Malicious PDF — malware analysis report

Static analysis result for SHA-256 7a2b050cfa50756e…

MALICIOUS

PDF

42.5 KB Created: 2018-12-02 10:55:09 +03:00 Authoring application: FrameMaker 7.2 (via Acrobat Distiller 7.0.5 (Windows))
MD5: 52049afa0d9bd7510f9c03d9afa8c597 SHA-1: ad2d8864b2a7f511aef1897b37175a44d81c8278 SHA-256: 7a2b050cfa50756e53cc21858c38de54a0ba01dccdd5fd5241bcb1a383821f1d
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded URLs pointing to external PDF documents, as indicated by the PDF_SEO_LINK_FARM heuristic. This suggests a tactic to manipulate search engine results or to distribute a large volume of content, potentially malicious. The ML_NYX_PDF_MALICIOUS heuristic further supports the malicious nature of the file. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8872

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/complete-commentary-by-sankara-on-the-yoga-sutras.pdf
    • http://www.gorillawalker.com/mickelson-clarified-dictionary-of-new-testament-greek-a-hebraic-koine.pdf
    • http://www.gorillawalker.com/un-deux-trois-one-two-three-in-english-french-sight.pdf
    • http://www.gorillawalker.com/missionary-politics-in-contemporary-europe-religion-politics-series.pdf
    • http://www.gorillawalker.com/conceptual-architecture.pdf
    • http://www.gorillawalker.com/nelson-and-winnie-mandela.pdf
    • http://www.gorillawalker.com/celine-dion-s-let-s-talk-about-love-a-journey.pdf
    • http://www.gorillawalker.com/location-of-quarry-blastholes-hse-contract-research-report.pdf
    • http://www.gorillawalker.com/the-parents-part-from-dr-spock-s-baby-child-care.pdf
    • http://www.gorillawalker.com/dragon-ball-15.pdf
    • http://www.gorillawalker.com/royal-heirs-required-billionaires-and-babies.pdf
    • http://www.gorillawalker.com/berlin-city-of-imagination.pdf
    • http://www.gorillawalker.com/trim-healthy-mama-cookbook-eat-well-and-lose-weight-with.pdf
    • http://www.gorillawalker.com/the-cabin-crew-interview-made-easy-an-inside-look-behind.pdf
    • http://www.gorillawalker.com/de-havilland-mosquito-crowood-aviation.pdf
    • http://www.gorillawalker.com/zane-s-gettin-buck-wild-sex-chronicles-ii.pdf
    • http://www.gorillawalker.com/collector-s-originality-guide-mustang-1964-1-2-1966.pdf
    • http://www.gorillawalker.com/best-short-play-1972-edited-and-with-an-introduction-by.pdf
    • http://www.gorillawalker.com/abby-s-scar.pdf
    • http://www.gorillawalker.com/christmas-jars.pdf
    • http://www.gorillawalker.com/bellamy-and-child-materials-on-european-community-law-of-competition.pdf
    • http://www.gorillawalker.com/the-practice-of-technical-and-scientific-communication-writing-in-professional.pdf
    • http://www.gorillawalker.com/technologies-for-rural-health-a-royal-society-discussion-organized-by.pdf
    • http://www.gorillawalker.com/cerebro-de-pan-grain-brain-spanish-edition.pdf
    • http://www.gorillawalker.com/by-moonlight-hearts-of-courage-volume-1.pdf
    • http://www.gorillawalker.com/como-pintar-flores-al-oleo-flowers-in-oil-aprender-creando.pdf
    • http://www.gorillawalker.com/why-is-milk-white-200-other-curious-chemistry-questions.pdf
    • http://www.gorillawalker.com/cost-accounting.pdf
    • http://www.gorillawalker.com/framing-and-presenting-textile-art-textiles-handbooks.pdf
    • http://www.gorillawalker.com/capote-in-kansas-a-ghost-story.pdf
    • http://www.gorillawalker.com/the-easter-story.pdf
    • http://www.gorillawalker.com/environmental-policy-and-politics-6th-edition.pdf
    • http://www.gorillawalker.com/101-shotgun-wing-t-plays-kindle-edition.pdf
    • http://www.gorillawalker.com/heart-of-the-bear-hells-canyon-shifters-book-5-kindle.pdf
    • http://www.gorillawalker.com/strategic-management-a-dynamic-perspective-concepts-2nd-edition.pdf
    • http://www.gorillawalker.com/what-do-they-do-doctors-community-connections.pdf
    • http://www.gorillawalker.com/spiders-a-portrait-of-the-animal-world.pdf
    • http://www.gorillawalker.com/foundation-in-fashion-design-and-illustration.pdf
    • http://www.gorillawalker.com/family-life-in-the-u-s-a-then-and-now.pdf
    • http://www.gorillawalker.com/swami-vivekananda-on-himself.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.