Malicious PDF — malware analysis report

Static analysis result for SHA-256 77261a06376a4475…

MALICIOUS

PDF

45.3 KB Created: 2018-11-15 18:31:33 +03:00 Authoring application: Adobe InDesign CS5 (7.0) (via Adobe PDF Library 9.9)
MD5: 518e3b69ecc58531cc4f8c11768b0a23 SHA-1: 3cf660e590d11a0a1d94276436729fa5b740aff2 SHA-256: 77261a06376a44750cf8fb1f62b1f9eec6df6b7d132120870f9c9c59e2a04f27
100 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded external links, identified by the PDF_SEO_LINK_FARM heuristic. While no scripts were explicitly extracted, the presence of embedded URLs and the ML_NYX_PDF_MALICIOUS classification suggest malicious intent. The document body is heavily obfuscated, preventing a clear understanding of its direct lure, but the link farm points towards a potential SEO poisoning or content distribution scheme.

Machine Learning

  • Nyx PDF Classifier malicious score 0.7914

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
    Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/zeke-meeks-vs-the-horrifying-tv-turnoff-week.pdf
    • http://www.gorillawalker.com/the-water-patrol-saving-surfers-lives-in-big-waves-high.pdf
    • http://www.gorillawalker.com/how-can-i-know-answers-to-life-s-7-most.pdf
    • http://www.gorillawalker.com/warrior-mine-a-base-branch-novel-the-base-branch-series.pdf
    • http://www.gorillawalker.com/one-thing-about-boys-watching-pretty-little-liars-season-3b.pdf
    • http://www.gorillawalker.com/reagan-presidency-and-the-governing-of-a.pdf
    • http://www.gorillawalker.com/advanced-design-techniques-for-rf-power-amplifiers-analog-circuits-and.pdf
    • http://www.gorillawalker.com/leveraged-financial-markets-loans-high-yield-bonds-and-credit-default.pdf
    • http://www.gorillawalker.com/school-foodservice-handbook.pdf
    • http://www.gorillawalker.com/my-first-picture-atlas.pdf
    • http://www.gorillawalker.com/a-taste-of-morocco.pdf
    • http://www.gorillawalker.com/entrepreneurship-ales-101.pdf
    • http://www.gorillawalker.com/uncontrollable-undescribable-book-3.pdf
    • http://www.gorillawalker.com/wine-everything-you-need-to-about-wine-from-beginner-to.pdf
    • http://www.gorillawalker.com/wyoming-folklore-reminiscences-folktales-beliefs-customs-and-folk-speech-possible.pdf
    • http://www.gorillawalker.com/the-names-of-god.pdf
    • http://www.gorillawalker.com/pathology-of-occupational-lung-disease.pdf
    • http://www.gorillawalker.com/history-of-the-freedom-movement-in-india-1857-1947.pdf
    • http://www.gorillawalker.com/outlaw-s-delight.pdf
    • http://www.gorillawalker.com/transformation-rai-kirah.pdf
    • http://www.gorillawalker.com/healing-waters-women-s-bible-study-leader-guide-a-bible.pdf
    • http://www.gorillawalker.com/just-add-hormones-an-insider-s-guide-to-the-transsexual.pdf
    • http://www.gorillawalker.com/kaplan-test-prep-and-admissions-lsat-pacing-practice.pdf
    • http://www.gorillawalker.com/visitor-from-the-beyond-cyber-zone.pdf
    • http://www.gorillawalker.com/calendario-d-avvento.pdf
    • http://www.gorillawalker.com/winnie-the-pooh-2015-wall-calendar-by-acco-brands.pdf
    • http://www.gorillawalker.com/awesome-graphite-landscapes.pdf
    • http://www.gorillawalker.com/craft-conflict-masonic-trench-art-and-military-memorabilia.pdf
    • http://www.gorillawalker.com/then-russell-said-to-bird-the-greatest-celtics-stories-ever.pdf
    • http://www.gorillawalker.com/functional-analysis-in-clinical-treatment-practical-resources-for-the-mental.pdf
    • http://www.gorillawalker.com/fundamentals-of-applied-functional-analysis-distributions-sobolev-spaces-nonlinear-elliptic.pdf
    • http://www.gorillawalker.com/gustav-klimt-notebook-the-kiss-cuaderno-portable-gift-signature-series.pdf
    • http://www.gorillawalker.com/help-yourself-finding-hope-courage-and-happiness.pdf
    • http://www.gorillawalker.com/self-massage-the-complete-15-minute-a-day-massage-programme.pdf
    • http://www.gorillawalker.com/la-meditaci-n-zen-experimentada-paso-a-paso-una-gu.pdf
    • http://www.gorillawalker.com/the-original-buffalo-bills-a-history-of-the-all-america.pdf
    • http://www.gorillawalker.com/architecture-now-houses-vol-3.pdf
    • http://www.gorillawalker.com/nonlinear-stochastic-pde-s-hydrodynamic-limit-and-burgers-turbulence-the.pdf
    • http://www.gorillawalker.com/cbt-for-anxiety-disorders-a-practitioner-book.pdf
    • http://www.gorillawalker.com/foot-and-mouth-disease-the-1967-outbreak-and-its-aftermath.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.