Malicious PDF — malware analysis report

Static analysis result for SHA-256 7cc3c4e8601d91ac…

MALICIOUS

PDF

42.7 KB Created: 2018-12-14 21:23:45 +03:00 Authoring application: Acrobat PDFMaker 7.0 для Word (via Acrobat Distiller 7.0.5 (Windows))
MD5: 4697ddc7ac6bb7d92d3473334cad698e SHA-1: d989254a6d45218f72e20b804dcb7378dd572d5e SHA-256: 7cc3c4e8601d91accce6a357099baf72a19f56e21e1d3984ceebbc9a1068d03c
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded URLs pointing to external websites, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged the document as malicious. The primary purpose appears to be directing users to a link farm, likely for SEO spam or to host further malicious content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9027

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/super-fit-now-25-high-impact-fat-melting-body-weight.pdf
    • http://www.gorillawalker.com/gerlingers-reisen-indien-malediven-k.pdf
    • http://www.gorillawalker.com/the-prime-origins-guide-to-exploring-kruger-your-key-to.pdf
    • http://www.gorillawalker.com/the-rough-guide-to-the-baltic-states-2nd-edition.pdf
    • http://www.gorillawalker.com/taming-jesse-james-outlaw-hartes-silhouette-intimate-moments.pdf
    • http://www.gorillawalker.com/a-perfectly-seasoned-life.pdf
    • http://www.gorillawalker.com/musica-entre-las-sabanas-spanish-edition.pdf
    • http://www.gorillawalker.com/american-hipster-a-life-of-herbert-huncke-the-times-square.pdf
    • http://www.gorillawalker.com/color-drawing-design-drawing-skills-and-techniques-for-architects-landscape.pdf
    • http://www.gorillawalker.com/help-my-adult-child-won-t-leave-home-help-focus.pdf
    • http://www.gorillawalker.com/managing-fuel-expenses-management-techniques-cover-story-an-article-from.pdf
    • http://www.gorillawalker.com/solar-power-fuel-cells-wind-power-and-other-important-environmental.pdf
    • http://www.gorillawalker.com/institutions-and-imaginaries-school-of-the-art-institute-of-chicago.pdf
    • http://www.gorillawalker.com/sunset-in-andalusia-our-great-escape.pdf
    • http://www.gorillawalker.com/punk-rock-drum-play-along-volume-7.pdf
    • http://www.gorillawalker.com/deadly-the-truth-about-the-most-dangerous-creatures-on-earth.pdf
    • http://www.gorillawalker.com/forex-trading-strategies-learning-to-think-and-trade-like-an.pdf
    • http://www.gorillawalker.com/literature-and-the-language-arts-the-american-tradition.pdf
    • http://www.gorillawalker.com/highland-healer-highland-talents-book-1.pdf
    • http://www.gorillawalker.com/the-real-world-of-employee-ownership-ilr-press-books.pdf
    • http://www.gorillawalker.com/running-linux.pdf
    • http://www.gorillawalker.com/complete-skier-a-pracical-guide-for-skiers.pdf
    • http://www.gorillawalker.com/1-2-thessalonians-crossway-classic-commentary.pdf
    • http://www.gorillawalker.com/the-modern-law-of-contracts-american-casebook-series.pdf
    • http://www.gorillawalker.com/anales-de-la-sociedad-cient-fica-argentina-volume-38-spanish.pdf
    • http://www.gorillawalker.com/yamaha-fzr600-750-1000-fours-87-to-96-haynes-service.pdf
    • http://www.gorillawalker.com/exploring-ecuador-with-the-five-themes-of-geography-the-library.pdf
    • http://www.gorillawalker.com/labor-economics-introduction-to-classic-and-the-new-labor-economics.pdf
    • http://www.gorillawalker.com/champagne-cl52287.pdf
    • http://www.gorillawalker.com/rihanna-superstars-crabtree.pdf
    • http://www.gorillawalker.com/heavy-lift-helicopters.pdf
    • http://www.gorillawalker.com/animals-in-danger-orang-utans.pdf
    • http://www.gorillawalker.com/doomed-ancient-legends.pdf
    • http://www.gorillawalker.com/letter-to-a-muslim-student.pdf
    • http://www.gorillawalker.com/early-french-tristan-poems-vol-2-arthurian-archives.pdf
    • http://www.gorillawalker.com/thriving-during-challenging-times-the-energy-food-and-financial-independence.pdf
    • http://www.gorillawalker.com/gervase-phinn-untitled-novel-digital.pdf
    • http://www.gorillawalker.com/el-estado-y-los-indigenas-en-tiempos-del-pan-the.pdf
    • http://www.gorillawalker.com/stable-in-bethlehem-a-countdown-to-christmas.pdf
    • http://www.gorillawalker.com/when-secrets-die.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.