Malicious PDF — malware analysis report

Static analysis result for SHA-256 7da3d7aa59c04aba…

MALICIOUS

PDF

43.3 KB Created: 2018-12-14 20:33:49 +03:00 Authoring application: Arbortext Publishing Engine (via PDFlib+PDI 8.0.2p1 (Win32))
MD5: b1a497da1c61337f9fd980dff5f6d812 SHA-1: c4116d98e35e1df884869455352be188aa260f04 SHA-256: 7da3d7aa59c04abae857f8961105cf0b1251781468a9bbceb0a45efec292ee15
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged this PDF as malicious. The document body contains these links, suggesting the primary purpose is to direct the user to a website hosting numerous PDF documents, likely for SEO manipulation or to distribute further malicious content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8859

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/prince-wen-hui-s-cook-chinese-dietary-therapy-paradigm-title.pdf
    • http://www.gorillawalker.com/convention-on-international-civil-aviation-a-commentary.pdf
    • http://www.gorillawalker.com/improve-your-sight-reading-violin-grade-3-grade-3.pdf
    • http://www.gorillawalker.com/pests-of-fruit-crops-a-colour-handbook-second-edition-plant.pdf
    • http://www.gorillawalker.com/life-and-other-things-i-don-t-understand-fifty-pages.pdf
    • http://www.gorillawalker.com/submission-to-my-lord-billionaire-domination-and-submission-bdsm-erotic.pdf
    • http://www.gorillawalker.com/the-official-guide-to-the-mcat-exam-mcat2015.pdf
    • http://www.gorillawalker.com/life-on-the-road-with-the-master-wine-cellar-builder.pdf
    • http://www.gorillawalker.com/space-law-perspectives-commentaries-based-on-volumes-1-15-1957.pdf
    • http://www.gorillawalker.com/starting-right-in-real-estate.pdf
    • http://www.gorillawalker.com/the-2009-2014-world-outlook-for-aerospace-type-hydraulic-and.pdf
    • http://www.gorillawalker.com/the-sexual-spectrum-why-we-re-all-different.pdf
    • http://www.gorillawalker.com/a-baby-for-our-babysitter-5.pdf
    • http://www.gorillawalker.com/the-ophthalmology-examinations-review-second-edition.pdf
    • http://www.gorillawalker.com/lebensform-und-lebensnorm-im-antiken-judentum-untersuchungen-zur-judischen-religionssoziologie.pdf
    • http://www.gorillawalker.com/predator-south-china-sea.pdf
    • http://www.gorillawalker.com/kaplan-scholarships-1999-annual.pdf
    • http://www.gorillawalker.com/ibm-cognos-business-intelligence-v10-the-complete-guide-ibm-press.pdf
    • http://www.gorillawalker.com/in-his-presence-the-alternative-service-book-1980-rite-b.pdf
    • http://www.gorillawalker.com/taking-our-own-side.pdf
    • http://www.gorillawalker.com/kotronias-on-the-king-s-indian-fianchetto-systems-volume-1.pdf
    • http://www.gorillawalker.com/el-arte-del-gin-tonic-the-art-of-gin-tonic.pdf
    • http://www.gorillawalker.com/pain-control-in-dentistry-diagnosis-and-management.pdf
    • http://www.gorillawalker.com/no-fail-kale-how-to-grow-your-own-make-kale.pdf
    • http://www.gorillawalker.com/168-hours-you-have-more-time-than-you-think-by.pdf
    • http://www.gorillawalker.com/book-8-hematology-and-oncology-pediatric-anesthesiology-review-topics.pdf
    • http://www.gorillawalker.com/bellamy-s-bride-the-search-for-maria-hallett-of-cape.pdf
    • http://www.gorillawalker.com/the-best-australian-poems-2013-kindle-edition.pdf
    • http://www.gorillawalker.com/liquid-chromatography-column-theory.pdf
    • http://www.gorillawalker.com/the-design-of-engineering-systems.pdf
    • http://www.gorillawalker.com/stone-masonry-stone-restoration-handbook.pdf
    • http://www.gorillawalker.com/textbook-of-plant-ecology-ethnobotany-and-soil-science.pdf
    • http://www.gorillawalker.com/corsica-blue-guides.pdf
    • http://www.gorillawalker.com/international-security-studies-theory-and-practice.pdf
    • http://www.gorillawalker.com/road-traffic-reports-2001.pdf
    • http://www.gorillawalker.com/building-homes-for-tomorrow-development-without-damage.pdf
    • http://www.gorillawalker.com/att-2-business-taxation-accounting-principles-fa-2010-ipass.pdf
    • http://www.gorillawalker.com/de-colonizing-the-subject-the-politics-of-gender-in-women.pdf
    • http://www.gorillawalker.com/the-judgement-of-sherlock-holmes.pdf
    • http://www.gorillawalker.com/for-her-pleasure.pdf
    • http://www.gorillawal
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.