Malicious PDF — malware analysis report

Static analysis result for SHA-256 8bf0ad9593515fea…

MALICIOUS

PDF

44.9 KB Created: 2018-11-30 20:34:30 +03:00 Authoring application: Acrobat PDFMaker 5.0 for Word (via Acrobat Distiller 5.0 (Windows))
MD5: e0b66ae2926b6dbf2a82c517d6dd6a5d SHA-1: df2065df7e9190731bc37d0e83262d295ef60441 SHA-256: 8bf0ad9593515fea86ebebaedb346464fea01cebeaf06492b2024db19ae90d68
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious File

The PDF was flagged for containing a large number of external links, suggesting a link farm or SEO abuse tactic. The ML classifier also indicated a high probability of maliciousness. No scripts were extracted, and the document body was heavily obfuscated, making it difficult to determine a more specific attack pattern. The primary IOCs are the numerous URLs embedded within the document.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8812

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/recorder-quartet-collection-advanced-1998-isbn-4115072016-japanese-import.pdf
    • http://www.gorillawalker.com/egypt-a-practical-guide.pdf
    • http://www.gorillawalker.com/new-in-chess-magazine-2014-2.pdf
    • http://www.gorillawalker.com/sounds-like-fun-activities-for-developing-phonological-awareness-revised-edition.pdf
    • http://www.gorillawalker.com/the-complete-poems-of-percy-bysshe-shelley-modern-library.pdf
    • http://www.gorillawalker.com/doggin-northern-virginia-the-50-best-places-to-hike-with.pdf
    • http://www.gorillawalker.com/get-off-your-ass-inner-workout-fu-realistic-exercise-for.pdf
    • http://www.gorillawalker.com/the-one-world-schoolhouse-education-reimagined.pdf
    • http://www.gorillawalker.com/the-poetics-of-the-everyday-creative-repetition-in-modern-american.pdf
    • http://www.gorillawalker.com/the-meaning-of-hesed-in-the-hebrew-bible-a-new.pdf
    • http://www.gorillawalker.com/boxing-s-best-short-stories.pdf
    • http://www.gorillawalker.com/lecture-notes-on-obstetrics-and-gynaecology.pdf
    • http://www.gorillawalker.com/the-best-of-big-and-easy-e-flat-baritone-saxophone.pdf
    • http://www.gorillawalker.com/gluten-free-baking.pdf
    • http://www.gorillawalker.com/lipoic-acid-energy-production-antioxidant-activity-and-health-effects-oxidative.pdf
    • http://www.gorillawalker.com/marks-mummies-magicians-a-voyage-of-exploration-in-pre-inca.pdf
    • http://www.gorillawalker.com/death-disability-and-the-superhero-the-silver-age-and-beyond.pdf
    • http://www.gorillawalker.com/simulation-in-textile-technology-theory-and-applications-woodhead-publishing-series.pdf
    • http://www.gorillawalker.com/business-law-today-7th-seventh-edition-text-only.pdf
    • http://www.gorillawalker.com/platonov.pdf
    • http://www.gorillawalker.com/return-to-rugby-land-an-expatriate-in-new-zealand-for.pdf
    • http://www.gorillawalker.com/access-controlled-the-shaping-of-power-rights-and-rule-in.pdf
    • http://www.gorillawalker.com/meal-salads-original-series.pdf
    • http://www.gorillawalker.com/managing-adhd-take-control-of-adhd-naturally-with-diet-and.pdf
    • http://www.gorillawalker.com/mountain-bike-spanish-edition.pdf
    • http://www.gorillawalker.com/the-tipping-point-how-little-things-can-make-a-big.pdf
    • http://www.gorillawalker.com/latinos-in-the-end-zone-conversations-on-the-brown-color.pdf
    • http://www.gorillawalker.com/first-contact-invasion-volume-2-rough-alien-bdsm.pdf
    • http://www.gorillawalker.com/interpreting-the-founding-guide-to-the-enduring-debates-over-the.pdf
    • http://www.gorillawalker.com/retratos-tecnicas-de-iluminacion-spanish-edition.pdf
    • http://www.gorillawalker.com/a-walking-tour-of-philadelphia-benjamin-franklin-parkway-look-up.pdf
    • http://www.gorillawalker.com/archaeological-approaches-to-technology.pdf
    • http://www.gorillawalker.com/the-new-forest-by-bike-a-heritage-house-ordnance-survey.pdf
    • http://www.gorillawalker.com/escape-your-weight.pdf
    • http://www.gorillawalker.com/mis-readings-of-marx-in-continental-philosophy.pdf
    • http://www.gorillawalker.com/thief-girl-lorimer-sidestreets.pdf
    • http://www.gorillawalker.com/dark-side-of-sunset-pointe-a-lance-underphal-mystery-volume.pdf
    • http://www.gorillawalker.com/smoothies-y-batidos.pdf
    • http://www.gorillawalker.com/your-portable-empire-how-to-make-money-anywhere-while-doing.pdf
    • http://www.gorillawalker.com/beautiful-bunches-varying-colorful-bunches-of-flowers-in-every-season.pdf
    • http://www.gorillawalk
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.