Malicious PDF — malware analysis report

Static analysis result for SHA-256 772133c2d6aa2721…

MALICIOUS

PDF

43.5 KB Created: 2018-12-15 20:01:25 +03:00 Authoring application: XPP (via Adobe Acrobat Pro DC 15.23.20053)
MD5: bef68ef4b576d2a8c876c83eb52b8c52 SHA-1: 223007825e27ed8f0b57f8bc0e46636084006291 SHA-256: 772133c2d6aa2721c34db6f5bc2cdcf372ecd342cec82df35acb70fe7528edc5
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded links to external PDF files, as indicated by the 'PDF_SEO_LINK_FARM' heuristic. The ML classifier also flagged this PDF as malicious. The embedded URLs point to a single domain, suggesting a coordinated effort to manipulate search engine results or distribute content from a central location. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8859

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/corrosion-resistance-of-aluminum-and-magnesium-alloys-understanding-performance-and.pdf
    • http://www.gorillawalker.com/the-odyssey-stephanides-brothers-greek-mythology.pdf
    • http://www.gorillawalker.com/the-pilates-deck-cards-october-2003-author-shirley-archer-nicole.pdf
    • http://www.gorillawalker.com/big-nate-and-friends.pdf
    • http://www.gorillawalker.com/the-origin-of-the-world-science-and-fiction-of-the.pdf
    • http://www.gorillawalker.com/adam-smith-profiles-in-economics.pdf
    • http://www.gorillawalker.com/the-heroic-earth-geopolitical-thought-in-weimar-germany-1918-1933.pdf
    • http://www.gorillawalker.com/take-my-breath-away-orlando-nights.pdf
    • http://www.gorillawalker.com/coffee-tropical-agriculture.pdf
    • http://www.gorillawalker.com/cataloguing-of-non-book-materials-a-practical-manual-aacr-2.pdf
    • http://www.gorillawalker.com/the-story-of-the-battles-at-gettysburg-kindle-edition.pdf
    • http://www.gorillawalker.com/bake-battle-roll-a-lexy-baker-bakery-cozy-mystery.pdf
    • http://www.gorillawalker.com/coaching-the-4-4-2.pdf
    • http://www.gorillawalker.com/bachelor-s-party.pdf
    • http://www.gorillawalker.com/amazons-of-bluebelle-valley-ix-saint-debbie-s-smothering-grace.pdf
    • http://www.gorillawalker.com/combray.pdf
    • http://www.gorillawalker.com/to-the-wild-sky-text-classics-kindle-edition.pdf
    • http://www.gorillawalker.com/optical-properties-of-diamond-a-data-handbook.pdf
    • http://www.gorillawalker.com/camera-technology-the-dark-side-of-the-lens.pdf
    • http://www.gorillawalker.com/php-learn-php-fast-the-ultimate-crash-course-to-learning.pdf
    • http://www.gorillawalker.com/learn-to-draw-disney-minnie-daisy-best-friends-forever-fabulous.pdf
    • http://www.gorillawalker.com/blackwater-espanol-el-auge-del-ejercito-mercenario-mas-poderoso-del.pdf
    • http://www.gorillawalker.com/handbook-of-micro-nanotribology-volume-i.pdf
    • http://www.gorillawalker.com/introduction-to-genetic-analysis-solutions-manual-10th-edition.pdf
    • http://www.gorillawalker.com/handbook-of-research-on-comparative-human-resource-management-elgar-original.pdf
    • http://www.gorillawalker.com/migra-a-una-pesadilla-cerebral-spanish-edition.pdf
    • http://www.gorillawalker.com/shards-of-hope-psy-changeling-book-14-unabridged-audible-audio.pdf
    • http://www.gorillawalker.com/show-stopper-cloth-the-breakneck-race-to-create-windows-nt.pdf
    • http://www.gorillawalker.com/my-early-years-adrienne-von-speyr.pdf
    • http://www.gorillawalker.com/human-trafficking-interdisciplinary-perspectives-criminology-and-justice-studies.pdf
    • http://www.gorillawalker.com/the-course-of-irish-history.pdf
    • http://www.gorillawalker.com/joseph-and-dreamcoat-clarinet-amazing-technicolor.pdf
    • http://www.gorillawalker.com/a-young-woman-who-reflects-the-heart-of-jesus.pdf
    • http://www.gorillawalker.com/stories-of-many-lands.pdf
    • http://www.gorillawalker.com/jacksonville-food-trucks-stories-recipes-from-the-road-american-palate.pdf
    • http://www.gorillawalker.com/topics-in-symbolic-dynamics-and-applications-london-mathematical-society-lecture.pdf
    • http://www.gorillawalker.com/g-8-and-his-battle-aces-47.pdf
    • http://www.gorillawalker.com/this-house-of-grief-the-story-of-a-murder-trial.pdf
    • http://www.gorillawalker.com/the-rose-in-contemporary-italian-poetry-hardcover.pdf
    • http://www.gorillawalker.com/development-policies-and-income-inequality-in-peninsular-malaysia-monograph-series.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.