Malicious PDF — malware analysis report

Static analysis result for SHA-256 84b7ed105900bf32…

MALICIOUS

PDF

41.9 KB Created: 2018-11-23 20:59:10 +03:00 Authoring application: Adobe InDesign CS6 (Windows) (via Adobe PDF Library 10.0.1)
MD5: 6b7179034c6df431b6fbafc286ab9325 SHA-1: ee5e9b0abc7ece49716e4042b41790c6468759fa SHA-256: 84b7ed105900bf32f377b12af7f49be7e16d607651f4dea9fa22a10b2598d40d
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded links pointing to external PDF files, a technique often used for SEO poisoning or to distribute further malicious content. The ML classifier also flagged this PDF as malicious. The primary attack pattern involves directing users to a link farm, likely to achieve a malicious goal through the linked content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9027

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/preludes-book-1-by-claude-debussy-for-solo-piano-1910.pdf
    • http://www.gorillawalker.com/see-saw-swings-exercises-to-improve-tone-technique-note-reading.pdf
    • http://www.gorillawalker.com/the-say-it-with-charts-complete-toolkit-1st-first-editon.pdf
    • http://www.gorillawalker.com/civic-ritual-in-renaissance-venice.pdf
    • http://www.gorillawalker.com/sharing-silence-meditation-practice-and-mindful-living.pdf
    • http://www.gorillawalker.com/fantastic-football-i-quiz.pdf
    • http://www.gorillawalker.com/scary-harry-helps-with-infant-binge-drinking.pdf
    • http://www.gorillawalker.com/chittagong-hill-tracts-living-in-a-borderland.pdf
    • http://www.gorillawalker.com/secrets-and-lies-digital-security-in-a-networked-world.pdf
    • http://www.gorillawalker.com/the-adventures-of-holly-white-and-the-incredible-sex-machine.pdf
    • http://www.gorillawalker.com/czech-point-keys-to-lucrative-property-investment-how-to-buy.pdf
    • http://www.gorillawalker.com/the-dynamics-of-inheritance-on-the-shakespearean-stage.pdf
    • http://www.gorillawalker.com/men-shealth-real-life-survival-guide.pdf
    • http://www.gorillawalker.com/concerto-in-f-major-rv-569-full-score-a8415.pdf
    • http://www.gorillawalker.com/five-second-seduction-dirty-tricks-5-ugly-stick-saloon-kindle.pdf
    • http://www.gorillawalker.com/captive-of-desire-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/high-probability-option-credit-spreads.pdf
    • http://www.gorillawalker.com/un-recorrido-por-los-cielos-y-sus-maravillas-spanish-edition.pdf
    • http://www.gorillawalker.com/american-dream-and-public-schools.pdf
    • http://www.gorillawalker.com/the-rough-guide-to-sri-lanka-map-rough-guide-country.pdf
    • http://www.gorillawalker.com/britain-by-britrail-2010-11-touring-britain-by-train.pdf
    • http://www.gorillawalker.com/the-complete-idiot-s-guide-to-paganism.pdf
    • http://www.gorillawalker.com/the-secret-legacy.pdf
    • http://www.gorillawalker.com/barbara-kraus-carbohydrate-guide-1981-a-signet-book.pdf
    • http://www.gorillawalker.com/the-electric-kid-an-avon-flare-book.pdf
    • http://www.gorillawalker.com/the-wars-of-the-papal-states-1492-1517-italian-princes.pdf
    • http://www.gorillawalker.com/bob-ross-joy-of-painting-volume-25.pdf
    • http://www.gorillawalker.com/the-2002-horses-in-the-mist-calendar.pdf
    • http://www.gorillawalker.com/finland-northern-scandinavia.pdf
    • http://www.gorillawalker.com/vermeer-and-music-the-art-of-love-and-leisure-national.pdf
    • http://www.gorillawalker.com/choosing-the-future-for-american-juvenile-justice-youth-crime-and.pdf
    • http://www.gorillawalker.com/alondra-is-sensual-and-sensual-the-cute-woman.pdf
    • http://www.gorillawalker.com/eurythmy-and-the-impulse-of-dance.pdf
    • http://www.gorillawalker.com/a-girl-s-on-course-survival-guide-to-golf-solid.pdf
    • http://www.gorillawalker.com/handbook-of-thermodynamic-tables-and-charts.pdf
    • http://www.gorillawalker.com/pearls-from-the-golden-cabinet-the-practitioner-s-guide-to.pdf
    • http://www.gorillawalker.com/end-of-equality-manifestos-for-the-21st-century.pdf
    • http://www.gorillawalker.com/quantum-computing-explained.pdf
    • http://www.gorillawalker.com/teen-reflections-on-bullying-kindle-edition.pdf
    • http://www.gorillawalker.com/sweet-days-of-discipline-ndp.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.