Malicious PDF — malware analysis report

Static analysis result for SHA-256 8a40a44d12dcc82e…

MALICIOUS

PDF

33.7 KB Created: 2020-03-12 19:19:51 +03:00 Authoring application: Adobe InDesign CS5_J (7.0.4) (via Acrobat Distiller 9.5.0 (Windows))
MD5: 9e3c46749ff63d14472f7977ba4390d4 SHA-1: 591aee2d9dabda1a8dcc0c3836fdb63006787715 SHA-256: 8a40a44d12dcc82e92aaf5f8b74b5ec3869a498a4c07e0a239c28508142fa3a0
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF contains a large number of embedded URLs pointing to external PDF files, a technique often used for SEO manipulation or to distribute malicious content indirectly. The ML classifier also flagged this PDF as malicious. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8261

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/falkland-islands-explorer-visitors-map-of-the-falklands-islands-including.pdf
    • http://www.gorillawalker.com/atlas-of-adventures-a-collection-of-natural-wonders-exciting-experiences.pdf
    • http://www.gorillawalker.com/the-new-elementary-teacher-s-handbook-flourishing-in-your-first.pdf
    • http://www.gorillawalker.com/ekaterina-inspirational-romantic-suspense-set-in-russia-heirs-of-anton.pdf
    • http://www.gorillawalker.com/swiss-bernese-oberland-newly-revised-5th-edition-a-travel-guide.pdf
    • http://www.gorillawalker.com/who-do-you-think-you-are-the-bellybuttons-vol-1.pdf
    • http://www.gorillawalker.com/historia-del-abencerraje-y-la-hermosa-jarifa-poesia-spanish-edition.pdf
    • http://www.gorillawalker.com/anarchism-is-not-enough.pdf
    • http://www.gorillawalker.com/fd-houston-galvestn-87.pdf
    • http://www.gorillawalker.com/spectrum-phonics-flashcards-spectrum-flash-cards.pdf
    • http://www.gorillawalker.com/harry-defeats-ick-the-evil-plaque-monsters.pdf
    • http://www.gorillawalker.com/level-1-skill-development-manual-usa-hockey-coaching-education-program.pdf
    • http://www.gorillawalker.com/choosing-children-genes-disability-and-design-uehiro-series-in-practical.pdf
    • http://www.gorillawalker.com/quantitative-methods-in-risk-analysis-a-practioner-s-guide-world.pdf
    • http://www.gorillawalker.com/flood-a-novel.pdf
    • http://www.gorillawalker.com/legends-lairs-mythic-races-character-race-compendium.pdf
    • http://www.gorillawalker.com/wind-warrior.pdf
    • http://www.gorillawalker.com/ford-methods-and-the-ford-shops.pdf
    • http://www.gorillawalker.com/adriana-lecouvreur-act-iv-aria-soprano-poveri-fiori-bassoon-1.pdf
    • http://www.gorillawalker.com/borneo-kalimantan-itm-0985-international-travel-maps-map-edition-published.pdf
    • http://www.gorillawalker.com/marketing-your-church-concepts-and-strategies.pdf
    • http://www.gorillawalker.com/east-roman-foreign-policy-formation-and-conduct-from-diocletian-to.pdf
    • http://www.gorillawalker.com/my-mom-is-a-nurse.pdf
    • http://www.gorillawalker.com/bulletin-of-the-seismological-society-of-america-volume-5-6.pdf
    • http://www.gorillawalker.com/the-enterprise-architects-dilemma-deliver-business-value-with-it-build.pdf
    • http://www.gorillawalker.com/bad-faith-butch-karp-and-marlene-ciampi-series.pdf
    • http://www.gorillawalker.com/the-challenge-of-existentialism.pdf
    • http://www.gorillawalker.com/negotiating-any-claim-or-settlement-with-an-insurance-company.pdf
    • http://www.gorillawalker.com/how-god-can-save-your-marriage-in-40-days.pdf
    • http://www.gorillawalker.com/greenspan-s-fraud-how-two-decades-of-his-policies-have.pdf
    • http://www.gorillawalker.com/metaphor-word-puzzles-scrambled-words-of-commonly-used-metaphors-play.pdf
    • http://www.gorillawalker.com/guide-to-evidence-based-physical-therapist-practice.pdf
    • http://www.gorillawalker.com/scandal-of-grace-hillsong-united-satb-satb-sheet-music.pdf
    • http://www.gorillawalker.com/lunar-calendar-of-health-for-every-day-in-2011-lunnyy.pdf
    • http://www.gorillawalker.com/my-lady-s-valet.pdf
    • http://www.gorillawalker.com/representational-techniques-for-architecture-basics-architecture.pdf
    • http://www.gorillawalker.com/angkor-temples-of-cambodia-s-kings.pdf
    • http://www.gorillawalker.com/re-viewing-james-baldwin.pdf
    • http://www.gorillawalker.com/a-little-giant-book-super-silliest-riddles.pdf
    • http://www.gorillawalker.com/mathematizing-an-emergent-math-curriculum-approach-for-young-children.pdf
    • http://www.gorillawalker.com/quantitative-methods-in-r
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.