Malicious PDF — malware analysis report

Static analysis result for SHA-256 8afe348d0658b3f7…

MALICIOUS

PDF

43.5 KB Created: 2018-11-30 20:39:21 +03:00 Authoring application: PageMaker 6.5 (via Acrobat Distiller 3.01 for Windows)
MD5: f4681ee102a7ee5d1224450f15fe85d8 SHA-1: a3d3996df058347871bc0cdb35035b2ce67e460b SHA-256: 8afe348d0658b3f76d4266c7bb0caf9e6b5072c65338c4b51f2b792bb3d0b051
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious File

The PDF file was flagged by a machine learning classifier as malicious. A critical heuristic identified a large number of external PDF links, suggesting a link farm for SEO manipulation or to distribute further malicious content. The document body was heavily obfuscated and did not provide clear textual lures.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9171

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/jean-shepherd-pomp-and-circumstance-classic-radio-humor.pdf
    • http://www.gorillawalker.com/a-new-illustrated-history-of-the-nazis.pdf
    • http://www.gorillawalker.com/wolves-of-the-chaparral-an-evans-novel-of-the-west.pdf
    • http://www.gorillawalker.com/dieta-paleo-para-triatlon-forme-de-su-cuerpo-una-maquina.pdf
    • http://www.gorillawalker.com/woman-s-orgasm-kindle-edition.pdf
    • http://www.gorillawalker.com/mystery-of-the-sexes-secrets-of-past-and-future-human.pdf
    • http://www.gorillawalker.com/the-mine-series-books-4-6.pdf
    • http://www.gorillawalker.com/prisoner-of-hope.pdf
    • http://www.gorillawalker.com/american-counterinsurgency-human-science-and-the-human-terrain.pdf
    • http://www.gorillawalker.com/powerful-presentations-great-ideas-for-making-a-real-impact.pdf
    • http://www.gorillawalker.com/moving-up-the-niger-kindle-edition.pdf
    • http://www.gorillawalker.com/insight-flexi-map-tokyo-insight-flexi-maps-map.pdf
    • http://www.gorillawalker.com/distribution-modulo-one-and-diophantine-approximation-cambridge-tracts-in-mathematics.pdf
    • http://www.gorillawalker.com/making-music-with-your-computer-record-your-own-music-on.pdf
    • http://www.gorillawalker.com/classics-for-all-reworking-antiquity-in-mass-culture.pdf
    • http://www.gorillawalker.com/pinan-flow-system-heian-pinan-yondan-karate-kata-application-for.pdf
    • http://www.gorillawalker.com/the-texan-s-courtship-lessons-mills-boon-love-inspired-historical.pdf
    • http://www.gorillawalker.com/rethinking-the-holocaust.pdf
    • http://www.gorillawalker.com/time-management-bright-ideas.pdf
    • http://www.gorillawalker.com/cancer-and-inflammation-progress-in-inflammation-research.pdf
    • http://www.gorillawalker.com/the-cat-who-had-60-whiskers.pdf
    • http://www.gorillawalker.com/biogeochemistry-of-ancient-and-modern-environments-proceedings-of-the-fourth.pdf
    • http://www.gorillawalker.com/norton-s-star-atlas-telescopic-handbook-for-students-and-amateurs.pdf
    • http://www.gorillawalker.com/el-pan-de-la-locura-coleccion-literaria-lyc-leer-y.pdf
    • http://www.gorillawalker.com/hypnotherapy-webster-s-timeline-history-1823-2007-download-pdf-digital.pdf
    • http://www.gorillawalker.com/turning-of-the-key-meher-baba-in-australia.pdf
    • http://www.gorillawalker.com/operative-dentistry-volume-i-pathology-of-the-hard-tissues-ofthe.pdf
    • http://www.gorillawalker.com/baton-rouge-vicinity-la.pdf
    • http://www.gorillawalker.com/safety-management-in-a-competitive-business-environment-ergonomics-design-and.pdf
    • http://www.gorillawalker.com/semi-parametric-specification-tests-for-discrete-probability-models-an-article.pdf
    • http://www.gorillawalker.com/time-of-death-book-2-asylum-a-zombie-novel-volume.pdf
    • http://www.gorillawalker.com/urban-ministry-an-introduction.pdf
    • http://www.gorillawalker.com/2nd-international-conference-on-methods-and-models-in-science-and.pdf
    • http://www.gorillawalker.com/heights-in-diophantine-geometry-new-mathematical-monographs.pdf
    • http://www.gorillawalker.com/basic-concepts-of-chemistry.pdf
    • http://www.gorillawalker.com/the-complete-ghost-stories-of-charles-dickens.pdf
    • http://www.gorillawalker.com/unit-operations.pdf
    • http://www.gorillawalker.com/nar-anon-blue-book-kindle-edition.pdf
    • http://www.gorillawalker.com/the-cthulhu-child.pdf
    • http://www.gorillawalker.com/principles-of-field-crop-production.pdf
    • http://www.gorillawalker.com/mystery-of-the-sexes-secrets-of-pas
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.