Malicious PDF — malware analysis report

Static analysis result for SHA-256 75091d3d79eafd42…

MALICIOUS

PDF

45.7 KB Created: 2018-12-15 20:47:29 +03:00 Authoring application: Microsoft Word: AdobePS 8.7.3 (301) (via Acrobat Distiller 5.0.5 for Macintosh)
MD5: 27191f9d7c7d7c097e01969046f7dbf7 SHA-1: dff449352db4c7a661a5579bda93ac231a1b5f00 SHA-256: 75091d3d79eafd420c00fc8d555086022b81fdace121b8e621d9c72ef2064b3f
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged the document as malicious. The primary purpose appears to be SEO manipulation or distributing a large number of linked documents from a single domain.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8812

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-cornerstone-classroom-management-that-makes-teaching-more-effective-efficient.pdf
    • http://www.gorillawalker.com/badm-1210-labor-relations-cuyahoga-community-college.pdf
    • http://www.gorillawalker.com/animal-cell-culture-methods-volume-57-methods-in-cell-biology.pdf
    • http://www.gorillawalker.com/interpol-international-organizations-world-almanac-library.pdf
    • http://www.gorillawalker.com/rothko.pdf
    • http://www.gorillawalker.com/hispanic-marketing-connecting-with-the-new-latino-consumer.pdf
    • http://www.gorillawalker.com/the-art-of-man-twelfth-edition-fine-art-of-the.pdf
    • http://www.gorillawalker.com/dictionary-of-sea-painters.pdf
    • http://www.gorillawalker.com/sex-in-the-city-dublin.pdf
    • http://www.gorillawalker.com/nonfiction-comprehension-cliffhangers-15-high-interest-true-stories-that-invite.pdf
    • http://www.gorillawalker.com/a-wedding-in-truhart-a-truhart-novel-book-1.pdf
    • http://www.gorillawalker.com/it-s-what-i-do-a-photographer-s-life-of.pdf
    • http://www.gorillawalker.com/nauvoo-legion-in-illinois-a-history-of-the-mormon-militia.pdf
    • http://www.gorillawalker.com/austria-1957-fodor-s-modern-guide-illustrated-edition-with-maps.pdf
    • http://www.gorillawalker.com/instabilities-in-space-and-laboratory-plasmas.pdf
    • http://www.gorillawalker.com/benjamin-fondane-a-poet-philosopher-caught-between-the-sunday-of.pdf
    • http://www.gorillawalker.com/how-to-be-right-the-art-of-being-persuasively-correct.pdf
    • http://www.gorillawalker.com/leading-with-the-heart-coach-k-s-successful-strategies-for.pdf
    • http://www.gorillawalker.com/the-best-of-multiple-intelligences-activities.pdf
    • http://www.gorillawalker.com/wordsmith-a-guide-to-college-writing-4th-edition.pdf
    • http://www.gorillawalker.com/introduction-to-loose-watercolor-secrets-of-fast-painting-revealed-kindle.pdf
    • http://www.gorillawalker.com/he-did-deliver-me-from-bondage-20th-anniversary-edition.pdf
    • http://www.gorillawalker.com/an-herbalist-s-guide-to-growing-using-st-john-s.pdf
    • http://www.gorillawalker.com/unleashed-v-plague-book-1.pdf
    • http://www.gorillawalker.com/motif-index-of-folk-literature-a-classification-of-narrative-elements.pdf
    • http://www.gorillawalker.com/the-bridge-accross-forever.pdf
    • http://www.gorillawalker.com/campingplatz-verzeichnis-portugal-50-campingpl.pdf
    • http://www.gorillawalker.com/may-it-amuse-the-court-editorial-cartoons-of-the-supreme.pdf
    • http://www.gorillawalker.com/the-black-birds-book-one-the-black-birds-saga-1.pdf
    • http://www.gorillawalker.com/t-s-eliot-essays-from-the-southern-review.pdf
    • http://www.gorillawalker.com/greek-athletics-and-the-olympics-greece-and-rome-texts-and.pdf
    • http://www.gorillawalker.com/genealogy-of-the-hibbard-family-who-are-descendants-of-robert.pdf
    • http://www.gorillawalker.com/baedkr-florence.pdf
    • http://www.gorillawalker.com/crime-scene-investigator-21st-century-skills-library-cool-steam-careers.pdf
    • http://www.gorillawalker.com/applied-hydraulic-transients-for-hydropower-plants-and-pumping-stations.pdf
    • http://www.gorillawalker.com/water-audits-and-loss-control-programs-m36-awwa-manual-of.pdf
    • http://www.gorillawalker.com/portable-literature-reading-reacting-writing-2009-mla-update-edition.pdf
    • http://www.gorillawalker.com/mimi-s-magical-fairy-friends-catkin-the-fairy-kitten.pdf
    • http://www.gorillawalker.com/the-30-second-encyclopedia-of-learning-and-performance-a-trainer.pdf
    • http://www.gorillawalker.com/articles-on-levantine-cuisine-including-tempo-beer-industries-beer-in.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.