Malicious PDF — malware analysis report

Static analysis result for SHA-256 7ab76bc1512f01b9…

MALICIOUS

PDF

46.2 KB Created: 2018-11-30 20:25:14 +03:00 Authoring application: Adobe Acrobat 7.05 (via Adobe Acrobat 7.05 Paper Capture Plug-in)
MD5: 433b10f74e4c189b1ddba073d0b109aa SHA-1: 7ac0e31992bd6c2deeb0deb69b195b575e81ef57 SHA-256: 7ab76bc1512f01b9ced90649dbcaa603b558fda90600428689a966dc1623d31b
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF contains a large number of embedded links to external PDF files, a technique often used for SEO manipulation or to distribute malicious content indirectly. The ML classifier also flagged this PDF as malicious. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.7914

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/final-argument-an-inquiry-into-the-torture-and-murder-of.pdf
    • http://www.gorillawalker.com/building-the-wooden-fighting-ship.pdf
    • http://www.gorillawalker.com/mask-of-the-enchantress.pdf
    • http://www.gorillawalker.com/diversity-webster-s-specialty-crossword-puzzles.pdf
    • http://www.gorillawalker.com/the-trimtab-factor-how-business-executives-can-help-solve-the.pdf
    • http://www.gorillawalker.com/the-quest-to-the-american-dream.pdf
    • http://www.gorillawalker.com/redes-industriales-de-tuber-a-spanish-edition.pdf
    • http://www.gorillawalker.com/microelectronic-failure-analysis-desk-reference-09105g.pdf
    • http://www.gorillawalker.com/widow-to-widow-thoughtful-practical-ideas-for-rebuilding-your-life.pdf
    • http://www.gorillawalker.com/basic-primitive-navigation-a-waterproof-folding-guide-to-wilderness-skills.pdf
    • http://www.gorillawalker.com/contemporary-organizational-behavior-from-ideas-to-action.pdf
    • http://www.gorillawalker.com/petrosian-move-by-move.pdf
    • http://www.gorillawalker.com/the-real-book-volume-iii-eb-edition-real-books-hal.pdf
    • http://www.gorillawalker.com/saturday-afternoon-madness.pdf
    • http://www.gorillawalker.com/vibrations-and-stability-advanced-theory-analysis-and-tools.pdf
    • http://www.gorillawalker.com/portraits-a-history.pdf
    • http://www.gorillawalker.com/if-we-were-birds.pdf
    • http://www.gorillawalker.com/a-day-in-the-life-the-music-and-artistry-of.pdf
    • http://www.gorillawalker.com/rediscovering-kingdom-worship.pdf
    • http://www.gorillawalker.com/going-to-vilcabamba-kindle-edition.pdf
    • http://www.gorillawalker.com/shadowrun-scalpels-edge-malevolent-ends.pdf
    • http://www.gorillawalker.com/diabetic-daily-journal-log-book.pdf
    • http://www.gorillawalker.com/type-2-diabetes-30-natural-methods-for-preventing-reversing-diabetes.pdf
    • http://www.gorillawalker.com/breast-cancer-visual-guide-for-clinicians.pdf
    • http://www.gorillawalker.com/bescherelle-anglais-vocabulaire-french-edition.pdf
    • http://www.gorillawalker.com/footfalls-on-the-boundary-of-another-world-with-narrative-illustrations.pdf
    • http://www.gorillawalker.com/memo-havel-collection.pdf
    • http://www.gorillawalker.com/the-contemporary-narrative-poem-critical-crosscurrents.pdf
    • http://www.gorillawalker.com/the-practice-of-surgical-pathology-a-beginner-s-guide-to.pdf
    • http://www.gorillawalker.com/rabindranath-tagore-and-modern-sensibility.pdf
    • http://www.gorillawalker.com/rocketman-astronaut-pete-conrad-s-incredible-ride-to-the-moon.pdf
    • http://www.gorillawalker.com/buildings-and-towns-in-pastel-leisure-arts-22.pdf
    • http://www.gorillawalker.com/why-is-there-something-rather-than-nothing-23-questions-from.pdf
    • http://www.gorillawalker.com/emotional-intelligence-at-work.pdf
    • http://www.gorillawalker.com/between-indigenous-and-settler-governance.pdf
    • http://www.gorillawalker.com/a-history-of-western-choral-music-volume-1.pdf
    • http://www.gorillawalker.com/iso-10551-1995-ergonomics-of-the-thermal-environment-assessment-of.pdf
    • http://www.gorillawalker.com/automotive-heating-ventilation-and-air-conditioning-systems-classroom-manual-3rd.pdf
    • http://www.gorillawalker.com/the-lumbar-spine-examination-evaluation-and-manipulation-kindle-edition.pdf
    • http://www.gorillawalker.com/modern-a-portfolio-of-contemporary-interior-design-styles.pdf
    • http://www.goril
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.