier also flagged the document as malicious. The primary attack pattern observed is the distribution of numerous links, likely to manipulate search engine results or to serve as a distribution point for further malicious content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8872

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/japanese-for-young-people-iii-cds.pdf
    • http://www.gorillawalker.com/biblia-en-rompecabezas-para-los-principiantes-la-beginner-s-puzzle.pdf
    • http://www.gorillawalker.com/gothic-four-hundred-years-of-excess-horror-evil-and-ruin.pdf
    • http://www.gorillawalker.com/classroom-assessment-scoring-system-tm-class-tm-forms-vital-statistics.pdf
    • http://www.gorillawalker.com/the-sun-in-eclipse-the-patrick-moore-practical-astronomy-series.pdf
    • http://www.gorillawalker.com/the-baltimore-waltz-and-other-plays.pdf
    • http://www.gorillawalker.com/there-s-a-dinosaur-in-my-soup.pdf
    • http://www.gorillawalker.com/motor-bus-services-of-kent-and-east-sussex-a-brief.pdf
    • http://www.gorillawalker.com/the-key-of-life-astrology-of-the-lunar-nodes.pdf
    • http://www.gorillawalker.com/maid-of-heaven-the-story-of-saint-joan-of-arc.pdf
    • http://www.gorillawalker.com/unbound-snowboarding-2012-2013-volume-03.pdf
    • http://www.gorillawalker.com/in-the-shadow-of-the-bush.pdf
    • http://www.gorillawalker.com/the-atlas-of-ancient-worlds.pdf
    • http://www.gorillawalker.com/darwin-s-bass-the-evolutionary-psychology-of-fishing-man.pdf
    • http://www.gorillawalker.com/lewis-carroll-s-alice-s-adventures-in-wonderland-and-through.pdf
    • http://www.gorillawalker.com/gastroparesis-an-issue-of-gastroenterology-clinics-of-north-america-1e.pdf
    • http://www.gorillawalker.com/tony-turtle-and-friends.pdf
    • http://www.gorillawalker.com/beginning-reading-grade-k-gold-star-edition-home-workbooks.pdf
    • http://www.gorillawalker.com/let-s-go-poekhali-cd-audio-1-2-russian-edition.pdf
    • http://www.gorillawalker.com/principles-of-exercise-testing-and-interpretation.pdf
    • http://www.gorillawalker.com/horses-2011-monthly-personal-planner.pdf
    • http://www.gorillawalker.com/readings-in-macroeconomics.pdf
    • http://www.gorillawalker.com/new-word-a-day-365-new-words-a-day-one.pdf
    • http://www.gorillawalker.com/circle-round-raising-children-in-goddess-traditions.pdf
    • http://www.gorillawalker.com/luigi-cherubini-requiem-mass-in-c-minor-for-mixed-chorus.pdf
    • http://www.gorillawalker.com/the-solomon-complex-reading-wisdom-in-old-english-poetry-mcmastu.pdf
    • http://www.gorillawalker.com/drive-time-spanish-cd-learn-spanish-while-you-drive-all.pdf
    • http://www.gorillawalker.com/eigrp-for-ip-basic-operation-and-configuration-the-addison-wesley.pdf
    • http://www.gorillawalker.com/cognitive-neuroscience-and-psychotherapy-network-principles-for-a-unified-theory.pdf
    • http://www.gorillawalker.com/windows-xp-para-dummies-spanish-edition.pdf
    • http://www.gorillawalker.com/the-london-armourers-of-the-17th-century.pdf
    • http://www.gorillawalker.com/a-lifetime-on-clouds-text-classics.pdf
    • http://www.gorillawalker.com/star-trek-voyager-companion.pdf
    • http://www.gorillawalker.com/anthology-of-jazz-songs-gold-edition-piano-vocal-guitar.pdf
    • http://www.gorillawalker.com/understanding-meth-the-epidemic.pdf
    • http://www.gorillawalker.com/triumph-of-the-city-how-our-greatest-invention-makes-us.pdf
    • http://www.gorillawalker.com/innovian-collection-power-supply-circuits-sourcebook.pdf
    • http://www.gorillawalker.com/justified-means-the-agency-files-volume-1.pdf
    • http://www.gorillawalker.com/name-reactions-and-reagents-in-organic-synthesis.pdf
    • http://www.gorillawalker.com/biloxi-memories.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.