Malicious PDF — malware analysis report

Static analysis result for SHA-256 868712ff97cceeb8…

MALICIOUS

PDF

44.0 KB Created: 2018-11-15 18:32:46 +03:00 Authoring application: easyPDF Printer Driver 4.3 (via BCL easyPDF 4.30 (0303))
MD5: afc4c95d62bd28714816928477b258fd SHA-1: 4c3ce16c05b748607b65b328544f915193474aef SHA-256: 868712ff97cceeb87e036ecad61364f31e30d224d4b80834e94af5038c4d7eb0
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a significant number of embedded external links, as indicated by the PDF_SEO_LINK_FARM heuristic. These links point to various PDF files hosted on the same domain, suggesting a link farm or a method to distribute potentially malicious content. The ML classifier also flagged the PDF as malicious with high confidence. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9007

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/i-choose-you-today-31-choices-to-make-love-last.pdf
    • http://www.gorillawalker.com/michelin-must-sees-washington-dc.pdf
    • http://www.gorillawalker.com/the-craft-of-writing.pdf
    • http://www.gorillawalker.com/team-leader-s-survival-guide-for-lawyers-kindle-edition.pdf
    • http://www.gorillawalker.com/aat-financial-performance-question-bank.pdf
    • http://www.gorillawalker.com/henry-mancini-magic-for-piano-piano-sheet-music-for-24.pdf
    • http://www.gorillawalker.com/structure-and-properties-of-liquid-crystals.pdf
    • http://www.gorillawalker.com/the-chess-manual-of-avoidable-mistakes.pdf
    • http://www.gorillawalker.com/god-s-man-a-daily-devotional-guide-to-christlike-character.pdf
    • http://www.gorillawalker.com/a-taste-of-toronto.pdf
    • http://www.gorillawalker.com/bem-vindo-ao-brasil-herzlich-willkommen-in-brasilien-ein-ratgeber.pdf
    • http://www.gorillawalker.com/how-to-establish-a-unique-brand-in-the-consulting-profession.pdf
    • http://www.gorillawalker.com/a-champion-s-guide-to-success-in-spelling-bees-fundamentals.pdf
    • http://www.gorillawalker.com/swaps-and-financial-derivatives-products-pricing-applications-and-risk-management.pdf
    • http://www.gorillawalker.com/diccionario-de-enfermer-a-segunda-edici-n-spanish-edition.pdf
    • http://www.gorillawalker.com/muller-van-severen-book.pdf
    • http://www.gorillawalker.com/designing-wireless-communications-systems-for-emc.pdf
    • http://www.gorillawalker.com/the-seminars-of-milton-h-erickson-no-1presentation-to-the.pdf
    • http://www.gorillawalker.com/profetas-mayores-del-antiguo-testamento-spanish-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/zoonoses.pdf
    • http://www.gorillawalker.com/signed-and-numbered-print-of-a-pen-and-ink-drawing.pdf
    • http://www.gorillawalker.com/contracts-third-edition-hornbook-series-hardcover.pdf
    • http://www.gorillawalker.com/sobre-la-religion-filosofia-spanish-edition.pdf
    • http://www.gorillawalker.com/the-minimum-you-need-to-know-about-logic-to-work.pdf
    • http://www.gorillawalker.com/the-abcs-of-the-ucc-article-4a-funds-transfer-abcs.pdf
    • http://www.gorillawalker.com/homelessness-in-america-today-in-the-news.pdf
    • http://www.gorillawalker.com/instant-handwriting-interpreter-understand-yourself-others.pdf
    • http://www.gorillawalker.com/ships-first-facts.pdf
    • http://www.gorillawalker.com/breaking-the-strongholds-of-debt.pdf
    • http://www.gorillawalker.com/a-journey-to-home-a-preemie-baby-book-and-nicu.pdf
    • http://www.gorillawalker.com/london-eh-to-zed-101-discoveries-for-canadian-visitors-to.pdf
    • http://www.gorillawalker.com/an-account-of-the-conquest-of-peru-conquest-written-by.pdf
    • http://www.gorillawalker.com/the-atruaghin-clans-dungeons-dragons-gazetteer-accessory-gaz14.pdf
    • http://www.gorillawalker.com/goldilocks-meets-the-behr-gang-western-mfm-cowboy-outlaw-first.pdf
    • http://www.gorillawalker.com/avian-immunology-second-edition.pdf
    • http://www.gorillawalker.com/star-wars-the-empire-strikes-back-read-along-storybook-and.pdf
    • http://www.gorillawalker.com/cruise-of-the-dashing-wave-rounding-cape-horn-in-1860.pdf
    • http://www.gorillawalker.com/the-dueling-machine.pdf
    • http://www.gorillawalker.com/instead-of-a-book-by-a-man-too-busy-to.pdf
    • http://www.gorillawalker.com/taking-on-the-yankees-winning-and-losing-in-the-business.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.