Malicious PDF — malware analysis report

Static analysis result for SHA-256 8c7029c1e7c79100…

MALICIOUS

PDF

41.8 KB Created: 2018-11-14 08:43:08 +03:00 Authoring application: Adobe InDesign CC (Macintosh) (via Adobe PDF Library 10.0.1)
MD5: 58867b77e6ccb62bcb516fd9dee16d69 SHA-1: 77392d3a17fdb3ee0a28835bfa3feeb0b0fddad0 SHA-256: 8c7029c1e7c79100b8676c81ebde6120f630bf00e9ec0ffb9c5cc502d6e34454
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged this PDF as malicious. The primary attack pattern appears to be a link farm designed to manipulate search engine results or distribute further malicious content via the linked PDFs. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8698

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/a-biographical-sketch-of-sir-william-harpur-knight-founder-of.pdf
    • http://www.gorillawalker.com/3-morceaux-op-16-serenade-no-3-for-theatre-orchestra.pdf
    • http://www.gorillawalker.com/now-voyager-femmes-fatales-women-write-pulp.pdf
    • http://www.gorillawalker.com/thyroid-diet-plan-how-to-lose-weight-increase-energy-and.pdf
    • http://www.gorillawalker.com/dictionary-of-archaeological-terms-english-french-french-english.pdf
    • http://www.gorillawalker.com/pentatonicism-from-the-eighteenth-century-to-debussy-eastman-studies-in.pdf
    • http://www.gorillawalker.com/the-ultimate-guide-to-electronic-cigarettes-kindle-edition.pdf
    • http://www.gorillawalker.com/araki-it-was-once-a-paradise.pdf
    • http://www.gorillawalker.com/i-m-ready-for-maths-sticker-workbook-time-shapes-and.pdf
    • http://www.gorillawalker.com/pittsburgh-rand-mcnally-easyfinder.pdf
    • http://www.gorillawalker.com/the-trouble-with-brides.pdf
    • http://www.gorillawalker.com/a-single-tear-faith-and-alzheimer-s.pdf
    • http://www.gorillawalker.com/lord-john-and-the-hand-of-devils-publisher-delta-reprint.pdf
    • http://www.gorillawalker.com/scandinavia-and-the-balkans-cultural-interactions-with-byzantium-and-eastern.pdf
    • http://www.gorillawalker.com/handbook-of-econometrics-volume-1.pdf
    • http://www.gorillawalker.com/avionics-databuses.pdf
    • http://www.gorillawalker.com/control-of-dead-time-processes-advanced-textbooks-in-control-and.pdf
    • http://www.gorillawalker.com/marriage-communication-assessment.pdf
    • http://www.gorillawalker.com/123-zoo-cool-counting-books.pdf
    • http://www.gorillawalker.com/the-ideological-origins-of-black-nationalism.pdf
    • http://www.gorillawalker.com/insects-fantastic-facts.pdf
    • http://www.gorillawalker.com/the-anatomy-habits-and-embryology-of-yoldia-limatula-say.pdf
    • http://www.gorillawalker.com/social-development-in-rural-communities-in-south-eastern-nigeria-a.pdf
    • http://www.gorillawalker.com/introduction-to-java-programming-brief-version-9th-edition.pdf
    • http://www.gorillawalker.com/an-english-chronicle-1377-1461-a-new-edition-aberystwyth-national.pdf
    • http://www.gorillawalker.com/back-to-beautiful.pdf
    • http://www.gorillawalker.com/the-paradox-of-power-from-control-to-compassion.pdf
    • http://www.gorillawalker.com/follow-me-church-kit.pdf
    • http://www.gorillawalker.com/the-gluten-free-guide-to-vegetarian-recipes.pdf
    • http://www.gorillawalker.com/botany-for-dummies.pdf
    • http://www.gorillawalker.com/a-hearth-in-candlewood-the-candlewood-trilogy-book-1.pdf
    • http://www.gorillawalker.com/thy-will-be-done-andrew-murray-christian-classics.pdf
    • http://www.gorillawalker.com/mcat-45-2004-edition-kaplan-mcat-45.pdf
    • http://www.gorillawalker.com/amendment-made-on-25th-january-2006-to-the-standing-order.pdf
    • http://www.gorillawalker.com/creativity-unleashing-the-forces-within-osho-insights-for-a-new.pdf
    • http://www.gorillawalker.com/america-s-best-beers-a-complete-guide-to-the-more.pdf
    • http://www.gorillawalker.com/literature-for-composition.pdf
    • http://www.gorillawalker.com/barcelona-dk-eyewitness-top-10-travel-guide.pdf
    • http://www.gorillawalker.com/the-debutante-divorcee-paperback.pdf
    • http://www.gorillawalker.com/a-field-guide-to-the-birds-of-sri-lanka.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.