Malicious PDF — malware analysis report

Static analysis result for SHA-256 91e293d4b600b3e8…

MALICIOUS

PDF

45.6 KB Created: 2018-11-30 20:09:10 +03:00 Authoring application: Adobe InDesign CS3 (5.0.3) (via Adobe PDF Library 8.0)
MD5: 05209e71716a0e7e97b75d48b4efadae SHA-1: 36269e47e04aeaeb08e5f8aea0be63892ed9ee31 SHA-256: 91e293d4b600b3e88b09c45339153ebc47ddad5ae117503494c7d18d6b174fe7
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious File

The PDF file was flagged by a machine learning classifier as malicious. It contains a large number of embedded external links to other PDF files hosted on the same domain, which is indicative of a link farm or SEO manipulation tactic. The document body is heavily obfuscated and unreadable, providing no direct clues to its intent. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8634

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/germany-a-benjamin-blog-and-his-inquisitive-dog-guide-read.pdf
    • http://www.gorillawalker.com/sounds-of-christmas-solos-with-ensemble-arrangements-for-two-or.pdf
    • http://www.gorillawalker.com/thomas-mann-modern-novelists.pdf
    • http://www.gorillawalker.com/storytelling-with-data-a-data-visualization-guide-for-business-professionals.pdf
    • http://www.gorillawalker.com/hansel-and-gretel-standard-edition-a-toon-graphic.pdf
    • http://www.gorillawalker.com/bunches-of-butterflies-coloring-book-art-filled-fun-coloring-books.pdf
    • http://www.gorillawalker.com/the-first-vice-lord-big-jim-colosemo-and-the-ladies.pdf
    • http://www.gorillawalker.com/pope-francis-conversations-with-jorge-bergoglio.pdf
    • http://www.gorillawalker.com/a-coming-christ-in-advent.pdf
    • http://www.gorillawalker.com/l-art-de-cultiver-les-m-riers-blancs-d-lever.pdf
    • http://www.gorillawalker.com/business-essentials-business-decision-making-study-text-digital.pdf
    • http://www.gorillawalker.com/william-catherine-their-story.pdf
    • http://www.gorillawalker.com/time-machines-the-best-time-travel-stories-ever-written.pdf
    • http://www.gorillawalker.com/rodd-s-chemistry-of-carbon-compounds-second-edition-volume-iv.pdf
    • http://www.gorillawalker.com/schenker-studies-2-cambridge-composer-studies-vol-2.pdf
    • http://www.gorillawalker.com/millionaire-manager.pdf
    • http://www.gorillawalker.com/new-art-of-defence-in-chess.pdf
    • http://www.gorillawalker.com/gurps-martial-arts-adventures.pdf
    • http://www.gorillawalker.com/cardiac-imaging-the-requisites-3e-requisites-in-radiology.pdf
    • http://www.gorillawalker.com/imaging-of-the-foot-and-ankle-clinical-diagnostic-imaging-series.pdf
    • http://www.gorillawalker.com/online-dating-do-you-know-that-a-good-profile-is.pdf
    • http://www.gorillawalker.com/the-cretaceous-geology-of-wyoming-wyoming-geological-association-36th-annual.pdf
    • http://www.gorillawalker.com/the-martyrs-of-papua-new-guinea-333-missionary-lives-lost.pdf
    • http://www.gorillawalker.com/disaster-planning-and-preparedness-in-early-childhood-and-school-age.pdf
    • http://www.gorillawalker.com/outline-the-hypo-before-writing-contracts-law-look-inside.pdf
    • http://www.gorillawalker.com/lesinsky-methods-for-recorder.pdf
    • http://www.gorillawalker.com/receive-your-miracle-a-manual-on-how-to-receive-miracles.pdf
    • http://www.gorillawalker.com/winter-of-the-wolf-the-wild-hunt-legacy-book-2.pdf
    • http://www.gorillawalker.com/color-me-creative-unlock-your-imagination.pdf
    • http://www.gorillawalker.com/nightfall-turtleback-school-library-binding-edition-the-vampire-diaries-the.pdf
    • http://www.gorillawalker.com/the-first-rule-of-ten-a-tenzing-norbu-mystery.pdf
    • http://www.gorillawalker.com/nature-heals-the-psychological-essays-of-paul-goodman.pdf
    • http://www.gorillawalker.com/teach-n-soccer-free-flow-manual-handbook-and-guide-for.pdf
    • http://www.gorillawalker.com/modernity-at-sea-melville-marx-conrad-in-crisis-theory-out.pdf
    • http://www.gorillawalker.com/morality-and-the-good-life-an-introduction-to-ethics-through.pdf
    • http://www.gorillawalker.com/the-transcendent-function-jung-s-model-of-psychological-growth-through.pdf
    • http://www.gorillawalker.com/the-ties-that-blind-neckties-1945-1975-schiffer-book-for.pdf
    • http://www.gorillawalker.com/c-mo-iniciar-su-propio-negocio-how-to-start-your.pdf
    • http://www.gorillawalker.com/financial-intelligence-revised-edition-a-manager-s-guide-to-knowing.pdf
    • http://www.gorillawalker.com/singapore-leisure-map.pdf
    • http://www.gorillawalker.com/bunches-of-butterflies-coloring-boo
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.