Malicious PDF — malware analysis report

Static analysis result for SHA-256 6f0b4a513f5e5d9f…

MALICIOUS

PDF

40.4 KB Created: 2018-11-23 21:03:34 +03:00 Authoring application: FrameMaker 6.0 (via Acrobat Distiller 6.0.1 for Macintosh)
MD5: df46b72bcdbfa4444d572d5cae4ce8b9 SHA-1: 3545ebbd01817ad91c14e5ca0c6108ad37e599f8 SHA-256: 6f0b4a513f5e5d9f3e5487d3766acef2ee36accfdaa5f36166331d5836824f2c
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a significant number of embedded URLs pointing to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. While the document body is heavily obfuscated, the presence of numerous links suggests an attempt to manipulate search engine rankings or distribute content from a specific domain. The ML_NYX_PDF_MALICIOUS heuristic further supports the malicious classification.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8872

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/was-jesus-really-born-of-a-virgin-christian-answers-to.pdf
    • http://www.gorillawalker.com/the-project-management-life-cycle-a-complete-step-by-step.pdf
    • http://www.gorillawalker.com/el-viaje-de-su-vida-nivel-1-libro-d-spanish.pdf
    • http://www.gorillawalker.com/imc-using-advertising-and-promotion-to-build-brands.pdf
    • http://www.gorillawalker.com/oxford-english-dictionary-2nd-edition-version-4-0-windows-mac.pdf
    • http://www.gorillawalker.com/the-new-birdhouse-book-inspiration-and-instruction-for-building-50.pdf
    • http://www.gorillawalker.com/study-skills-research-based-teaching-strategies.pdf
    • http://www.gorillawalker.com/destiny-s-kiss-a-darkworld-novel-destiny-walker-1-kindle.pdf
    • http://www.gorillawalker.com/how-to-build-an-underground-shelter-kindle-edition.pdf
    • http://www.gorillawalker.com/ataques-al-rey-ajedrez-tactico-spanish-edition.pdf
    • http://www.gorillawalker.com/julian-of-norwich.pdf
    • http://www.gorillawalker.com/crowning-glory-urban-christian.pdf
    • http://www.gorillawalker.com/type-vii-germany-s-most-successful-u-boats.pdf
    • http://www.gorillawalker.com/nonlinear-methods-in-econometrics-contributions-to-economic-analysis.pdf
    • http://www.gorillawalker.com/the-4th-paradigm-of-science-social-networks.pdf
    • http://www.gorillawalker.com/born-at-midnight-shadow-falls-book-1.pdf
    • http://www.gorillawalker.com/mexico-and-the-grand-canyon-of-arizona-collver-gates-tours.pdf
    • http://www.gorillawalker.com/the-flying-instructor-s-patter-manual.pdf
    • http://www.gorillawalker.com/one-good-deed-a-day.pdf
    • http://www.gorillawalker.com/the-marriage-of-anansewa-edufa-two-plays-longman-african-classics.pdf
    • http://www.gorillawalker.com/the-dance-of-the-molecules-how-nanotechnology-is-changing-our.pdf
    • http://www.gorillawalker.com/it-s-a-boy.pdf
    • http://www.gorillawalker.com/catalogue-of-printed-books-and-manuscripts-relating-to-the-conquest.pdf
    • http://www.gorillawalker.com/how-to-grow-an-effective-sunday-school.pdf
    • http://www.gorillawalker.com/mcdougal-littell-high-school-math-spanish-reteaching-workbook-algebra-1.pdf
    • http://www.gorillawalker.com/green-porno.pdf
    • http://www.gorillawalker.com/camping-and-outdoor-cooking.pdf
    • http://www.gorillawalker.com/some-kind-of-wonderful.pdf
    • http://www.gorillawalker.com/erwin-olaf-volume-ii.pdf
    • http://www.gorillawalker.com/three-romances-brizecombe-hall-kitty-the-hangar-dance.pdf
    • http://www.gorillawalker.com/el-cambio-de-planeta-spanish-edition.pdf
    • http://www.gorillawalker.com/double-tease.pdf
    • http://www.gorillawalker.com/opportunities-in-physical-therapy-careers.pdf
    • http://www.gorillawalker.com/the-irish-times-150-years-of-influence.pdf
    • http://www.gorillawalker.com/globalization-a-reference-handbook-contemporary-world-issues.pdf
    • http://www.gorillawalker.com/green-eyed-lady-jack-mactaggart-mysteries.pdf
    • http://www.gorillawalker.com/concerto-for-3-harpsichords-in-d-minor-bwv-1063-violin.pdf
    • http://www.gorillawalker.com/five-card-major-bidding-in-contract.pdf
    • http://www.gorillawalker.com/piper-s-diapers.pdf
    • http://www.gorillawalker.com/design-automation-of-real-life-asynchronous-devices-and-systems-foundations.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.