Malicious PDF — malware analysis report

Static analysis result for SHA-256 917b6d1eea1f8c5f…

MALICIOUS

PDF

43.0 KB Created: 2018-12-02 20:18:10 +03:00 Authoring application: ABBYY FineReader (via -)
MD5: d5b828f058631bfc1491f3498f0df59a SHA-1: c325d44b72051c56a3c8ed89214c4e3a66c2ee6f SHA-256: 917b6d1eea1f8c5f85f888d4427f2766aa3d4d7971da2304b944d681ff9ca7b0
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of external links, identified by the PDF_SEO_LINK_FARM heuristic. The ML_NYX_PDF_MALICIOUS classifier also flagged the document with high confidence. The embedded URLs point to a domain that appears to be used for hosting numerous PDF files, suggesting a link farm or content distribution network for potentially malicious content. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8698

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/serious-poker.pdf
    • http://www.gorillawalker.com/cmt-exam-guide-a-walk-through-the-blue-print.pdf
    • http://www.gorillawalker.com/art-answers-portrait-painting-art-answers-paperback-common.pdf
    • http://www.gorillawalker.com/educating-nurses-a-call-for-radical-transformation-jossey-bass-carnegie.pdf
    • http://www.gorillawalker.com/fundamentals-of-differential-geometry-graduate-texts-in-mathematics.pdf
    • http://www.gorillawalker.com/paulus-op-36-aria-soprano-jerusalem-die-du-todtest-die.pdf
    • http://www.gorillawalker.com/explicit-birational-geometry-of-3-folds-london-mathematical-society-lecture.pdf
    • http://www.gorillawalker.com/us-army-technical-manual-aviation-unit-maintenance-avum-and-aviation.pdf
    • http://www.gorillawalker.com/state-and-local-politics-the-great-entanglement.pdf
    • http://www.gorillawalker.com/deutsches-business-magazin-journalistic-approach-to-reading-german.pdf
    • http://www.gorillawalker.com/prayers-for-bedtime-hand-prayer-books.pdf
    • http://www.gorillawalker.com/a-breeder-s-guide-to-genetics-relax-it-s-not.pdf
    • http://www.gorillawalker.com/unsolved-problems-in-number-theory-texts-in-applied-mathematics-v.pdf
    • http://www.gorillawalker.com/edgar-the-eagle-in-do-your-best.pdf
    • http://www.gorillawalker.com/tackling-japan-s-fiscal-challenges-strategies-to-cope-with-high.pdf
    • http://www.gorillawalker.com/selection-of-irrigation-methods-for-agriculture.pdf
    • http://www.gorillawalker.com/secrets-of-positional-play-school-of-future-champions-4-progress.pdf
    • http://www.gorillawalker.com/the-art-and-technique-of-digital-color-correction-focal-press.pdf
    • http://www.gorillawalker.com/apple-watch-master-your-apple-watch-complete-user-guide-from.pdf
    • http://www.gorillawalker.com/eating-my-words.pdf
    • http://www.gorillawalker.com/himself-and-other-animals-portrait-of-gerald-durrell.pdf
    • http://www.gorillawalker.com/the-waterfall-concept.pdf
    • http://www.gorillawalker.com/radical-constructivism-in-action-building-on-the-pioneering-work-of.pdf
    • http://www.gorillawalker.com/children-of-the-yellow-kid-the-evolution-of-the-american.pdf
    • http://www.gorillawalker.com/lexical-ambiguity-in-poetry-studies-in-language-and-linguistics.pdf
    • http://www.gorillawalker.com/coont-thum-five-annur-two-hunner-an-twinty-two-jist.pdf
    • http://www.gorillawalker.com/adoption-and-healing-proceedings-of-the-international-conference-on-adoption.pdf
    • http://www.gorillawalker.com/monster-trucks-look-look.pdf
    • http://www.gorillawalker.com/krause-s-food-the-nutrition-care-process-food-nutrition-diet.pdf
    • http://www.gorillawalker.com/footprints-in-the-snow-the-autobiography-of-a-chinese-buddhist.pdf
    • http://www.gorillawalker.com/no-more-allergies-asthma-or-sinus-infections-the-revolutionary-approach.pdf
    • http://www.gorillawalker.com/vidas-de-cultura-y-pasi-n-mexicanas-estudios-historicos-spanish.pdf
    • http://www.gorillawalker.com/angry-christ-comix-the-revised-hardcover-edition.pdf
    • http://www.gorillawalker.com/diagnosis-and-management-of-bowel-diseases-3e.pdf
    • http://www.gorillawalker.com/site-dance-choreographers-and-the-lure-of-alternative-spaces-kindle.pdf
    • http://www.gorillawalker.com/michelin-green-guide-croatie-croatia-in-french-french-edition.pdf
    • http://www.gorillawalker.com/vertebrate-paleontological-techniques-volume-1.pdf
    • http://www.gorillawalker.com/beat-the-yeast-cookbook.pdf
    • http://www.gorillawalker.com/communicating-the-law-lessons-from-landmark-legal-cases.pdf
    • http://www.gorillawalker.com/new-orleans-cemeteries-postcard-book.pdf
    • http://www.gorillawalker.com/fundamentals-of-differential-geometry-graduate-texts-in-mathematic
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.