Malicious PDF — malware analysis report

Static analysis result for SHA-256 7c34bf8002233192…

MALICIOUS

PDF

44.6 KB Created: 2018-11-23 21:08:43 +03:00 Authoring application: Acrobat PDFMaker 5.0 for Word (via Acrobat Distiller 5.0 (Windows))
MD5: 711de2b3cc23678b33a5737d0479685d SHA-1: 75daf02ca6fd6eb111e4e76be555d2012a406bf9 SHA-256: 7c34bf8002233192bdd2413e95c23b305d3d073a9b63651588aac35af819c1b4
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of external links, identified by the PDF_SEO_LINK_FARM heuristic. These links point to various PDF documents hosted on the same domain, suggesting a link farm or a method to distribute potentially malicious content. The ML classifier also flagged the document as malicious. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8439

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/kata-the-key-to-understanding-and-dealing-with-the-japanese.pdf
    • http://www.gorillawalker.com/glaucoma-surgical-techniques-ophthalmology-monographs-4.pdf
    • http://www.gorillawalker.com/dublin-mini-rough-guides.pdf
    • http://www.gorillawalker.com/smart-materials-advanced-concepts-and-research.pdf
    • http://www.gorillawalker.com/a-fin-and-a-prayer-gil-and-fin-adventures-kindle.pdf
    • http://www.gorillawalker.com/thriving-and-spirituality-among-youth-research-perspectives-and-future-possibilities.pdf
    • http://www.gorillawalker.com/tribal-ethnography-customary-law-and-change.pdf
    • http://www.gorillawalker.com/der-doppelte-kirchner-die-zwei-seiten-der-leinwand.pdf
    • http://www.gorillawalker.com/waltzing-with-bears-managing-risk-on-software-projects.pdf
    • http://www.gorillawalker.com/seriously-i-m-kidding-miniature-edition.pdf
    • http://www.gorillawalker.com/atlas-of-cutaneous-facial-flaps-and-grafts-a-differential-diagnosis.pdf
    • http://www.gorillawalker.com/spinal-cord-injuries-guidance-for-general-practitioners-and-district-nurses.pdf
    • http://www.gorillawalker.com/out-of-darkness-rising-an-allegory-of-redemption.pdf
    • http://www.gorillawalker.com/rip-van-winkle-and-the-legend-of-sleepy-hollow-unabridged.pdf
    • http://www.gorillawalker.com/probes-to-the-planets-story-of-space.pdf
    • http://www.gorillawalker.com/turncoat.pdf
    • http://www.gorillawalker.com/walking-the-choctaw-road-stories-from-red-people-memory.pdf
    • http://www.gorillawalker.com/bimbo-boutique-bimbofication-menage-erotica-the-bimbofication-adventures-book-7.pdf
    • http://www.gorillawalker.com/the-motor-car-a-practical-manual-for-the-use-of.pdf
    • http://www.gorillawalker.com/human-behavior-property-liability-insurance.pdf
    • http://www.gorillawalker.com/genetic-programming-theory-and-practice-iii-v-3.pdf
    • http://www.gorillawalker.com/what-s-the-internet.pdf
    • http://www.gorillawalker.com/3-impromptus-op-29-op-36-op-51-for-solo.pdf
    • http://www.gorillawalker.com/25-quick-easy-low-sugar-family-friendly-protein-bars-cookies.pdf
    • http://www.gorillawalker.com/the-new-fun-encyclopedia-volume-1-games.pdf
    • http://www.gorillawalker.com/canoe-and-camp-life-in-british-guiana.pdf
    • http://www.gorillawalker.com/it-s-not-okay-to-be-a-cannibal-how-to.pdf
    • http://www.gorillawalker.com/phillips-science-of-dental-materials-anusavice-phillip-s-science-of.pdf
    • http://www.gorillawalker.com/the-life-of-james-mcneill-whistler-volume-1.pdf
    • http://www.gorillawalker.com/primal-desires-primes-series-book-6.pdf
    • http://www.gorillawalker.com/cinematographer-style-the-complete-interviews-volume-i.pdf
    • http://www.gorillawalker.com/the-live-sound-manual-getting-great-sound-at-every-gig.pdf
    • http://www.gorillawalker.com/structural-analysis-and-synthesis-a-laboratory-course-in-structural-geology.pdf
    • http://www.gorillawalker.com/the-sting-of-the-luftwaffe-schnellkampfgeschwader-210-and-zerstorergeschwader-1.pdf
    • http://www.gorillawalker.com/the-dental-pulp-biology-pathology-and-regenerative-therapies.pdf
    • http://www.gorillawalker.com/the-ketogenic-cookbook-36-ketogenic-diet-recipes.pdf
    • http://www.gorillawalker.com/normal-doesn-t-live-here-anymore-an-inspiring-story-of.pdf
    • http://www.gorillawalker.com/sassy-curves.pdf
    • http://www.gorillawalker.com/slow-cooker-low-carb-box-set-3-in-1-90.pdf
    • http://www.gorillawalker.com/oh-behave-sensory-processing-and-behavioral-strategies.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.