Malicious PDF — malware analysis report

Static analysis result for SHA-256 77b86615a7910775…

MALICIOUS

PDF

42.9 KB Created: 2018-11-15 05:55:37 +03:00 Authoring application: dvips 5.83 (MiKTeX 1.20b) Copyright 1998 Radical Eye Software (via Acrobat Distiller 4.0 for Windows)
MD5: 97580c4a5054b8c4d863487bce445d59 SHA-1: c08cd29f6f58a84d30a36e43b0145abcb6bdcad5 SHA-256: 77b86615a7910775c9008a78e0d180b92b7f1bdce9144654fb204b2413c8bfdb
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded URLs pointing to other PDF files on the same domain, as indicated by the PDF_SEO_LINK_FARM heuristic. While no scripts were explicitly extracted, the ML_NYX_PDF_MALICIOUS classifier and the sheer volume of external links suggest a malicious intent, possibly for SEO spam or to distribute further payloads. The document body itself is heavily obfuscated and does not provide clear textual clues.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9027

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/brain-games-for-kids.pdf
    • http://www.gorillawalker.com/i-ching-dead-moon-deck.pdf
    • http://www.gorillawalker.com/baden-powell-founder-of-the-boy-scouts.pdf
    • http://www.gorillawalker.com/oatmeal-cookies-recipes.pdf
    • http://www.gorillawalker.com/syndicating-web-sites-with-rss-feeds-for-dummies.pdf
    • http://www.gorillawalker.com/the-rising-book-2-in-the-balance-series-volume-2.pdf
    • http://www.gorillawalker.com/finding-fault-in-our-love-naked-truth-about-love.pdf
    • http://www.gorillawalker.com/why-faith-matters-paperback.pdf
    • http://www.gorillawalker.com/consular-law-and-practice.pdf
    • http://www.gorillawalker.com/surrender-at-appomattox-first-hand-accounts-of-robert-e-lee.pdf
    • http://www.gorillawalker.com/the-latinization-of-u-s-schools-successful-teaching-and-learning.pdf
    • http://www.gorillawalker.com/early-years-care-and-education-in-europe-child-care-topic.pdf
    • http://www.gorillawalker.com/code-breaker-s-secret-diaries.pdf
    • http://www.gorillawalker.com/image-processing-analysis-and-machine-vision-print-replica-kindle-edition.pdf
    • http://www.gorillawalker.com/us-prisoners-of-war-in-the-korean-war.pdf
    • http://www.gorillawalker.com/the-goba-of-the-zambezi-sex-roles-economics-and-change.pdf
    • http://www.gorillawalker.com/computational-atomic-physics-electron-and-positron-collisions-with-atoms-and.pdf
    • http://www.gorillawalker.com/resumes-that-pop-designs-that-reflect-your-personal-brand-barron.pdf
    • http://www.gorillawalker.com/moon-oaxaca-moon-handbooks.pdf
    • http://www.gorillawalker.com/sex-and-violence-in-hollywood-kindle-edition.pdf
    • http://www.gorillawalker.com/sustaining-faith-traditions-race-ethnicity-and-religion-among-the-latino.pdf
    • http://www.gorillawalker.com/this-is-new-orleans-celebrating-the-sesquicentennial-of-the-louisiana.pdf
    • http://www.gorillawalker.com/tunis-port-de-mer-notes-humoristiques-d-un-curieux-ed.pdf
    • http://www.gorillawalker.com/insight-guides-tunisia-insight-guide-tunisia.pdf
    • http://www.gorillawalker.com/the-talisman.pdf
    • http://www.gorillawalker.com/braut-postwendend-german-edition.pdf
    • http://www.gorillawalker.com/advances-in-environmental-control-technology-storage-tanks.pdf
    • http://www.gorillawalker.com/balkan-cookbook-the.pdf
    • http://www.gorillawalker.com/chen-village-the-recent-history-of-a-peasant-community-in.pdf
    • http://www.gorillawalker.com/encyclopedia-of-health-and-behavior.pdf
    • http://www.gorillawalker.com/on-their-own-3-new-hampshire-scholars-chronicle-their-adventures.pdf
    • http://www.gorillawalker.com/our-old-home-a-series-of-english-sketches.pdf
    • http://www.gorillawalker.com/talking-to-my-mum-a-picture-workbook-for-workers-mothers.pdf
    • http://www.gorillawalker.com/patterns-principles-and-practices-of-domain-driven-design.pdf
    • http://www.gorillawalker.com/kaplan-toeic-exam.pdf
    • http://www.gorillawalker.com/empowering-bystanders-in-bullying-prevention.pdf
    • http://www.gorillawalker.com/islam-and-globalisation-historical-and-contemporary-perspectives-proceedings-of-the.pdf
    • http://www.gorillawalker.com/initiation-into-the-art-of-wine-tasting.pdf
    • http://www.gorillawalker.com/agenda-21-into-the-shadows.pdf
    • http://www.gorillawalker.com/bariatric-surgery-and-implications-for-oral-health-a-case-report.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.