Malicious PDF — malware analysis report

Static analysis result for SHA-256 8eb25ff4c8cfed18…

MALICIOUS

PDF

34.2 KB Created: 2019-09-15 19:20:24 +03:00 Authoring application: FrameMaker 9.0 (via Acrobat Distiller 9.4.5 (Windows))
MD5: 18c180798fbf74efe05660234860c469 SHA-1: e6344ca35eeaa6896e685559b01ca830a412d7da SHA-256: 8eb25ff4c8cfed180c9d8b8be8167ec61ec807bfdce5d4d09b02b2757a06fd7f
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF was flagged by a machine learning classifier and contains a large number of embedded external links, specifically a link farm. The primary heuristic indicates a 'PDF_SEO_LINK_FARM' with 32 external PDF links, suggesting the document's purpose is to direct users to a large collection of other PDFs. No scripts were extracted from this sample. The ML classifier's high confidence score supports the malicious verdict.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8529

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/imperfect-health-the-medicalization-of-architecture.pdf
    • http://www.gorillawalker.com/the-congress-of-vienna-a-study-in-unity-1812-1822.pdf
    • http://www.gorillawalker.com/noah-s-ark-children-s-bible-stories.pdf
    • http://www.gorillawalker.com/100-ifrs-financial-ratios-indicatores-financieros-seg-n-ifrs-diccionario.pdf
    • http://www.gorillawalker.com/mama-lola-a-vodou-priestess-in-brooklyn-updated-and-expanded.pdf
    • http://www.gorillawalker.com/101indicators-on-futures-trading-volume-1.pdf
    • http://www.gorillawalker.com/your-journey-with-god-through-cancer-and-beyond-365-daily.pdf
    • http://www.gorillawalker.com/sea-more-caribbean-get-the-most-out-of-your-day.pdf
    • http://www.gorillawalker.com/student-solutions-manual-linear-algebra-with-applications.pdf
    • http://www.gorillawalker.com/300-progressive-sight-reading-exercises-for-mandolin-volume-1.pdf
    • http://www.gorillawalker.com/christian-texts-for-aztecs-art-and-liturgy-in-colonial-mexico.pdf
    • http://www.gorillawalker.com/how-to-work-in-someone-else-s-country.pdf
    • http://www.gorillawalker.com/the-bible-as-history.pdf
    • http://www.gorillawalker.com/oval-loop-stitch-rug-a-downloadable-vintage-1952-crochet-pattern.pdf
    • http://www.gorillawalker.com/fun-with-fluency-for-the-school-age-child.pdf
    • http://www.gorillawalker.com/mapping-policy-preferences-from-texts-statistical-solutions-for-manifesto-analysts.pdf
    • http://www.gorillawalker.com/the-devil-and-danielle-webster.pdf
    • http://www.gorillawalker.com/fruits-basket-6-spanish-edition.pdf
    • http://www.gorillawalker.com/diss-de-quibusdam-studiorum-molestiis-romanian-edition.pdf
    • http://www.gorillawalker.com/museum-collections-management-a-handbook.pdf
    • http://www.gorillawalker.com/full-dark-no-stars.pdf
    • http://www.gorillawalker.com/star-wars-return-of-the-jedi-star-wars-little-golden.pdf
    • http://www.gorillawalker.com/american-airman-magazine-november-1957-travel-air-e-4000-vol.pdf
    • http://www.gorillawalker.com/the-soviet-union-and-lincoln-county-usa.pdf
    • http://www.gorillawalker.com/marijuana-understanding-drugs.pdf
    • http://www.gorillawalker.com/the-effects-of-judicial-decisions-in-time-ius-commune-europaeum.pdf
    • http://www.gorillawalker.com/the-doomsday-machine-the-high-price-of-nuclear-energy-the.pdf
    • http://www.gorillawalker.com/beautiful-bible-stories-for-children.pdf
    • http://www.gorillawalker.com/valence-bond-theory-and-chemical-structure-studies-in-physical-and.pdf
    • http://www.gorillawalker.com/science-ideology-and-world-view-essays-in-the-history-of.pdf
    • http://www.gorillawalker.com/on-the-origin-of-species-oxford-world-s-classics.pdf
    • http://www.gorillawalker.com/latin-themes-for-trombone-schott-master-play-along-series.pdf
    • http://www.gorillawalker.com/marxists-and-utopias-in-texas.pdf
    • http://www.gorillawalker.com/the-st-albans-psalter-painting-and-prayer-in-medieval-england.pdf
    • http://www.gorillawalker.com/the-beatles-illustrated-lyrics-hardcover.pdf
    • http://www.gorillawalker.com/numbers-from-nowhere-the-american-indian-contact-population-debate.pdf
    • http://www.gorillawalker.com/clinical-handbook-of-child-abuse-and-neglect.pdf
    • http://www.gorillawalker.com/pocket-atlas-of-human-anatomy-based-on-the-international-nomenclature.pdf
    • http://www.gorillawalker.com/pro-engineer-wildfire-5-0-instructor-mcgraw-hill-graphics.pdf
    • http://www.gorillawalker.com/willie-mosconi-world-s-champion-1941-58-on-pocket-billiards.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.