Malicious PDF — malware analysis report

Static analysis result for SHA-256 834f82f6a4fa0a29…

MALICIOUS

PDF

38.4 KB Created: 2018-11-26 20:07:16 +03:00 Authoring application: Adobe Acrobat 7.0 (via Adobe Acrobat 7.0 Image Conversion Plug-in)
MD5: 981e02f86a752e30984a0f68bca90402 SHA-1: 173d87eb2e6a3be06785eabab2304b872ac5509d SHA-256: 834f82f6a4fa0a29ab021b9ea4736b6ba94d8ac4adead3ce25bd77383fd43230
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged the document as malicious. The document body itself is heavily obfuscated and contains numerous URLs pointing to the same domain, suggesting a link farm or content distribution scheme. The primary attack pattern appears to be leveraging these links to direct users to potentially malicious or SEO-manipulated content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8901

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/rinko-kawauchi-sheets.pdf
    • http://www.gorillawalker.com/a-short-course-in-automorphic-functions-dover-books-on-mathematics.pdf
    • http://www.gorillawalker.com/key-questions-in-thoracic-surgery.pdf
    • http://www.gorillawalker.com/fusarium-wilt-of-banana.pdf
    • http://www.gorillawalker.com/the-official-aston-villa-2016-desk-easel-calendar.pdf
    • http://www.gorillawalker.com/indian-cookery-step-by-step.pdf
    • http://www.gorillawalker.com/practice-makes-perfect-a-guide-to-fun-training-sessions-for.pdf
    • http://www.gorillawalker.com/a-traveler-s-guide-to-the-geology-of-the-colorado.pdf
    • http://www.gorillawalker.com/un-giorno-di-regno-italian-edition.pdf
    • http://www.gorillawalker.com/once-upon-a-time-on-the-nature-of-fairy-tales.pdf
    • http://www.gorillawalker.com/christmas-oratorium.pdf
    • http://www.gorillawalker.com/hack-her-kindle-edition.pdf
    • http://www.gorillawalker.com/fundamentals-of-chest-radiology-1e-fundamentals-of-radiology.pdf
    • http://www.gorillawalker.com/clinical-blood-gases-assessment-intervention-2e-by-william-j-malley.pdf
    • http://www.gorillawalker.com/gravity-decoded-exploring-the-structure-of-space-energy.pdf
    • http://www.gorillawalker.com/debtor-creditor-law-manual.pdf
    • http://www.gorillawalker.com/rethinking-adhd-from-brain-to-culture.pdf
    • http://www.gorillawalker.com/theodosius-sphaerica-arabic-and-medieval-latin-translations-boethius-texte-und.pdf
    • http://www.gorillawalker.com/quebec-since-1930.pdf
    • http://www.gorillawalker.com/snow-sunburst-books.pdf
    • http://www.gorillawalker.com/ed-emberley-s-drawing-box.pdf
    • http://www.gorillawalker.com/young-reader-s-series-book-of-nonsense-containing-edward-lear.pdf
    • http://www.gorillawalker.com/environmental-law-for-non-lawyers.pdf
    • http://www.gorillawalker.com/direction-quality-of-light-your-key-to-better-portrait-photography.pdf
    • http://www.gorillawalker.com/aggressive-whitetail-hunting.pdf
    • http://www.gorillawalker.com/friggin-rigging-safety-for-oil-rigs-for-the-new-or.pdf
    • http://www.gorillawalker.com/the-olympic-conspiracy-the-seven-fabulous-wonders.pdf
    • http://www.gorillawalker.com/comparative-legal-traditions-in-a-nutshell-3d-kindle-edition.pdf
    • http://www.gorillawalker.com/5-minute-disney-pixar-stories-5-minute-stories.pdf
    • http://www.gorillawalker.com/jacques-rivette-contemporary-film-directors.pdf
    • http://www.gorillawalker.com/the-hidden-sea-ground-water-springs-and-wells.pdf
    • http://www.gorillawalker.com/thanks-for-thanksgiving.pdf
    • http://www.gorillawalker.com/cocina-mexicana-vegetariana-hoy-spanish-edition.pdf
    • http://www.gorillawalker.com/spirits-in-spacesuits-a-manual-for-everyday-mystics.pdf
    • http://www.gorillawalker.com/billy-wilder-german-edition.pdf
    • http://www.gorillawalker.com/isotopes.pdf
    • http://www.gorillawalker.com/married-by-monday-weekday-brides-series.pdf
    • http://www.gorillawalker.com/mcts-microsoft-biztalk-server-70-595-certification-and-assessment-guide.pdf
    • http://www.gorillawalker.com/resource-economics-for-foresters.pdf
    • http://www.gorillawalker.com/aat-business-maths-and-english-2004-text.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.