Malicious PDF — malware analysis report

Static analysis result for SHA-256 752c5bec7d6ae733…

MALICIOUS

PDF

46.0 KB Created: 2018-12-15 08:35:06 +03:00 Authoring application: - (via Acrobat Distiller 2.0 for Macintosh)
MD5: 09b4a593e0fbf5d0d9a5bb45ec526262 SHA-1: 77ecba2bab6e8bd5f328cfc0befb489561fc707c SHA-256: 752c5bec7d6ae733cab0b8f429822e937fa17c776841566d86da3fbc3942c279
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded links pointing to external PDF files, as indicated by the 'PDF_SEO_LINK_FARM' heuristic. The ML classifier also flagged the document as malicious. The primary attack pattern appears to be a link farm designed to manipulate search engine results or to distribute additional malicious content via the linked PDFs.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8634

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/german-baby-book-animal-counting-fun-zahlen-childrens-german-book.pdf
    • http://www.gorillawalker.com/russians-abroad-literary-and-cultural-politics-of-diaspora-1919-1939.pdf
    • http://www.gorillawalker.com/autocad-lt-2000-fundamentals-and-applications-solutions-manual.pdf
    • http://www.gorillawalker.com/sardinia-insight-pocket-guide.pdf
    • http://www.gorillawalker.com/chronicle-of-hainaut-by-gilbert-of-mons.pdf
    • http://www.gorillawalker.com/atlas-of-bible-history.pdf
    • http://www.gorillawalker.com/get-it-together-organize-your-records-so-your-family-won.pdf
    • http://www.gorillawalker.com/the-busy-lawyer-s-guide-to-the-laws-of-practice.pdf
    • http://www.gorillawalker.com/dance-in-ireland-steps-stages-and-stories.pdf
    • http://www.gorillawalker.com/illustrated-new-mexico.pdf
    • http://www.gorillawalker.com/dinosaurs-coloring-book-dover-coloring-books-for-children.pdf
    • http://www.gorillawalker.com/race-car-aerodynamics-designing-for-speed-engineering-and-performance.pdf
    • http://www.gorillawalker.com/candace-reign.pdf
    • http://www.gorillawalker.com/climate-change-threats-to-the-national-parks-and-protected-areas.pdf
    • http://www.gorillawalker.com/rantin-pipe-and-tremblin-string.pdf
    • http://www.gorillawalker.com/the-old-way-of-seeing-how-architecture-lost-its-magic.pdf
    • http://www.gorillawalker.com/cognitive-behavior-therapy-for-severe-mental-illness.pdf
    • http://www.gorillawalker.com/gardner-s-chemical-synonyms-and-trade-names.pdf
    • http://www.gorillawalker.com/101-patchwork-patterns-dover-quilting.pdf
    • http://www.gorillawalker.com/live-at-the-fillmore-east-and-west-getting-backstage-and.pdf
    • http://www.gorillawalker.com/alien-abductions-fact-or-fiction-greenhaven-paperback.pdf
    • http://www.gorillawalker.com/death-of-a-gunfighter-the-quest-for-jack-slade-the.pdf
    • http://www.gorillawalker.com/ecommerce-2016-business-technology-society.pdf
    • http://www.gorillawalker.com/interventional-cardiology-in-the-elderly.pdf
    • http://www.gorillawalker.com/johannes-brahms-requiem-op-45-novello-vocal-score-sheet-music.pdf
    • http://www.gorillawalker.com/hotels-boarding-houses-and-restaurants-in-great-britain-northern-ireland.pdf
    • http://www.gorillawalker.com/think-no-evil-inside-the-story-of-the-amish-schoolhouse.pdf
    • http://www.gorillawalker.com/the-certification-of-the-ash-content-and-of-the-gross.pdf
    • http://www.gorillawalker.com/developmentally-appropriate-practice-curriculum-and-development-in-early-education-w.pdf
    • http://www.gorillawalker.com/liebestraum-a-dream-of-love-nocturne-sheet-music.pdf
    • http://www.gorillawalker.com/the-sittin-up.pdf
    • http://www.gorillawalker.com/when-your-parents-split-up-how-to-keep-yourself-together.pdf
    • http://www.gorillawalker.com/sinn-fein-and-the-sdlp-from-alienation-to-participation.pdf
    • http://www.gorillawalker.com/luck-or-something-like-it.pdf
    • http://www.gorillawalker.com/absolute-predestination.pdf
    • http://www.gorillawalker.com/cancer-recovery-eating-plan-the-right-foods-to-aid-your.pdf
    • http://www.gorillawalker.com/x-23-volume-2-chaos-theory-by-marjorie-liu-feb.pdf
    • http://www.gorillawalker.com/taken-captive-a-japanese-pow-s-story.pdf
    • http://www.gorillawalker.com/man-in-the-iron-mask-illustrated-classic-edition.pdf
    • http://www.gorillawalker.com/hummel-concerto-in-eb-major-for-trumpet-and-piano-no.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.