Malicious PDF — malware analysis report

Static analysis result for SHA-256 794688b97c35d22e…

MALICIOUS

PDF

46.0 KB Created: 2018-11-15 18:34:30 +03:00 Authoring application: Adobe InDesign CS (3.0.1) (via Adobe PDF Library 6.0)
MD5: 488ad3097efb19379a5012e7ecfb6aa4 SHA-1: dec5e0e3df77291e4025b0208a265daf4dbbd487 SHA-256: 794688b97c35d22e8fc8935af33ff13635239b6cc48ddbe3ace31961a07f867f
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF contains a large number of embedded links pointing to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML_NYX_PDF_MALICIOUS heuristic also flagged the document with high confidence. The document body is heavily obfuscated and does not provide clear textual lures. The primary attack pattern appears to be a link farm designed to drive traffic to numerous unrelated PDF documents hosted on the same domain.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8974

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-last-of-the-president-s-men.pdf
    • http://www.gorillawalker.com/lesbian-playhouse.pdf
    • http://www.gorillawalker.com/chiropractic-analysis-of-chiropractic-principles-as-applied-to-biology-histology.pdf
    • http://www.gorillawalker.com/ravaged-by-the-werebear-still-hungry-rough-werebear-erotica.pdf
    • http://www.gorillawalker.com/gender-matters-in-global-politics-a-feminist-introduction-to-international.pdf
    • http://www.gorillawalker.com/the-baptist-hymnal-for-use-in-the-church-and-home.pdf
    • http://www.gorillawalker.com/making-sense-of-the-organization-volume-2-the-impermanent-organization.pdf
    • http://www.gorillawalker.com/ocean-steam-navigation-and-the-ocean-post.pdf
    • http://www.gorillawalker.com/how-to-write-effective-requirements-for-it-solutions-an-exercise.pdf
    • http://www.gorillawalker.com/dash-diet-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/30-desserts-and-smoothies-for-a-vegetarian-pregnancy-kindle-edition.pdf
    • http://www.gorillawalker.com/19-gifts-of-the-spirit.pdf
    • http://www.gorillawalker.com/the-bones-in-the-pit-who-built-the-oak-island.pdf
    • http://www.gorillawalker.com/the-standard-guide-to-grading-british-coins-modern-milled-british.pdf
    • http://www.gorillawalker.com/solos-for-soprano-recorder-collection-4-american-melodies-to-1865.pdf
    • http://www.gorillawalker.com/forecasting-methods-and-applications.pdf
    • http://www.gorillawalker.com/arabic-peace-conventions-arabic-peace-conventions-french-edition.pdf
    • http://www.gorillawalker.com/adolescents-alcohol-and-substance-abuse-reaching-teens-through-brief-interventions.pdf
    • http://www.gorillawalker.com/choices-for-college-success-plus-new-mystudentsuccesslab-update-access-card.pdf
    • http://www.gorillawalker.com/the-devils-own-war-the-first-world-war-diary-of.pdf
    • http://www.gorillawalker.com/the-pan-american-games-los-juegos-panamericanos-a-statistical-history.pdf
    • http://www.gorillawalker.com/microbial-metabolomics-advances-in-molecular-and-cellular-microbiology.pdf
    • http://www.gorillawalker.com/the-big-breast-calendar-2011-taschen-tear-off-calendars.pdf
    • http://www.gorillawalker.com/the-mechanics-and-physics-of-modern-grain-aeration-management.pdf
    • http://www.gorillawalker.com/25-top-christmas-songs-french-horn-book-only-version.pdf
    • http://www.gorillawalker.com/physics-and-music-the-science-of-musical-sound-dover-books.pdf
    • http://www.gorillawalker.com/bouguereau.pdf
    • http://www.gorillawalker.com/inventory-of-aerial-photography-and-other-remotely-sensed-imagery-of.pdf
    • http://www.gorillawalker.com/practical-linear-algebra-a-geometry-toolbox-third-edition.pdf
    • http://www.gorillawalker.com/perro-tiene-sed.pdf
    • http://www.gorillawalker.com/pacific-salmon-from-egg-to-exit-from-egg-to-exit.pdf
    • http://www.gorillawalker.com/the-year-s-best-science-fiction-2nd-second-annual-collection.pdf
    • http://www.gorillawalker.com/the-table-hindi-hindi-edition.pdf
    • http://www.gorillawalker.com/curtin-s-california-land-use-and-planning-law.pdf
    • http://www.gorillawalker.com/practical-algorithms-in-pediatric-gastroenterology-practical-algorithms-in-pediatrics-series.pdf
    • http://www.gorillawalker.com/fidic-an-analysis-of-international-construction-contracts-international-bar-association.pdf
    • http://www.gorillawalker.com/captured-fire-2-vol-set-the-new-daily-homilies-year.pdf
    • http://www.gorillawalker.com/anatomy-101-from-muscles-and-bones-to-organs-and-systems.pdf
    • http://www.gorillawalker.com/microsoft-project-2010-microsoft-project-2010-spanish-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/determination-of-the-precious-metals-selected-instrumental-methods.pdf
    • http://www.gorillawalker.com/the-baptist-h
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.