Malicious PDF — malware analysis report

Static analysis result for SHA-256 7b7699d6a140c754…

MALICIOUS

PDF

39.9 KB Created: 2018-11-30 20:26:29 +03:00 Authoring application: FrameMaker 7.0 (via Acrobat Distiller 5.0.5 (Windows))
MD5: 1c0fc3ecaea9fa8cdc6b4dc41e053466 SHA-1: 7d69bb73d7edb7e0c65f8c2efb1c9ee0b8870cc1 SHA-256: 7b7699d6a140c754940d1b3035c6803a7dcba0ec6da9751b159485afebca9f05
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of external links, identified by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged the document as malicious with high confidence. The embedded URLs likely serve as a lure or a distribution mechanism for further malicious content, potentially related to SEO manipulation or phishing.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/interest-rate-term-structure-and-valuation-modeling-frank-j-fabozzi.pdf
    • http://www.gorillawalker.com/zr-b-to-sam-z-kwiatami.pdf
    • http://www.gorillawalker.com/british-literature-encouraging-thoughtful-christians-to-be-world-changers-senior.pdf
    • http://www.gorillawalker.com/the-practice-of-oil-painting-and-of-drawing-as-associated.pdf
    • http://www.gorillawalker.com/food-allergies-true-books-health.pdf
    • http://www.gorillawalker.com/a-difficult-boy.pdf
    • http://www.gorillawalker.com/by-bryce-carlson-blackjack-for-blood-the-card-counters-bible.pdf
    • http://www.gorillawalker.com/77-days-in-september-a-novel-of-survival-dedication-and.pdf
    • http://www.gorillawalker.com/chiral-pollutants-distribution-toxicity-and-analysis-by-chromatography-and-capillary.pdf
    • http://www.gorillawalker.com/spandau-ballet-the-authorized-story.pdf
    • http://www.gorillawalker.com/backgammon-for-winners.pdf
    • http://www.gorillawalker.com/abraham-lincoln-s-world-expanded-edition.pdf
    • http://www.gorillawalker.com/lowest-of-the-low.pdf
    • http://www.gorillawalker.com/colour-atlas-of-peripheral-vascular-diseases.pdf
    • http://www.gorillawalker.com/master-bar-exam-writing-bar-essay-writing-a-z.pdf
    • http://www.gorillawalker.com/treasures-from-mexico-treasures-from-the-past.pdf
    • http://www.gorillawalker.com/action-learning-how-the-world-s-top-companies-are-re.pdf
    • http://www.gorillawalker.com/handbook-of-recording-engineering.pdf
    • http://www.gorillawalker.com/origami-5-fifth-international-meeting-of-origami-science-mathematics-and.pdf
    • http://www.gorillawalker.com/emotan-and-the-kings-of-benin-makers-of-african-history.pdf
    • http://www.gorillawalker.com/ground-improvement-by-deep-vibratory-methods.pdf
    • http://www.gorillawalker.com/high-frequency-switching-power-supplies-theory-and-design.pdf
    • http://www.gorillawalker.com/the-stonekeeper-s-curse-amulet-book-2.pdf
    • http://www.gorillawalker.com/the-graphic-novel-symbolae-facultatis-litterarum-lovaniensis-series-d-litteraria.pdf
    • http://www.gorillawalker.com/killer-smile-d-i-dylan.pdf
    • http://www.gorillawalker.com/literature-thought-voices-of-the-holocaust.pdf
    • http://www.gorillawalker.com/take-it-to-your-seat-writing-centers-grades-2-3.pdf
    • http://www.gorillawalker.com/the-queen-in-winter.pdf
    • http://www.gorillawalker.com/composing-and-arranging-for-the-contemporary-big-band.pdf
    • http://www.gorillawalker.com/i-will-praise-him-gospel-favorites-for-organ.pdf
    • http://www.gorillawalker.com/building-a-better-backbone-download-pdf-digital.pdf
    • http://www.gorillawalker.com/l-home-que-estimo-catalan-edition.pdf
    • http://www.gorillawalker.com/lsat-prep-test-71-games-solutions-mytestanswers-lsat-solutions-kindle.pdf
    • http://www.gorillawalker.com/raising-our-athletic-daughters-how-sports-can-build-self-esteem.pdf
    • http://www.gorillawalker.com/embryology-anatomy-and-diseases-of-the-umbilicus-together-wit.pdf
    • http://www.gorillawalker.com/collins-big-cat-151-homes-sweet-homes-turquoise-band-07.pdf
    • http://www.gorillawalker.com/national-anthem-full-score-brass-version.pdf
    • http://www.gorillawalker.com/the-greatest-secret-god-told-me-about-money.pdf
    • http://www.gorillawalker.com/the-foundations-of-communication-in-criminal-justice-systems.pdf
    • http://www.gorillawalker.com/the-2013-2018-outlook-for-3d-printing-in-oceana.pdf
    • http://www.gorillawalker.com/77-
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.