Malicious PDF — malware analysis report

Static analysis result for SHA-256 77b082cbc9d7f826…

MALICIOUS

PDF

43.6 KB Created: 2018-11-26 20:11:55 +03:00 Authoring application: Adobe InDesign CS (3.0.1) (via Adobe PDF Library 6.0)
MD5: 56e9a88237c826e1fcb6f28c57ff0da8 SHA-1: 712c2dd75e83753fdca3babe7ce792e40c659a72 SHA-256: 77b082cbc9d7f8264218d6abf036f42e0a4284dbc756f916a8db71a2d393dd94
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links pointing to external PDF files, a technique often used for SEO manipulation or to distribute further malicious content. The ML classifier also flagged this PDF as malicious with a high probability. No scripts were extracted from this sample, and the document body was heavily obfuscated, limiting further analysis of the specific lure.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9171

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-bulletin-of-the-school-of-medicine-in-cooperation-with.pdf
    • http://www.gorillawalker.com/when-a-laird-takes-a-lady-a-claimed-by-the.pdf
    • http://www.gorillawalker.com/the-human-factor-revolutionizing-the-way-people-live-with-technology.pdf
    • http://www.gorillawalker.com/kafka-s-the-metamorphosis-and-other-writings-franz-kafka-german.pdf
    • http://www.gorillawalker.com/in-defense-of-liberty-the-story-of-america-s-bill.pdf
    • http://www.gorillawalker.com/veterinary-surgery-and-practice-of-medi.pdf
    • http://www.gorillawalker.com/flowers-with-cdrom-agile-rabbit-editions.pdf
    • http://www.gorillawalker.com/the-selected-papers-of-wolfgang-kohler.pdf
    • http://www.gorillawalker.com/the-iraqi-revolution-of-1958-the-old-social-classes-revisited.pdf
    • http://www.gorillawalker.com/quine-s-naturalism-language-theory-and-the-knowing-subject-continuum.pdf
    • http://www.gorillawalker.com/the-korean-war-an-annotated-bibliography-routledge-research-guides-to.pdf
    • http://www.gorillawalker.com/first-story-ever-told-the.pdf
    • http://www.gorillawalker.com/dando-y-diezmando-giving-and-tithing-spanish-edition.pdf
    • http://www.gorillawalker.com/french-ways-and-their-meaning.pdf
    • http://www.gorillawalker.com/shrek-the-art-of-the-quest.pdf
    • http://www.gorillawalker.com/john-children-s-leader-guide-the-gospel-of-light.pdf
    • http://www.gorillawalker.com/the-red-sea-in-search-of-lost-space.pdf
    • http://www.gorillawalker.com/dispersed-democratic-leadership-origins-dynamics-and-implications.pdf
    • http://www.gorillawalker.com/pulled-under-sixteenth-summer.pdf
    • http://www.gorillawalker.com/blue-book-of-airguns-5th-edition.pdf
    • http://www.gorillawalker.com/istanbul-popout-map-pocket-size-pop-up-city-map-of.pdf
    • http://www.gorillawalker.com/spinal-cord-injury-functional-rehabilitation-3rd-edition.pdf
    • http://www.gorillawalker.com/hvac-pump-handbook.pdf
    • http://www.gorillawalker.com/the-chimpanzees-of-the-mahale-mountains-sexual-and-life-history.pdf
    • http://www.gorillawalker.com/apprendre-la-numeration-avec-des-jeux-de-cartes-cd.pdf
    • http://www.gorillawalker.com/piezoelectric-sensorics.pdf
    • http://www.gorillawalker.com/kagerou-daze-01-german-edition.pdf
    • http://www.gorillawalker.com/meet-me-in-scotland-a-kilts-and-quilts-novel-a.pdf
    • http://www.gorillawalker.com/effective-modern-coaching-the-principles-and-art-of-successful-business.pdf
    • http://www.gorillawalker.com/a-complete-bibliography-of-the-writings-of-eugen-rosenstock-huessy.pdf
    • http://www.gorillawalker.com/gateway-to-italian-art-songs-an-anthology-of-italian-song.pdf
    • http://www.gorillawalker.com/1940-s-fashion-the-definitive-sourcebook.pdf
    • http://www.gorillawalker.com/elective-procedures-not-elective-injuries-overcoming-jurors-convictions-about-vanity.pdf
    • http://www.gorillawalker.com/light-in-architecture-the-intangible-material.pdf
    • http://www.gorillawalker.com/the-full-catastrophe-travels-among-the-new-greek-ruins.pdf
    • http://www.gorillawalker.com/hal-leonard-popular-hits-for-viola-instrumental-play-along-book.pdf
    • http://www.gorillawalker.com/lady-death-volume-1.pdf
    • http://www.gorillawalker.com/poems-by-john-clare.pdf
    • http://www.gorillawalker.com/thank-you-god-for-rain-i-can-read-desert-critters.pdf
    • http://www.gorillawalker.com/athens-1987-88-frommer-s-city-guides.pdf
    • http://www.gorillawalker.com/veterinar
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.