Malicious PDF — malware analysis report

Static analysis result for SHA-256 78b96751b30d3b9e…

MALICIOUS

PDF

44.7 KB Created: 2019-03-17 10:53:06 +03:00 Authoring application: Acrobat PDFMaker 9.1 для Word (via Adobe PDF Library 9.0)
MD5: 9667421400b0044c31d15cf5dc0224dd SHA-1: 4a80e1c1deb6195206c7955f7cddacb10c0672cd SHA-256: 78b96751b30d3b9e0ea1161f97c14aed3a7be7ae39fb874560b5992927ddddc3
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded links, identified by the PDF_SEO_LINK_FARM heuristic, pointing to various PDF files on the same domain. While no scripts were explicitly extracted, the ML_NYX_PDF_MALICIOUS heuristic indicates a high probability of malicious intent. The embedded links likely serve to manipulate search engine rankings or to distribute additional malicious content, potentially through a spearphishing attachment vector.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8859

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/fireflies-piano-vocal-chords.pdf
    • http://www.gorillawalker.com/the-witness-of-the-spirit-an-essay-on-the-contemporary.pdf
    • http://www.gorillawalker.com/first-person-war-stories-from-gamespace-kindle-edition.pdf
    • http://www.gorillawalker.com/florence-kindle-edition.pdf
    • http://www.gorillawalker.com/persistent-poverty-underdevelopment-in-plantation-economies-of-the-third-world.pdf
    • http://www.gorillawalker.com/vascular-diseases-surgical-interventional-therapy-1e.pdf
    • http://www.gorillawalker.com/against-epistemology-a-metacritique.pdf
    • http://www.gorillawalker.com/foundations-of-modern-cosmology-2nd-second-edition.pdf
    • http://www.gorillawalker.com/understanding-risk-management-and-compliance-what-is-different-after-monday.pdf
    • http://www.gorillawalker.com/three-classics-of-italian-calligraphy.pdf
    • http://www.gorillawalker.com/dive-in-pool-girls.pdf
    • http://www.gorillawalker.com/reactions-mechanisms-and-problems-in-organic-chemistry.pdf
    • http://www.gorillawalker.com/uniquely-gifted-identifying-and-meeting-the-needs-of-the-twice.pdf
    • http://www.gorillawalker.com/otters-ecology-and-conservation.pdf
    • http://www.gorillawalker.com/hero-go-home.pdf
    • http://www.gorillawalker.com/medical-spanish-workbook.pdf
    • http://www.gorillawalker.com/the-japanese-cookbook-kegan-paul-japan-tourist-library.pdf
    • http://www.gorillawalker.com/leaving-no-stones-unturned-essays-on-the-ancient-near-east.pdf
    • http://www.gorillawalker.com/the-taliban-disintegration-aftermath-brief-article-an-article-from-aps.pdf
    • http://www.gorillawalker.com/education-religion-and-politics-in-southern-sudan-1899-1964-sudan.pdf
    • http://www.gorillawalker.com/the-economist-pocket-world-in-figures-2016.pdf
    • http://www.gorillawalker.com/instant-bible-lesson-for-toddlers-jesus-is-my-friend-instant.pdf
    • http://www.gorillawalker.com/islam-religion-of-bigots-kindle-edition.pdf
    • http://www.gorillawalker.com/estadistica-para-las-ciencias-del-comportamiento-statistics-for-the-science.pdf
    • http://www.gorillawalker.com/rediscovering-bhutan.pdf
    • http://www.gorillawalker.com/passage-into-discipleship-guide-to-baptism.pdf
    • http://www.gorillawalker.com/thinking-poetics-essays-on-george-oppen-modern-contemporary-poetics.pdf
    • http://www.gorillawalker.com/children-and-youth-with-asperger-syndrome-strategies-for-success-in.pdf
    • http://www.gorillawalker.com/a-biographical-dictionary-of-18th-century-methodism-biographical-dictionaries-of.pdf
    • http://www.gorillawalker.com/romance-op-74-kalmus-edition.pdf
    • http://www.gorillawalker.com/northern-state-hospital.pdf
    • http://www.gorillawalker.com/pandora-north-school-of-the-arcane-3-dominating-my-roommate.pdf
    • http://www.gorillawalker.com/walking-and-jogging-for-health-and-fitness-5th-edition.pdf
    • http://www.gorillawalker.com/el-poso-del-cafe-the-coffee-grounds-historias-minimas-para.pdf
    • http://www.gorillawalker.com/the-perfect-shade-of-green.pdf
    • http://www.gorillawalker.com/dimitri-s-treasure-an-adventure-novel-kindle-edition.pdf
    • http://www.gorillawalker.com/saludos-cordiales-nuevos-tiempos-spanish-edition.pdf
    • http://www.gorillawalker.com/original-sin-and-the-immaculate-conception-kindle-edition.pdf
    • http://www.gorillawalker.com/time-4-high-school-time-management-student-workbook.pdf
    • http://www.gorillawalker.com/the-quest-for-the-ark-of-the-covenant-the-true.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.