Malicious PDF — malware analysis report

Static analysis result for SHA-256 7c76fe2e0793c100…

MALICIOUS

PDF

41.7 KB Created: 2018-11-23 21:09:27 +03:00 Authoring application: FrameMaker 10.0.2 (via Acrobat Distiller 10.1.15 (Windows))
MD5: 762a62e4c4f904d19b3edb4f363f7286 SHA-1: 11f6e097f04eb8379481c918af0bb6a36c8fbd67 SHA-256: 7c76fe2e0793c1002f5a12dcc63f28189f22c2def0759adde2fad8df8f6ac00b
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious File

The PDF document contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged the document as malicious. While no scripts were extracted, the sheer volume of links suggests a malicious intent, possibly for SEO manipulation or to distribute further malicious content. The primary IOCs are the URLs pointing to the linked PDF files.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8698

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-koren-classic-rosh-hashanah-machzor-a-hebrew-high-holiday.pdf
    • http://www.gorillawalker.com/assassinio-nella-cattedrale-vocal-score-paper-italian.pdf
    • http://www.gorillawalker.com/forbidden-signs-american-culture-and-the-campaign-against-sign-language.pdf
    • http://www.gorillawalker.com/metallurgy-of-basic-weld-metal.pdf
    • http://www.gorillawalker.com/cheaptickets-how-to-find-really-cheap-airline-tickets-unabridged-audible.pdf
    • http://www.gorillawalker.com/international-law-a-dictionary-dictionaries-of-international-law.pdf
    • http://www.gorillawalker.com/empowering-teens-to-build-self-esteem.pdf
    • http://www.gorillawalker.com/master-management-consulting-interview-full-version-rigorous-guide.pdf
    • http://www.gorillawalker.com/journal-of-chemical-physics-volumes-20-72-1952-1980.pdf
    • http://www.gorillawalker.com/the-mathematics-of-matrices-a-first-book-of-matrix-theory.pdf
    • http://www.gorillawalker.com/palisades-amusement-park-a-century-of-fond-memories.pdf
    • http://www.gorillawalker.com/pavana-capricho-par-piano.pdf
    • http://www.gorillawalker.com/dictionary-for-engineers-english-spanish-spanish-english-diccionario-para-ingenieros.pdf
    • http://www.gorillawalker.com/big-change-a-route-map-for-corporate-transformation.pdf
    • http://www.gorillawalker.com/all-that-jazz.pdf
    • http://www.gorillawalker.com/blueprint-reading-for-welders-delmar-learning-blueprint-reading.pdf
    • http://www.gorillawalker.com/golf-architecture-a-worldwide-perspective-volume-4.pdf
    • http://www.gorillawalker.com/top-ten-sights-glasgow-kindle-edition.pdf
    • http://www.gorillawalker.com/ocean-storm-alert-disaster-alert.pdf
    • http://www.gorillawalker.com/satellite-sam-6.pdf
    • http://www.gorillawalker.com/the-atlantic-tunnel-selected-poems.pdf
    • http://www.gorillawalker.com/the-god-ezekiel-creates-the-library-of-hebrew-bible-old.pdf
    • http://www.gorillawalker.com/bereavement-at-work-a-practical-guide.pdf
    • http://www.gorillawalker.com/intensive-respiratory-care-2e.pdf
    • http://www.gorillawalker.com/residential-design-drafting-and-detailing.pdf
    • http://www.gorillawalker.com/unlimited-book-from-fatigued-fat-to-fantastic-clinically-proven-tips.pdf
    • http://www.gorillawalker.com/jump-rope-skills-guide-our-guide-to-teaching-kids-jump.pdf
    • http://www.gorillawalker.com/exploring-yucatan-a-traveler-s-anthology.pdf
    • http://www.gorillawalker.com/chips-recipes-50-most-delicious-of-chips-recipes-chips-recipes.pdf
    • http://www.gorillawalker.com/the-pictorial-guide-to-the-living-primates.pdf
    • http://www.gorillawalker.com/acrl-2013-academic-library-trends-and-statistics-masters-baccalaureate-volume.pdf
    • http://www.gorillawalker.com/ricardo-gomez-campuzano-spanish-edition.pdf
    • http://www.gorillawalker.com/taylor-swift-for-easy-guitar-easy-guitar-with-notes-tab.pdf
    • http://www.gorillawalker.com/radio-ministry-handbook.pdf
    • http://www.gorillawalker.com/wellness.pdf
    • http://www.gorillawalker.com/the-principalship-a-reflective-practice-perspective-6th-edition.pdf
    • http://www.gorillawalker.com/venice-spirit-of-place.pdf
    • http://www.gorillawalker.com/the-lutefisk-handbook-a-humorous-look-at-the-world-s.pdf
    • http://www.gorillawalker.com/printing-practice-handwriting-workbook.pdf
    • http://www.gorillawalker.com/how-to-dial-9-1-1.pdf
    • http://www.gorillawalker.c
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.