Malicious PDF — malware analysis report

Static analysis result for SHA-256 8e93719876ae2209…

MALICIOUS

PDF

42.1 KB Created: 2018-11-15 18:32:01 +03:00 Authoring application: AutoCAD 2010 2010 (18.0s (LMS Tech)) (via pdfplot10.hdi 10.0.55.0)
MD5: d27e9faf3406a09c8d69d2e9cf4d83fd SHA-1: 32e56029ed728472815dc0c6f8896dc7249e536e SHA-256: 8e93719876ae22092e8900a2fae4e86786051bacd5531f8201cf83da1203eb25
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a heuristic firing for a large number of external links, indicating a potential link farm or distribution mechanism. The ML classifier also flagged the PDF as malicious with high confidence. While no scripts were extracted, the sheer volume of embedded URLs suggests a malicious intent, possibly to direct users to further malicious content or phishing sites.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/how-muscles-learn-teaching-the-violin-with-the-body-in.pdf
    • http://www.gorillawalker.com/schaum-s-outline-of-spanish-vocabulary-4th-edition-schaum-s.pdf
    • http://www.gorillawalker.com/work-ethic.pdf
    • http://www.gorillawalker.com/500-low-glycemic-index-recipes-fight-diabetes-and-heart-disease.pdf
    • http://www.gorillawalker.com/yoga-for-energy-34-revitalizing-yoga-exercises-rediscover-your-energies.pdf
    • http://www.gorillawalker.com/conspiracies-and-secret-societies-publisher-visible-ink-press.pdf
    • http://www.gorillawalker.com/before-the-gates-of-excellence-the-determinants-of-creative-genius.pdf
    • http://www.gorillawalker.com/zum-wilden-eck-ein-mops-krimi-german-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/ftce-middle-grades-social-science-5-9-practice-questions-ftce.pdf
    • http://www.gorillawalker.com/the-order-of-the-poison-oak-volume-2.pdf
    • http://www.gorillawalker.com/1-001-excuses-how-to-get-out-of-and-away.pdf
    • http://www.gorillawalker.com/meditation-and-mindfulness-training-practical-mindfulness-exercises-and-mindful-meditations.pdf
    • http://www.gorillawalker.com/psycho-girls-in-bondage-classic-fetish-art-and-fiction-klaw.pdf
    • http://www.gorillawalker.com/bloodlust-the-great-games-domains-of-the-chosen-kindle-edition.pdf
    • http://www.gorillawalker.com/the-dmso-handbook-for-doctors-kindle-edition.pdf
    • http://www.gorillawalker.com/advanced-in-plastic-components.pdf
    • http://www.gorillawalker.com/the-haitian-earthquake-of-2010-true-books-disasters.pdf
    • http://www.gorillawalker.com/encyclopedia-of-sediments-and-sedimentary-rocks-encyclopedia-of-earth-sciences.pdf
    • http://www.gorillawalker.com/the-magic-of-paper-sculpture.pdf
    • http://www.gorillawalker.com/treating-your-child-s-allergies.pdf
    • http://www.gorillawalker.com/a-primer-of-infinitesimal-analysis.pdf
    • http://www.gorillawalker.com/essential-spanish-verbs-a-teach-yourself-guide.pdf
    • http://www.gorillawalker.com/the-amish-christmas-sleigh.pdf
    • http://www.gorillawalker.com/the-sunflower-diary-on-time-s-wing.pdf
    • http://www.gorillawalker.com/the-island-ark-operation-new-life-on-guam.pdf
    • http://www.gorillawalker.com/new-nelson-spelling-pupil-book-red-b.pdf
    • http://www.gorillawalker.com/bolero-ravel-easiest-piano-sheet-music-kindle-edition.pdf
    • http://www.gorillawalker.com/conflict-prevention-the-untapped-potential-of-the-business-sector.pdf
    • http://www.gorillawalker.com/when-your-lover-is-a-liar-healing-the-wounds-of.pdf
    • http://www.gorillawalker.com/snoop-dogg-reincarnated.pdf
    • http://www.gorillawalker.com/the-stone-age-news-history-news-gareth-stevens.pdf
    • http://www.gorillawalker.com/nursing-diagnoses-outcomes-and-interventions-nanda-noc-and-nic-linkages.pdf
    • http://www.gorillawalker.com/academic-vocabulary-yds-lys-kpss-toefl-73-elts-proficiency.pdf
    • http://www.gorillawalker.com/you-need-a-leader-now-what-how-to-choose-the.pdf
    • http://www.gorillawalker.com/luxury-retail-management-how-the-world-s-top-brands-provide.pdf
    • http://www.gorillawalker.com/international-business-the-challenges-of-globalization-and-myiblab-standalone-access.pdf
    • http://www.gorillawalker.com/u-s-a-spanish-america-challenge-and-response-monograf-as.pdf
    • http://www.gorillawalker.com/nanomaterials-synthesis-properties-and-applications-second-edition.pdf
    • http://www.gorillawalker.com/the-theory-of-groups.pdf
    • http://www.gorillawalker.com/knights-of-the-castle.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.