Malicious PDF — malware analysis report

Static analysis result for SHA-256 6d7cd12b4470624b…

MALICIOUS

PDF

41.3 KB Created: 2018-12-28 08:18:56 +03:00 Authoring application: Acrobat PDFMaker 9.0 for Word (via Acrobat Distiller 9.0.0 (Windows))
MD5: 70f439b62947d531bd97c7a8fa5914a3 SHA-1: 009030d5e2449aa5e452681f7977636b7dccf82a SHA-256: 6d7cd12b4470624b9eea088068b657431d75aab566247eefd093dcef099e161f
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF was flagged by a critical heuristic for containing a large number of external links, suggesting a link farm or SEO manipulation tactic. While no scripts were extracted, the sheer volume of embedded URLs points towards a malicious intent to direct users to potentially harmful content or to game search engine results. The ML classifier also strongly indicated maliciousness.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9027

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/no-human-power-relieving-our-alcoholism.pdf
    • http://www.gorillawalker.com/wellington-s-specialist-troops-men-at-arms.pdf
    • http://www.gorillawalker.com/cozy-burrow-peter-rabbit-24-pieces-floor-puzzle.pdf
    • http://www.gorillawalker.com/analytical-mechanics-solutions-to-problems-in-classical-physics.pdf
    • http://www.gorillawalker.com/a-homoeopathic-approach-to-cancer.pdf
    • http://www.gorillawalker.com/flip-for-puzzles-volume-3.pdf
    • http://www.gorillawalker.com/special-operations-patrol-vehicles-afghanistan-and-iraq-new-vanguard.pdf
    • http://www.gorillawalker.com/una-nueva-oportunidad-serie-oportunidades-n-1-spanish-edition.pdf
    • http://www.gorillawalker.com/nowhere-to-run-a-contemporary-prodigal-son-musical.pdf
    • http://www.gorillawalker.com/the-customer-oriented-laboratory-practical-laboratory-management-series.pdf
    • http://www.gorillawalker.com/belle-starr.pdf
    • http://www.gorillawalker.com/motivaci-n-autoestima-mejor-a-a-trav-s-de-la.pdf
    • http://www.gorillawalker.com/principles-of-business-for-cxc.pdf
    • http://www.gorillawalker.com/pulmonary-infection-advances-in-experimental-medicine-and-biology.pdf
    • http://www.gorillawalker.com/moisture-sorption-practical-aspects-of-isotherm-measurement-and-use.pdf
    • http://www.gorillawalker.com/una-vez-argentina-narrativas-hispanicas-spanish-edition.pdf
    • http://www.gorillawalker.com/beckett-almanac-of-baseball-cards-and-collectibles.pdf
    • http://www.gorillawalker.com/roget-s-thesaurus.pdf
    • http://www.gorillawalker.com/whom-the-gods-would-destroy.pdf
    • http://www.gorillawalker.com/green-smoothie-diet-the-best-green-smoothie-ingredients-to-make.pdf
    • http://www.gorillawalker.com/caravaggio-rizzoli-art-classics.pdf
    • http://www.gorillawalker.com/minecraft-tr.pdf
    • http://www.gorillawalker.com/rescue-me-the-holmes-brothers-book-3.pdf
    • http://www.gorillawalker.com/sprachf-rderung-bei-kindern-mit-down-syndrom-mit-ausf-hrlicher.pdf
    • http://www.gorillawalker.com/the-new-wave-in-cooking-light-and-simple-microwave-cookery.pdf
    • http://www.gorillawalker.com/new-aspects-of-organic-chemistry-ii-organic-synthesis-for-materials.pdf
    • http://www.gorillawalker.com/proyecto-de-un-c-digo-civil-para-el-estado-oriental.pdf
    • http://www.gorillawalker.com/the-orange-code-how-ing-direct-succeeded-by-being-a.pdf
    • http://www.gorillawalker.com/mums-shape-up-safe-and-easy-postnatal-exercises-for-recovery.pdf
    • http://www.gorillawalker.com/learn-german-with-mimi-mimi-and-the-exhibition-a-picture.pdf
    • http://www.gorillawalker.com/3-duets-for-the-piano-op-6-country-dance-no.pdf
    • http://www.gorillawalker.com/traveller-s-literary-companion-to-africa.pdf
    • http://www.gorillawalker.com/practise-learn-algebra-ages-10-11.pdf
    • http://www.gorillawalker.com/western-front-1917-1918-the-the-history-of-world-war.pdf
    • http://www.gorillawalker.com/one-nation-indivisible-a-study-of-secession-and-the-constitution.pdf
    • http://www.gorillawalker.com/maxwell-the-final-verdict.pdf
    • http://www.gorillawalker.com/abduction.pdf
    • http://www.gorillawalker.com/anne-abrams-engineering-drafter-working-moms.pdf
    • http://www.gorillawalker.com/the-dimwit-s-dictionary-3rd-edition.pdf
    • http://www.gorillawalker.com/chinese-herbal-tonics.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.