Malicious PDF — malware analysis report

Static analysis result for SHA-256 70cf680a4fea7d49…

MALICIOUS

PDF

46.5 KB Created: 2018-11-26 20:10:14 +03:00 Authoring application: Acrobat PDFMaker 8.1 for Word (via Acrobat Distiller 8.1.0 (Windows))
MD5: 321f719914af071a02c5dbadaba948e1 SHA-1: 8c7459488814724141ae64c2f132a1b6b83f4442 SHA-256: 70cf680a4fea7d496a29f14eef7e065dcbfbcfafe2f938b115c00c023e20345a
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF was flagged by a machine learning classifier and contains a significant number of embedded external links, suggesting a link farm or distribution mechanism. While no scripts were extracted, the sheer volume of links points towards a malicious intent, possibly to direct users to further malicious content or phishing sites. The primary attack pattern observed is the embedding of numerous external URLs.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8013

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/globalizing-human-rights-private-citizens-the-soviet-union-and-the.pdf
    • http://www.gorillawalker.com/hua-yen-buddhism-the-jewel-net-of-indra-iaswr-series.pdf
    • http://www.gorillawalker.com/street-walkers-kindle-edition.pdf
    • http://www.gorillawalker.com/un-amore-diabolico-the-immortal-game-saga-vol-1-italian.pdf
    • http://www.gorillawalker.com/rag.pdf
    • http://www.gorillawalker.com/ready-to-use-independent-reading-management-kit-grades-4-6.pdf
    • http://www.gorillawalker.com/captivating-appeal-ditch-the-insecurity-and-uncertainty-and-become-savvy.pdf
    • http://www.gorillawalker.com/surrealist-ghostliness.pdf
    • http://www.gorillawalker.com/my-name-is-yoon-ezra-jack-keats-new-illustrator-award.pdf
    • http://www.gorillawalker.com/cocoa-cookbook.pdf
    • http://www.gorillawalker.com/arthur-and-the-lost-kingdoms.pdf
    • http://www.gorillawalker.com/a-ranch-to-call-home-love-inspired-rodeo-heroes.pdf
    • http://www.gorillawalker.com/physical-audio-signal-processing-for-virtual-musical-instruments-and-digital.pdf
    • http://www.gorillawalker.com/a-beatles-medley-1963-64-songs-from-liverpool-conductor-score.pdf
    • http://www.gorillawalker.com/revista-j-edici-n-n-79-spanish-edition.pdf
    • http://www.gorillawalker.com/jane-austen-and-the-interplay-of-character.pdf
    • http://www.gorillawalker.com/epistemology-fieldwork-and-anthropology.pdf
    • http://www.gorillawalker.com/prague-castle-uniosguide-series.pdf
    • http://www.gorillawalker.com/records-of-the-revolutionary-war-containing-the-military-and-financial.pdf
    • http://www.gorillawalker.com/liver-disease-in-children-an-atlas-of-angiography-and-cholangiography.pdf
    • http://www.gorillawalker.com/the-mulligan-concept-of-manual-therapy-textbook-of-techniques-1e.pdf
    • http://www.gorillawalker.com/open-here-the-art-of-instructional-design.pdf
    • http://www.gorillawalker.com/eee-101-introduction-to-engineering-design-ira-fulton-school-of.pdf
    • http://www.gorillawalker.com/our-mother-s-recipes-carrying-on-a-jewish-tradition.pdf
    • http://www.gorillawalker.com/fast-facts-for-adult-critical-care.pdf
    • http://www.gorillawalker.com/islam-in-history-ideas-people-and-events-in-the-middle.pdf
    • http://www.gorillawalker.com/the-chamber-music-of-mozart-great-courses-lecture-transcript-and.pdf
    • http://www.gorillawalker.com/gold-from-the-sand.pdf
    • http://www.gorillawalker.com/bad-wisdom.pdf
    • http://www.gorillawalker.com/the-information-master-jean-baptiste-colbert-s-secret-state-intelligence.pdf
    • http://www.gorillawalker.com/aqui-estoy-y-aqui-me-quedo-testimonio-de-un-gobierno.pdf
    • http://www.gorillawalker.com/business-applications-of-neural-networks-the-state-of-the-art.pdf
    • http://www.gorillawalker.com/a-diamond-in-the-desert-behind-the-scenes-in-the.pdf
    • http://www.gorillawalker.com/fallback-the-dead-survive-volume-2.pdf
    • http://www.gorillawalker.com/fantasia-appassionata-for-violin-with-piano-accompaniment-sheet-music.pdf
    • http://www.gorillawalker.com/the-money-lawyers-the-no-holds-barred-world-of-today.pdf
    • http://www.gorillawalker.com/piel-y-sol-skin-and-sun-60-consejos-con-respuestas.pdf
    • http://www.gorillawalker.com/the-pursuit-of-the-millennium-revolutionary-millenarians-and-mystical-anarchists.pdf
    • http://www.gorillawalker.com/skulduggery-pleasant-the-complete-series-books-1-9.pdf
    • http://www.gorillawalker.com/baby-be-mine-holiday-brides-series.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.