Malicious PDF — malware analysis report

Static analysis result for SHA-256 84faf0402aaa54d2…

MALICIOUS

PDF

35.1 KB Created: 2019-09-19 15:09:39 +03:00 Authoring application: C2 v4.2.0220 build 670 - c2_rendition_config : Techlit_Active (via Acrobat Distiller 10.0.0 (Windows); modified using iText 2.1.7 by 1T3XT)
MD5: af56083205e4e232923563cc77fd5c72 SHA-1: 0a892f0e394f2852f312739c67c04504a2c636cf SHA-256: 84faf0402aaa54d2bfb4e2536c0216cd5c5fc15643f32bc8926e04c488cf257c
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Phishing:Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged the document as malicious. The primary attack pattern appears to be a link farm designed to manipulate search engine results or distribute potentially malicious content via numerous PDF links. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8315

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/democracy-and-the-origins-of-the-american-regulatory-state-the.pdf
    • http://www.gorillawalker.com/gospeled-lives-encounters-with-jesus-a-lenten-study.pdf
    • http://www.gorillawalker.com/understanding-earth.pdf
    • http://www.gorillawalker.com/domain-name-money-maker-how-to-make-money-buying-expired.pdf
    • http://www.gorillawalker.com/robin-hood-music-from-the-motion-picture-soundtrack.pdf
    • http://www.gorillawalker.com/the-radicality-of-love.pdf
    • http://www.gorillawalker.com/sing-book-4-cd-s.pdf
    • http://www.gorillawalker.com/micropace-pro-2-0-individual-license-for-keyboarding-and-formatting.pdf
    • http://www.gorillawalker.com/strategic-management-in-the-knowledge-economy-new-approaches-and-business.pdf
    • http://www.gorillawalker.com/mastering-financial-mathematics-in-microsoft-excel-a-practical-guide-for.pdf
    • http://www.gorillawalker.com/special-education-law-pearson-etext-with-loose-leaf-version-access.pdf
    • http://www.gorillawalker.com/the-deadly-sister.pdf
    • http://www.gorillawalker.com/invasion-biology-oxford-biology.pdf
    • http://www.gorillawalker.com/the-cowboy-way-boxed-set-of-ya-westerns.pdf
    • http://www.gorillawalker.com/frontiers-in-neurodegenerative-disorders-and-aging-fundamental-aspects-clincial-perspectives.pdf
    • http://www.gorillawalker.com/the-anatomy-of-the-village.pdf
    • http://www.gorillawalker.com/the-beacon-song-collection-number-2-for-use-in-high.pdf
    • http://www.gorillawalker.com/review-of-fisheries-in-oecd-countries-policies-and-summary-statistics.pdf
    • http://www.gorillawalker.com/rebus.pdf
    • http://www.gorillawalker.com/tao-te-ching-journal.pdf
    • http://www.gorillawalker.com/fruit-of-the-spirit-lifeguide-bible-studies.pdf
    • http://www.gorillawalker.com/dark-eden.pdf
    • http://www.gorillawalker.com/the-solutions-focus-making-coaching-and-change-simple.pdf
    • http://www.gorillawalker.com/the-naughty-and-the-innocent-21-stories-kindle-edition.pdf
    • http://www.gorillawalker.com/the-archaeology-of-early-roman-religion-routledge-studies-in-archaeology.pdf
    • http://www.gorillawalker.com/japanese-capitals-a-cultural-historical-and-artistic-guide-to-nara.pdf
    • http://www.gorillawalker.com/truckers-true-gay-erotica-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/the-land-of-10-000-madonnas.pdf
    • http://www.gorillawalker.com/the-constitution-true-books-american-history.pdf
    • http://www.gorillawalker.com/aa-spiral-guide-croatia-aa-spiral-guide.pdf
    • http://www.gorillawalker.com/applied-software-risk-management-a-guide-for-software-project-managers.pdf
    • http://www.gorillawalker.com/the-salzburg-connection.pdf
    • http://www.gorillawalker.com/the-boy-mechanic.pdf
    • http://www.gorillawalker.com/precious-stones-vol-1-dover-jewelry-and-metalwork.pdf
    • http://www.gorillawalker.com/biharmonic-problem-in-the-theory-of-elasticity.pdf
    • http://www.gorillawalker.com/edgar-and-the-tree-house-of-usher-babylit.pdf
    • http://www.gorillawalker.com/golden-books-step-ahead-flash-cards-addition-54-large-sturdy.pdf
    • http://www.gorillawalker.com/adorno-disenchantment-and-ethics-modern-european-philosophy.pdf
    • http://www.gorillawalker.com/the-worst-witch-and-the-wishing-star.pdf
    • http://www.gorillawalker.com/isn-t-that-rich-life-among-the-1-percent.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.