Malicious PDF — malware analysis report

Static analysis result for SHA-256 84258727c4f1668a…

MALICIOUS

PDF

40.3 KB Created: 2018-11-30 01:48:55 +03:00 Authoring application: Acrobat PDFMaker 10.0 for Word (via Adobe PDF Library 10.0)
MD5: e05c7e15dbbbe3236ba8a01e4e502532 SHA-1: ada5ede09ec3ca4bb87b2cd492291c6f9fbab35b SHA-256: 84258727c4f1668a00ee9e545a78ae0eaee570d3cbf522e2dc0bad7407393eff
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF file was flagged by a machine learning classifier as malicious. Static analysis revealed a large number of embedded URLs, many of which point to PDF files hosted on the same domain. This suggests a link farm or a method to distribute further malicious content. The primary attack pattern appears to be leveraging these links for SEO manipulation or as a distribution vector.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/carpentry-fundamentals-level-1-trainee-guide-hardcover-4th-edition.pdf
    • http://www.gorillawalker.com/cardamom-and-lime.pdf
    • http://www.gorillawalker.com/trees-for-all-seasons-broadleaved-evergreens-for-temperate-climates.pdf
    • http://www.gorillawalker.com/automotive-transmissions-fundamentals-selection-design-and-application.pdf
    • http://www.gorillawalker.com/stitch-craft-create-applique-embroidery-15-quick-easy-applique-and.pdf
    • http://www.gorillawalker.com/holy-spirit-in-you.pdf
    • http://www.gorillawalker.com/cisco-routers-for-the-small-business-a-practical-guide-for.pdf
    • http://www.gorillawalker.com/matter-earth-and-sky.pdf
    • http://www.gorillawalker.com/concepts-in-male-health-perspectives-across-the-lifespan.pdf
    • http://www.gorillawalker.com/nehrp-recommended-provisions-for-seismic-regulations-for-new-buildings-and.pdf
    • http://www.gorillawalker.com/natural-selection-and-social-theory-selected-papers-of-robert-trivers.pdf
    • http://www.gorillawalker.com/the-silent-testing-timer-for-lsat-sat-act-mcat-gmat.pdf
    • http://www.gorillawalker.com/mathematics-and-physics-second-edition-ferguson-s-careers-in-focus.pdf
    • http://www.gorillawalker.com/messages-from-the-masters-tapping-into-the-power-of-love.pdf
    • http://www.gorillawalker.com/go-fly-a-bike-the-ultimate-book-of-bicycle-fun.pdf
    • http://www.gorillawalker.com/process-of-patient-education.pdf
    • http://www.gorillawalker.com/murder-etouffee.pdf
    • http://www.gorillawalker.com/on-the-movements-and-habits-of-climbing-plants.pdf
    • http://www.gorillawalker.com/the-simple-rules-of-risk-revisiting-the-art-of-financial.pdf
    • http://www.gorillawalker.com/ear-training-two-note-complete.pdf
    • http://www.gorillawalker.com/tony-parker-modern-role-models.pdf
    • http://www.gorillawalker.com/lionel-electric-train-catalog-1923-kindle-edition.pdf
    • http://www.gorillawalker.com/an-introduction-to-mathematical-cryptography-undergraduate-texts-in-mathematics.pdf
    • http://www.gorillawalker.com/sweating-bullets-a-story-about-overcoming-the-fear-of-public.pdf
    • http://www.gorillawalker.com/not-a-match-my-true-tales-of-online-dating-disasters.pdf
    • http://www.gorillawalker.com/de-la-mano-de-jerry-andrus-spanish-edition.pdf
    • http://www.gorillawalker.com/private-foundations-law-and-practice.pdf
    • http://www.gorillawalker.com/voices-of-the-winds-native-american-legends.pdf
    • http://www.gorillawalker.com/falling-angel-a-novel.pdf
    • http://www.gorillawalker.com/clark-gable-quotes-facts.pdf
    • http://www.gorillawalker.com/henry-salt.pdf
    • http://www.gorillawalker.com/the-black-stallion-revolts.pdf
    • http://www.gorillawalker.com/mack-fg-fh-fj-fk-fn-fp-ft-fw-1937.pdf
    • http://www.gorillawalker.com/mcdougal-littell-middle-school-american-history-student-edition-beginnings-through.pdf
    • http://www.gorillawalker.com/the-spolia-churches-of-rome-recycling-antiquity-in-the-middle.pdf
    • http://www.gorillawalker.com/beautiful-sexy-women-vol-20-photo-collection.pdf
    • http://www.gorillawalker.com/the-dimensions-of-paradise-the-proportions-and-symbolic-numbers-of.pdf
    • http://www.gorillawalker.com/morphology-of-human-blood-cells.pdf
    • http://www.gorillawalker.com/engaging-political-philosophy-an-introduction-digital.pdf
    • http://www.gorillawalker.com/reckless-book-2-tempted-series.pdf
    • http://www.gorillawalker.com/concepts-in-male
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.