Malicious PDF — malware analysis report

Static analysis result for SHA-256 8730c87521577f1c…

MALICIOUS

PDF

42.1 KB Created: 2018-11-23 08:09:05 +03:00 Authoring application: FrameMaker 9.0 (via Acrobat Distiller 8.0.0 (Windows))
MD5: 70e5f5aa77299c44c65a0ef94e2f4089 SHA-1: 86744c94fc55843f9e6ababfd77a63cbda252928 SHA-256: 8730c87521577f1c0375868916cc53db706ed07f68d568d6d43fc7199cecdb8e
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a significant number of embedded external links, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML_NYX_PDF_MALICIOUS heuristic also flagged the document with high confidence. The embedded URLs point to various PDF files hosted on the same domain, suggesting a link farm or a method to distribute further malicious content. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/forum-feasts-the-forum-school.pdf
    • http://www.gorillawalker.com/venture-capital-contracting-and-the-valuation-of-high-technology-firms.pdf
    • http://www.gorillawalker.com/it-s-spring.pdf
    • http://www.gorillawalker.com/a-confused-hanukkah-an-original-story-of-chelm.pdf
    • http://www.gorillawalker.com/arthritis-your-complete-exercise-guide-cooper-clinic-and-research-institute.pdf
    • http://www.gorillawalker.com/crowded-house-temple-of-low-men-piano-vocal-guitar.pdf
    • http://www.gorillawalker.com/natural-background-radiation-series-on-environmental-science-management.pdf
    • http://www.gorillawalker.com/the-first-texas-cook-book-a-thorough-treatise-on-the.pdf
    • http://www.gorillawalker.com/stephen-biesty-s-incredible-explosions-stephen-biesty-s-cross-sections.pdf
    • http://www.gorillawalker.com/phylogenetic-trees-made-easy-a-how-to-manual-third-edition.pdf
    • http://www.gorillawalker.com/the-integrated-mind.pdf
    • http://www.gorillawalker.com/intuitionistic-set-theory-or-how-to-construct-semi-rings-part.pdf
    • http://www.gorillawalker.com/richard-dadd-the-artist-and-the-asylum.pdf
    • http://www.gorillawalker.com/swiss-re-sees-hard-mkt-through-2005-market-outlook-property.pdf
    • http://www.gorillawalker.com/a-lucky-lie-the-power-of-18-a-book-by.pdf
    • http://www.gorillawalker.com/assembly-automation-and-product-design-manufacturing-engineering-and-materials-processing.pdf
    • http://www.gorillawalker.com/cold-fall.pdf
    • http://www.gorillawalker.com/a-master-class-in-brand-planning-the-timeless-works-of.pdf
    • http://www.gorillawalker.com/annabelle-1-harlequin-comics.pdf
    • http://www.gorillawalker.com/chromatography-and-modification-of-nucleosides-part-c-modification-nucleosides-in.pdf
    • http://www.gorillawalker.com/childcraft-the-how-and-why-library-complete-15-volume-set.pdf
    • http://www.gorillawalker.com/grumpy-cat-flexi-journal.pdf
    • http://www.gorillawalker.com/photoinduced-electron-transfer-i-topics-in-current-chemistry.pdf
    • http://www.gorillawalker.com/chicken-soup-for-the-soul-healthy-living-series-back-pain.pdf
    • http://www.gorillawalker.com/combustion-research-in-japan-diesel-engine-research-s-p-society.pdf
    • http://www.gorillawalker.com/the-owner-s-manual-for-driving-your-adolescent-brain.pdf
    • http://www.gorillawalker.com/the-canadian-brass-book-of-favorite-quintets-2nd-trumpet.pdf
    • http://www.gorillawalker.com/singing-and-wellbeing-ancient-wisdom-modern-proof-digital.pdf
    • http://www.gorillawalker.com/shakespeare-s-sonnets-arden-shakespeare.pdf
    • http://www.gorillawalker.com/general-principles-of-law-grotius-classic-reprint-series.pdf
    • http://www.gorillawalker.com/the-scholarship-book-the-complete-guide-to-private-sector-scholarships.pdf
    • http://www.gorillawalker.com/my-cherry-girl-freshman-fall-in-new-york-city.pdf
    • http://www.gorillawalker.com/bon-voyage-travel-posters-of-the-edwardian-era.pdf
    • http://www.gorillawalker.com/medical-terminology-made-easy.pdf
    • http://www.gorillawalker.com/essential-silver-surfer-2.pdf
    • http://www.gorillawalker.com/filming-the-middle-ages.pdf
    • http://www.gorillawalker.com/into-wine-an-invitation-to-pleasure-paperback.pdf
    • http://www.gorillawalker.com/30-days-ago-i-couldn-t-spell-auther-now-i.pdf
    • http://www.gorillawalker.com/recetas-saludables-de-postres-fitness-aprende-c-mo-perder-peso.pdf
    • http://www.gorillawalker.com/the-god-first-life-uncomplicate-your-life-god-s-way.pdf
    • http://www.gorillawalker.com/the-first-texas-cook-book-a-thorough-trea
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.