Malicious PDF — malware analysis report

Static analysis result for SHA-256 77bce63f0e0d7ece…

MALICIOUS

PDF

41.6 KB Created: 2019-04-06 14:54:02 +03:00 Authoring application: Adobe InDesign CS4_J (6.0.5) (via Acrobat Distiller 7.0 (Windows))
MD5: 132b54ca81572671e3b4e311f2bda46e SHA-1: 031c53da7859c1b9c74fb6cf8fbff6af6f62a109 SHA-256: 77bce63f0e0d7ece46f55bc0bb6f73107c15267bca65d67fa693b3f1b64e1c78
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML_NYX_PDF_MALICIOUS classifier also flagged the document. The primary attack pattern appears to be the distribution of numerous links, likely to manipulate search engine rankings or to serve as a distribution point for other malicious content. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8872

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/genome-analysis-chapman-hall-crc-mathematical-and-computational-biology.pdf
    • http://www.gorillawalker.com/logic-for-computer-scientists-modern-birkh-user-classics.pdf
    • http://www.gorillawalker.com/tall-tales.pdf
    • http://www.gorillawalker.com/believer-beware-first-person-dispatches-from-the-margins-of-faith.pdf
    • http://www.gorillawalker.com/food-processor-techniques.pdf
    • http://www.gorillawalker.com/indiana-rules-of-evidence-just-the-rules-series-kindle-edition.pdf
    • http://www.gorillawalker.com/what-to-do-when-your-mom-or-dad-says-make.pdf
    • http://www.gorillawalker.com/aids-update-2007.pdf
    • http://www.gorillawalker.com/schlegelmilch-50-years-of-formula-1-photography-spanish-edition.pdf
    • http://www.gorillawalker.com/taking-turns-freshman-fantasies-book-5.pdf
    • http://www.gorillawalker.com/the-divine-mentor-growing-your-faith-as-you-sit-at.pdf
    • http://www.gorillawalker.com/panama-city-panama-s-pacific-islands-col.pdf
    • http://www.gorillawalker.com/analytic-geometry-a-college-course-guide-doubleday-college-course-guides.pdf
    • http://www.gorillawalker.com/basics-of-biblical-aramaic-video-lectures-a-complete-course-for.pdf
    • http://www.gorillawalker.com/historical-dictionary-of-baseball-historical-dictionaries-of-sports.pdf
    • http://www.gorillawalker.com/henry-s-map.pdf
    • http://www.gorillawalker.com/the-evolution-of-technical-analysis-financial-prediction-from-babylonian-tablets.pdf
    • http://www.gorillawalker.com/that-went-well.pdf
    • http://www.gorillawalker.com/nikon-d7100-expanded-guides.pdf
    • http://www.gorillawalker.com/murder-on-the-bucket-list-a-bucket-list-mystery.pdf
    • http://www.gorillawalker.com/statistics-for-managers.pdf
    • http://www.gorillawalker.com/bpm-everywhere.pdf
    • http://www.gorillawalker.com/introduction-to-geometry.pdf
    • http://www.gorillawalker.com/coloproctology-and-the-pelvic-floor.pdf
    • http://www.gorillawalker.com/creating-life-like-animals-in-polymer-clay.pdf
    • http://www.gorillawalker.com/drama-ministry.pdf
    • http://www.gorillawalker.com/alternative-dispute-resolution-in-a-nutshell.pdf
    • http://www.gorillawalker.com/seminal-retention-and-higher-consciousness-the-sexology-of-kundalini-kindle.pdf
    • http://www.gorillawalker.com/taoism-the-ultimate-guide-to-mastering-taoism-and-discovering-true.pdf
    • http://www.gorillawalker.com/american-expat-in-the-philippines-central-illinois-redneck-in-paradise.pdf
    • http://www.gorillawalker.com/diary-of-edward-the-hamster-1990-to-1990.pdf
    • http://www.gorillawalker.com/the-persian-book-of-kings-ibrahim-sultan-s-shahnama-bodleian.pdf
    • http://www.gorillawalker.com/ecosystems-for-children-all-about-deserts-and-grasslands.pdf
    • http://www.gorillawalker.com/the-how-to-make-ketchup-cookbook-favorite-ketchup-recipes-from.pdf
    • http://www.gorillawalker.com/management-of-time-art-and-science-of-business-management.pdf
    • http://www.gorillawalker.com/mcdougal-littell-tu-mundo-nuestro-mundo-audio-cd-program-tu.pdf
    • http://www.gorillawalker.com/the-secret-language-of-money-how-to-make-smarter-financial.pdf
    • http://www.gorillawalker.com/ordinance-maintenance-binoculars-field-glasses-and-b-c-telescopes-of.pdf
    • http://www.gorillawalker.com/dangerous-to-know-unbroken-heroes.pdf
    • http://www.gorillawalker.com/gallo-de-oro-el-spanish-edition.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.