Malicious PDF — malware analysis report

Static analysis result for SHA-256 941d252ce46b8723…

MALICIOUS

PDF

44.1 KB Created: 2018-11-23 08:06:16 +03:00 Authoring application: Adobe InDesign CS5 (7.0) (via Adobe PDF Library 9.9)
MD5: 9ac127a9e358029a53d578ce6e772f3a SHA-1: ce7194e398f14e0bb72f7526db19308826b3cdfc SHA-256: 941d252ce46b8723b3d8b4dcca6084e851f6b137de00c503cbc621bf94d5ecbb
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged the document as malicious. The embedded URLs point to a single domain, suggesting a link farm or content distribution strategy. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8683

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/occupational-health-safety-some-recent-court-decisions.pdf
    • http://www.gorillawalker.com/all-about-proofs-proofs-for-all.pdf
    • http://www.gorillawalker.com/el-mundo-maya-the-rough-guide-rough-guides-series.pdf
    • http://www.gorillawalker.com/guttersnipe.pdf
    • http://www.gorillawalker.com/barney-let-s-go-to-school.pdf
    • http://www.gorillawalker.com/the-discovery-and-conquest-of-the-molucco-and-philippine-islands.pdf
    • http://www.gorillawalker.com/amazonian-ethnobotanical-dictionary.pdf
    • http://www.gorillawalker.com/ukulele-slack-key-hawaiian-slack-key-styling.pdf
    • http://www.gorillawalker.com/getting-started-with-net-gadgeteer-make-projects.pdf
    • http://www.gorillawalker.com/johhny-mathis-because-you-loved-me-the-songs-of.pdf
    • http://www.gorillawalker.com/cristiano-ronaldo-international-soccer-star-playmakers.pdf
    • http://www.gorillawalker.com/managing-supply-chain-networks-building-competitive-advantage-in-fluid-and.pdf
    • http://www.gorillawalker.com/soldier-geek-an-army-science-advisor-s-journal-of-the.pdf
    • http://www.gorillawalker.com/contrarian-investment-strategies-the-classic-edition.pdf
    • http://www.gorillawalker.com/lillian-trasher-the-greatest-wonder-in-egypt-christian-heroes-then.pdf
    • http://www.gorillawalker.com/mmm-memorizing-multiplication-tables-with-mnemonics.pdf
    • http://www.gorillawalker.com/young-money-inside-the-hidden-world-of-wall-street-s.pdf
    • http://www.gorillawalker.com/savage-surrender-savage-leisure-paperback.pdf
    • http://www.gorillawalker.com/public-investment-and-public-private-partnerships-addressing-infrastructure-challenges-and.pdf
    • http://www.gorillawalker.com/life-is-hard-machismo-danger-and-the-intimacy-of-power.pdf
    • http://www.gorillawalker.com/diagnostic-imaging-abdomen-published-by-amirsys.pdf
    • http://www.gorillawalker.com/1st-corinthians-enduring-word-commentary.pdf
    • http://www.gorillawalker.com/essential-visual-basic-5-0-fast-includes-activex-control-development.pdf
    • http://www.gorillawalker.com/flowering-plants-of-the-gambia.pdf
    • http://www.gorillawalker.com/who-s-who-in-a-suburban-community-exploring-community.pdf
    • http://www.gorillawalker.com/guide-to-commodities-producers-players-and-prices-markets-consumers-and.pdf
    • http://www.gorillawalker.com/emotions-and-bodily-changes-a-survey-of-literature-on-psychosomatic.pdf
    • http://www.gorillawalker.com/basics-interactive-design-user-experience-design-creating-designs-users-really.pdf
    • http://www.gorillawalker.com/capillary-gas-chromatography-course-program-analytical-education-center.pdf
    • http://www.gorillawalker.com/cgi-programming-101-programming-perl-for-the-world-wide-web.pdf
    • http://www.gorillawalker.com/the-chretien-legacy-politics-and-public-policy-in-canada.pdf
    • http://www.gorillawalker.com/nagasaki-and-yokohama-prints-from-the-richard-gump-collection-the.pdf
    • http://www.gorillawalker.com/discovering-french-bleu-2nd-partie.pdf
    • http://www.gorillawalker.com/the-revolutionary-trauma-release-process-transcend-your-toughest-times.pdf
    • http://www.gorillawalker.com/concerto-no-2-in-a-piano-duet.pdf
    • http://www.gorillawalker.com/3-meals-feed-your-family-delicious-healthy-meals-for-less.pdf
    • http://www.gorillawalker.com/may-bird-warrior-princess-book-3.pdf
    • http://www.gorillawalker.com/activated-sludge-process-design-and-control-second-edition-water-quality.pdf
    • http://www.gorillawalker.com/great-source-every-day-counts-kit-grade-4.pdf
    • http://www.gorillawalker.com/taking-sides-clashing-views-on-controversial-legal-issues-taking-sides.pdf
    • http://www.gorillawalker.com/amazonian-ethnobotanical-dictio
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.