Malicious PDF — malware analysis report

Static analysis result for SHA-256 8d4a2797a9ed8989…

MALICIOUS

PDF

45.9 KB Created: 2018-12-15 08:10:24 +03:00 Authoring application: QuarkXPressª: LaserWriter 8 8.5.1 (via Acrobat Distiller 3.01 for Power Macintosh)
MD5: 9e909dcc6f8fe70b442ab287df3cb881 SHA-1: 6d67d1630a1b2ec7f4389e9f451ce03f77e9cc82 SHA-256: 8d4a2797a9ed89891586dd419a5b71407d30f978526f7970fb783091a7461050
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links to other PDF files hosted on the same domain, as indicated by the PDF_SEO_LINK_FARM heuristic. This suggests the document is part of a link farm or SEO manipulation scheme. The ML_NYX_PDF_MALICIOUS heuristic also flagged the document as malicious. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8396

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/airhead-pill.pdf
    • http://www.gorillawalker.com/adaptive-iir-filtering-in-signal-processing-and-control-electrical-and.pdf
    • http://www.gorillawalker.com/145-things-to-be-when-you-grow-up-career-guides.pdf
    • http://www.gorillawalker.com/becoming-influential-a-guide-for-nurses.pdf
    • http://www.gorillawalker.com/not-curbing-emissions-but-outsourcing-them-column-an-article-from.pdf
    • http://www.gorillawalker.com/ockham-s-theory-of-propositions-part-ii-of-the-summa.pdf
    • http://www.gorillawalker.com/interpreting-diffuse-reflectance-and-transmittance-a-theoretical-introduction-to-absorption.pdf
    • http://www.gorillawalker.com/new-perspectives-on-microsoft-office-access-2003-comprehensive.pdf
    • http://www.gorillawalker.com/landscapes-with-figures-the-nonfiction-of-place.pdf
    • http://www.gorillawalker.com/the-fallen-angelic-redemption.pdf
    • http://www.gorillawalker.com/the-importance-of-objective-analysis-on-gays-in-the-military.pdf
    • http://www.gorillawalker.com/penthouse-comix-issue-18-kindle-edition.pdf
    • http://www.gorillawalker.com/101-world-whiskies-to-try-before-you-die-kindle-edition.pdf
    • http://www.gorillawalker.com/a-sally-garden-fantasy-for-string-orchestra-score.pdf
    • http://www.gorillawalker.com/punished-by-the-gynecologist.pdf
    • http://www.gorillawalker.com/getting-started-in-property-flipping.pdf
    • http://www.gorillawalker.com/secret-history-of-the-english-occupation-of-egypt-being-a.pdf
    • http://www.gorillawalker.com/avoid-retirement-and-stay-alive-the-new-retirement-revolution.pdf
    • http://www.gorillawalker.com/niv-life-application-study-bible-large-print-indexed.pdf
    • http://www.gorillawalker.com/breakfast-with-the-devil.pdf
    • http://www.gorillawalker.com/walter-benjamin-and-the-aesthetics-of-power-modern-german-culture.pdf
    • http://www.gorillawalker.com/growing-media-consolidation-must-be-examined-to-preserve-our-democracy.pdf
    • http://www.gorillawalker.com/a-short-history-of-the-labour-party-twelfth-edition.pdf
    • http://www.gorillawalker.com/jewish-sports-legends-the-international-jewish-hall-of-fame.pdf
    • http://www.gorillawalker.com/burn-for-me-phoenix-fire-novel.pdf
    • http://www.gorillawalker.com/contemporary-action-cinema.pdf
    • http://www.gorillawalker.com/chromatography-in-geology-volume-1.pdf
    • http://www.gorillawalker.com/business-a-changing-world.pdf
    • http://www.gorillawalker.com/how-to-open-operate-a-financially-successful-personal-chef-business.pdf
    • http://www.gorillawalker.com/handbook-of-political-psychology.pdf
    • http://www.gorillawalker.com/the-parent-s-guide-to-texting-facebook-and-social-media.pdf
    • http://www.gorillawalker.com/lebanon-fire-and-embers-a-history-of-the-lebanese-civil.pdf
    • http://www.gorillawalker.com/c-for-rpg-programmers.pdf
    • http://www.gorillawalker.com/handbook-for-sound-engineers.pdf
    • http://www.gorillawalker.com/mir-ist-in-den-80er-jahren-kein-ddr-theater-bekannt.pdf
    • http://www.gorillawalker.com/the-mystery-of-mercy-close-a-novel.pdf
    • http://www.gorillawalker.com/heroic-defeats-the-politics-of-job-loss-cambridge-studies-in.pdf
    • http://www.gorillawalker.com/advanced-english-billiards-match-winning-shots-and-strategies-in-the.pdf
    • http://www.gorillawalker.com/in-the-cards-kindle-edition.pdf
    • http://www.gorillawalker.com/theory-in-practice-the-case-of-stan-dvd-for-corey.pdf
    • http://www.gorillawalker.com/not-curbing-emissions-but-outsourcing-them-column-an-articl
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.