Malicious PDF — malware analysis report

Static analysis result for SHA-256 7024f4f22854c223…

MALICIOUS

PDF

46.0 KB Created: 2018-12-07 18:29:07 +03:00 Authoring application: Adobe Acrobat 6.02 (via Adobe Acrobat 6.02 Paper Capture Plug-in)
MD5: 39f66efb3d75a5bf8f831b5775425b29 SHA-1: 1a2af9c95f8b890c2ff86cdc662c0ea20f12a02c SHA-256: 7024f4f22854c2230800bdf9376172fe30bf8163738af71263b10f5f2319ea3c
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a heuristic firing indicating a large farm of external links, with the first URL pointing to a book-related PDF. While no scripts were extracted, the presence of numerous embedded URLs suggests an attempt to redirect users to a large collection of content. This pattern is often used for SEO manipulation or to host malicious payloads.

Machine Learning

  • Nyx PDF Classifier malicious score 0.7914

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-pilot-plant-real-book.pdf
    • http://www.gorillawalker.com/no-plan-b-most-valuable-peytonmanning-s-comeback-with-the.pdf
    • http://www.gorillawalker.com/ibn-sina-wal-ilm-al-nafs-ihyaa-al-turath-al.pdf
    • http://www.gorillawalker.com/has-devolution-worked-the-verdict-from-policy-makers-and-the.pdf
    • http://www.gorillawalker.com/vibes.pdf
    • http://www.gorillawalker.com/psicopatologia-essentials-of-abnormal-psychology-un-enfoque-integral-de-la.pdf
    • http://www.gorillawalker.com/concerto-for-tuba-and-orchestra.pdf
    • http://www.gorillawalker.com/introduction-to-action-research-social-research-for-social-change.pdf
    • http://www.gorillawalker.com/prescription-for-nutritional-healing-prescription-for-nutritional-healing-by-avery.pdf
    • http://www.gorillawalker.com/patterns-of-distress.pdf
    • http://www.gorillawalker.com/a-christmas-celebration-including-a-christmas-carol-by-charles-dickens.pdf
    • http://www.gorillawalker.com/good-rabbitkeeping-good-petkeeping.pdf
    • http://www.gorillawalker.com/philosophy-of-natural-therapeutics-vol-1-volume-1.pdf
    • http://www.gorillawalker.com/theme-from-victory-at-sea-song-of-the-high-seas.pdf
    • http://www.gorillawalker.com/wagner-rehearsing-the-ring-an-eye-witness-account-of-the.pdf
    • http://www.gorillawalker.com/acrylic-color-explorations-painting-techniques-for-expressing-your-artistic-voice.pdf
    • http://www.gorillawalker.com/leading-across-new-borders-how-to-succeed-as-the-center.pdf
    • http://www.gorillawalker.com/lleyn-peninsula-pen-llyn-landranger-maps.pdf
    • http://www.gorillawalker.com/the-wielder-of-the-sengans-including-the-tomes-of-ithren.pdf
    • http://www.gorillawalker.com/aci-211-7r-15-guide-for-proportioning-concrete-mixtures-with.pdf
    • http://www.gorillawalker.com/so-you-re-a-kingdom-kid-the-blessings-and-challenges.pdf
    • http://www.gorillawalker.com/the-adventures-of-madame-storey-volume-7.pdf
    • http://www.gorillawalker.com/o-me-bien-satan-s.pdf
    • http://www.gorillawalker.com/automotive-fundamentals-glencoe-automotive-technology-series.pdf
    • http://www.gorillawalker.com/journey-into-freedom.pdf
    • http://www.gorillawalker.com/adwords-secrets-revealed-the-complete-guide-to-google-adwords-pay.pdf
    • http://www.gorillawalker.com/angstst-rungen-diagnostik-konzepte-therapie-selbsthilfe-german-edition.pdf
    • http://www.gorillawalker.com/into-the-mystic-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/travels-of-a-doctor-and-madame-helfer-in-syria-mesopotamia.pdf
    • http://www.gorillawalker.com/a-transition-to-advanced-mathematics.pdf
    • http://www.gorillawalker.com/six-men.pdf
    • http://www.gorillawalker.com/best-of-chuck-berry-easy-guitar-with-tab-easy-guitar.pdf
    • http://www.gorillawalker.com/history-of-the-ottoman-turks-from-the-beginning-of-their.pdf
    • http://www.gorillawalker.com/the-cenci-a-tragedy-in-five-acts.pdf
    • http://www.gorillawalker.com/the-line-in-postmodern-poetry.pdf
    • http://www.gorillawalker.com/metallica-ride-the-lightning-bass-guitar.pdf
    • http://www.gorillawalker.com/30-addition-worksheets-with-five-1-digit-addends-math-practice.pdf
    • http://www.gorillawalker.com/kali-linux-wireless-penetration-testing-beginner-s-guide.pdf
    • http://www.gorillawalker.com/a-primitive-diet-a-book-of-recipes-free-from-wheat.pdf
    • http://www.gorillawalker.com/polka-heartland-why-the-midwest-loves-to-polka.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.