Malicious PDF — malware analysis report

Static analysis result for SHA-256 8780a31ee51ec3d2…

MALICIOUS

PDF

44.0 KB Created: 2018-11-23 08:00:45 +03:00 Authoring application: PScript5.dll Version 5.2.2 (via Acrobat Distiller 10.1.2 (Windows))
MD5: cf2b57b5d3b3844a85b1b7954a17e08d SHA-1: a61c3e55acedb0b04c5a54cdc2bbd264725caef3 SHA-256: 8780a31ee51ec3d2967b79f20642db794f2259d1144a00a9cb6728ba9619b2ec
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded external links, as indicated by the PDF_SEO_LINK_FARM heuristic. While the document body is heavily obfuscated and unreadable, the presence of numerous links suggests a malicious intent, possibly to redirect users to phishing sites or to manipulate search engine rankings. The ML classifier also flagged the PDF as malicious.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8439

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/frame-a-retrospective.pdf
    • http://www.gorillawalker.com/practical-reliability-engineering-and-analysis-for-system-design-and-life.pdf
    • http://www.gorillawalker.com/paleobiology-vol-11-no-4-fall-1985.pdf
    • http://www.gorillawalker.com/information-management-for-health-professions.pdf
    • http://www.gorillawalker.com/physical-education-specially-adapted-to-young-ladies-kindle-edition.pdf
    • http://www.gorillawalker.com/gina-the-woman-within-a-truly-remarkable-story-a-wake.pdf
    • http://www.gorillawalker.com/a-place-all-our-own-lives-entwined-in-a-desert.pdf
    • http://www.gorillawalker.com/herman-living-with-animals-herman-classics-series.pdf
    • http://www.gorillawalker.com/human-computer-interaction-users-and-contexts-17th-international-conference-hci.pdf
    • http://www.gorillawalker.com/c-rdoba-spanish-edition.pdf
    • http://www.gorillawalker.com/teen-people-celebrity-beauty-guide.pdf
    • http://www.gorillawalker.com/joshua-james-likes-trucks-rev-rookie-readers-level-a.pdf
    • http://www.gorillawalker.com/don-t-miss-cns-vasculitis-diagnosis-in-children-in-addition.pdf
    • http://www.gorillawalker.com/vintage-tomorrows-a-historian-and-a-futurist-journey-through-steampunk.pdf
    • http://www.gorillawalker.com/a-yankee-private-s-civil-war-dover-military-history-weapons.pdf
    • http://www.gorillawalker.com/captured-at-the-imjin-river-the-korean-war-memoirs-of.pdf
    • http://www.gorillawalker.com/the-guild-handbook-of-scientific-illustration.pdf
    • http://www.gorillawalker.com/reformed-theological-writings.pdf
    • http://www.gorillawalker.com/diary-of-a-tour-in-sweden-norway-and-russia-in.pdf
    • http://www.gorillawalker.com/vascular-and-endovascular-surgery-at-a-glance.pdf
    • http://www.gorillawalker.com/endangered-and-threatened-species-of-illinois-status-and-distribution-2.pdf
    • http://www.gorillawalker.com/la-utop-a-arcaica-jos-mar-a-arguedas-y-las.pdf
    • http://www.gorillawalker.com/exit-row-the-inside-story-of-flight-965-four-miraculous.pdf
    • http://www.gorillawalker.com/discovering-and-using-historical-geographic-resources-on-the-web-a.pdf
    • http://www.gorillawalker.com/critical-care-nursing-diagnosis-and-management-6e-by-urden-linda.pdf
    • http://www.gorillawalker.com/a-military-history-of-china.pdf
    • http://www.gorillawalker.com/paul-carberry-autobiography.pdf
    • http://www.gorillawalker.com/on-moral-medicine-theological-perspectives-on-medical-ethics.pdf
    • http://www.gorillawalker.com/pearls-pigs-the-backslider-s-journey-home.pdf
    • http://www.gorillawalker.com/eine-germanische-odyssee-flucht-aus-midgard-german-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/all-through-the-night.pdf
    • http://www.gorillawalker.com/fusee-level-4-higher.pdf
    • http://www.gorillawalker.com/mountaineer-s-guide-to-the-high-sierra-a-sierra-club.pdf
    • http://www.gorillawalker.com/the-capacity-of-central-and-east-european-interest-groups-to.pdf
    • http://www.gorillawalker.com/grumpy-bird.pdf
    • http://www.gorillawalker.com/the-art-and-technique-of-portrait-painting.pdf
    • http://www.gorillawalker.com/autriche-guide-les-guides-bleus-french-edition.pdf
    • http://www.gorillawalker.com/every-woman-every-day-365-practical-and-encouraging-readings-for.pdf
    • http://www.gorillawalker.com/the-johnstown-flood.pdf
    • http://www.gorillawalker.com/drape-drape.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.