Malicious PDF — malware analysis report

Static analysis result for SHA-256 77011e7fd9e16267…

MALICIOUS

PDF

42.9 KB Created: 2018-12-15 08:17:19 +03:00 Authoring application: FrameMaker 7.0 (via Acrobat Distiller 7.0 (Windows))
MD5: faa59c21124d7484c334f421657cfa43 SHA-1: cb21ffb69beac3e667e95d3794db36f99fcd7efa SHA-256: 77011e7fd9e162672fa506fa40bc36c73a81c3fa6367c9d1cfa7710d55b4236a
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The sample is a PDF document that contains a large number of embedded external links, identified by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged the document as malicious. The primary purpose appears to be directing users to a vast collection of other PDF documents hosted on the same domain, likely for SEO manipulation or to serve as a distribution point for further malicious content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8872

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/2012-charles-white-nature-s-palette-wall-calendar.pdf
    • http://www.gorillawalker.com/on-war-indexed-edition.pdf
    • http://www.gorillawalker.com/merrill-s-atlas-of-radiographic-positions-and-radiologic-procedures-vol.pdf
    • http://www.gorillawalker.com/a-wheel-within-a-wheel.pdf
    • http://www.gorillawalker.com/dash-diet-recipes-for-beginners-lose-weight-lower-blood-pressure.pdf
    • http://www.gorillawalker.com/taunton-s-fine-cooking-january-2003-no-55-magazine-recipes.pdf
    • http://www.gorillawalker.com/buenas-costumbres-good-customs-spanish-edition.pdf
    • http://www.gorillawalker.com/any-psalm-you-want-poems.pdf
    • http://www.gorillawalker.com/an-introduction-to-zoo-biology-and-management.pdf
    • http://www.gorillawalker.com/equine-reproduction.pdf
    • http://www.gorillawalker.com/the-summer-of-the-hand-out-of-this-world.pdf
    • http://www.gorillawalker.com/the-new-media-literacy-handbook-an-educator-s-guide-to.pdf
    • http://www.gorillawalker.com/anam-cara-a-book-of-celtic-wisdom.pdf
    • http://www.gorillawalker.com/smoking-writing-the-critical-essay.pdf
    • http://www.gorillawalker.com/alien-midnight.pdf
    • http://www.gorillawalker.com/coaching-with-spirit.pdf
    • http://www.gorillawalker.com/the-story-of-fall-out-boy-omnibus-press-presents.pdf
    • http://www.gorillawalker.com/popol-vuh-the-sacred-book-of-the-mayas-english-edition.pdf
    • http://www.gorillawalker.com/power-glide-latin-complete-latin-course.pdf
    • http://www.gorillawalker.com/the-trade-mission-a-novel-of-psychological-terror.pdf
    • http://www.gorillawalker.com/rise-again-a-group-singing-songbook.pdf
    • http://www.gorillawalker.com/small-engine-repair-a-play.pdf
    • http://www.gorillawalker.com/el-vino-comprar-conservar-catar-servir-y-beber-el-vino.pdf
    • http://www.gorillawalker.com/the-history-of-the-jewish-people-in-the-age-of.pdf
    • http://www.gorillawalker.com/born-entrepreneurs-born-leaders-how-your-genes-affect-your-work.pdf
    • http://www.gorillawalker.com/alfred-publishing-00-el02766-the-orchestral-snare-drummer.pdf
    • http://www.gorillawalker.com/chip-switching-power-supply-integrated-circuit-design-examples-chinese-edition.pdf
    • http://www.gorillawalker.com/intraspection-and-retraspection-of-dalit-literature.pdf
    • http://www.gorillawalker.com/medieval-russia-s-epics-chronicles-and-tales.pdf
    • http://www.gorillawalker.com/the-war-of-the-fatties-and-other-stories-from-aztec.pdf
    • http://www.gorillawalker.com/the-excellence-of-the-bacon-sandwich-kindle-edition.pdf
    • http://www.gorillawalker.com/the-will-draftsman-s-handbook.pdf
    • http://www.gorillawalker.com/wavelet-analysis-and-its-applications-an-introduction.pdf
    • http://www.gorillawalker.com/kant-ethical-philosophy-grounding-for-the-metaphysics-of-morals-and.pdf
    • http://www.gorillawalker.com/opera-at-the-piano-74-favorite-selections-from-44-operas.pdf
    • http://www.gorillawalker.com/boeing-b777-qsg-quick-study-guide-boeing.pdf
    • http://www.gorillawalker.com/a-behavior-analytic-view-of-child-development-nato-science-series.pdf
    • http://www.gorillawalker.com/nuclear-reactor-engineering-reactor-design-basics-reactor-systems-engineering.pdf
    • http://www.gorillawalker.com/caballero-del-desierto-desert-knight-harlequin-deseo-spanish-edition.pdf
    • http://www.gorillawalker.com/sandwich-fillings-toppings-fillings.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.