Malicious PDF — malware analysis report

Static analysis result for SHA-256 917a7fb4e234789d…

MALICIOUS

PDF

43.6 KB Created: 2019-04-10 12:10:08 +03:00 Authoring application: Adobe Acrobat 10.1 (via Adobe Acrobat 10.1 Paper Capture Plug-in)
MD5: 0d09e9884608afe62112dc0de6b9192c SHA-1: 2e6f6ca35cbd7f8923f16f3c4b58f3a72eabe6b8 SHA-256: 917a7fb4e234789db1108d9833058249fd17015ea220459403825dc39436f465
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF heuristic 'PDF_SEO_LINK_FARM' indicates the presence of 32 external links, with the first being http://www.gorillawalker.com/description-of-banvard-s-panorama-of-the-mississippi-river-painted.pdf. This suggests a link-farming or redirection tactic. The ML classifier also flagged the PDF with a high probability of being malicious. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9171

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/description-of-banvard-s-panorama-of-the-mississippi-river-painted.pdf
    • http://www.gorillawalker.com/best-buds-petal-pushers-3.pdf
    • http://www.gorillawalker.com/descriptive-metadata-for-television-an-end-to-end-introduction.pdf
    • http://www.gorillawalker.com/the-only-thing-that-matters-bringing-the-power-of-the.pdf
    • http://www.gorillawalker.com/making-economic-sense.pdf
    • http://www.gorillawalker.com/des-moines-ames-iowa-easyfinder.pdf
    • http://www.gorillawalker.com/illustrated-guide-to-aesthetic-botulinum-toxin-injections-dosage-localization-uses.pdf
    • http://www.gorillawalker.com/managerial-accounting-third-edition-custom-edition-for-university-of-central.pdf
    • http://www.gorillawalker.com/explorations-in-ancient-and-modern-philosophy-volume-2.pdf
    • http://www.gorillawalker.com/brew-your-own-beer-the-ultimate-beer-brewing-guide.pdf
    • http://www.gorillawalker.com/observation-and-inference-an-introduction-to-the-methods-of-epidemiology.pdf
    • http://www.gorillawalker.com/way-too-big-to-fit-3.pdf
    • http://www.gorillawalker.com/natural-law-a-introduction-to-legal-philosophy.pdf
    • http://www.gorillawalker.com/performance-management-in-healthcare-from-key-performance-indicators-to-balanced.pdf
    • http://www.gorillawalker.com/community-liaison-specialist-passbooks.pdf
    • http://www.gorillawalker.com/one-piece-dition-originale-tome-55-french-edition.pdf
    • http://www.gorillawalker.com/break-the-bipolar-cycle-a-day-by-day-guide-to.pdf
    • http://www.gorillawalker.com/meals-in-minutes-fresh-salads-quick-easy-delicious.pdf
    • http://www.gorillawalker.com/mexican-cooking-in-30-minutes-cook-delicious-mexican-food-at.pdf
    • http://www.gorillawalker.com/how-i-raised-myself-from-failure-to-success-in-selling.pdf
    • http://www.gorillawalker.com/dc-comics-a-celebration-of-the-world-s-favorite-comic.pdf
    • http://www.gorillawalker.com/the-eddie-richardson-story.pdf
    • http://www.gorillawalker.com/take-good-care-of-the-garden-and-the-dogs-a.pdf
    • http://www.gorillawalker.com/art-of-the-modern-age-philosophy-of-art-from-kant.pdf
    • http://www.gorillawalker.com/electron-micrographs-of-erythrocytes-from-young-rabbits-infected-with-the.pdf
    • http://www.gorillawalker.com/methods-in-immunology-and-immunochemistry.pdf
    • http://www.gorillawalker.com/applied-math-for-water-plant-operators-mathematics-for-water-and.pdf
    • http://www.gorillawalker.com/head-on-british-columbia-s-deadliest-railway-accident.pdf
    • http://www.gorillawalker.com/lasting-longer-the-treatment-program-for-premature-ejaculation.pdf
    • http://www.gorillawalker.com/the-witch-of-agnesi-bonnie-pinkwater-series.pdf
    • http://www.gorillawalker.com/the-civil-wars.pdf
    • http://www.gorillawalker.com/o-misantropo-portuguese-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/health-for-all-now.pdf
    • http://www.gorillawalker.com/where-is-my-frog-we-read-phonics-level-2-quality.pdf
    • http://www.gorillawalker.com/culture-and-everyday-life.pdf
    • http://www.gorillawalker.com/mediation-arbitration-litigation-kindle-edition.pdf
    • http://www.gorillawalker.com/everything-you-need-to-know-to-start-a-santa-letter.pdf
    • http://www.gorillawalker.com/a-torts-outline-for-law-students-easy-law-school-reading.pdf
    • http://www.gorillawalker.com/snow-walker.pdf
    • http://www.gorillawalker.com/insight-singapore-insight-guides.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.