Malicious PDF — malware analysis report

Static analysis result for SHA-256 9565a47d87e28486…

MALICIOUS

PDF

46.7 KB Created: 2019-01-06 08:14:50 +03:00 Authoring application: FrameMaker 12.0.2 (via Acrobat Distiller 11.0 (Windows))
MD5: 677ba461d7bff628a8915b2a3d6a9ad0 SHA-1: e3cda8a1e600792cab59c1fc646963943c1883a6 SHA-256: 9565a47d87e28486a9032b64e66d47b04afaaab7f4936a24057449e66829cc0d
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded external links, identified by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged the document as malicious. The primary attack pattern appears to be a link farm, likely intended to manipulate search engine results or to distribute additional malicious content via the linked PDFs. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8518

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/fundamentals-of-corporate-finance-student-value-edition-plus-new-myfinancelab.pdf
    • http://www.gorillawalker.com/asian-american-almanac-asian-american-reference-library-vol-1.pdf
    • http://www.gorillawalker.com/dear-diary-paperback.pdf
    • http://www.gorillawalker.com/a-wife-s-guide-to-in-laws-how-to-gain.pdf
    • http://www.gorillawalker.com/joseph-haydn-and-the-string-quartet.pdf
    • http://www.gorillawalker.com/beyond-south-asia-india-s-strategic-evolution-and-the-reintegration.pdf
    • http://www.gorillawalker.com/the-community-of-the-king.pdf
    • http://www.gorillawalker.com/computer-simulated-experiments-for-electronic-devices-using-electronics-workbench-2nd.pdf
    • http://www.gorillawalker.com/an-introduction-to-the-langlands-program.pdf
    • http://www.gorillawalker.com/gluten-free-every-day-cookbook-more-than-100-easy-and.pdf
    • http://www.gorillawalker.com/juan-o-de-la-vejez-spanish-edition.pdf
    • http://www.gorillawalker.com/gardening-in-the-desert-southwest-2010-wall-calendar.pdf
    • http://www.gorillawalker.com/handbook-of-studies-on-men-and-masculinities.pdf
    • http://www.gorillawalker.com/heidegger-dilthey-and-the-crisis-of-historicism.pdf
    • http://www.gorillawalker.com/organizational-behavior-an-evidence-based-approach-13th-ed.pdf
    • http://www.gorillawalker.com/euripides-scenes-from-iphigenia-in-aulis-and-iphigenia-in-tauris.pdf
    • http://www.gorillawalker.com/traffic-engineering-4th-edition.pdf
    • http://www.gorillawalker.com/cee-lo-green-biography-of-a-hip-hop-singing-soul.pdf
    • http://www.gorillawalker.com/compost-utilization-in-horticultural-cropping-systems-kindle-edition.pdf
    • http://www.gorillawalker.com/the-last-of-the-railroad-police-paperback.pdf
    • http://www.gorillawalker.com/understanding-global-cultures-metaphorical-journeys-through-31-nations-clusters-of.pdf
    • http://www.gorillawalker.com/the-boy-slaves.pdf
    • http://www.gorillawalker.com/ricky-hatton-s-vegas-tales-mp3-audio-digital.pdf
    • http://www.gorillawalker.com/the-enigma-of-chess-intuition-can-you-mobilize-hidden-forces.pdf
    • http://www.gorillawalker.com/brilliant-manoeuvres-how-to-use-military-wisdom-to-win-business.pdf
    • http://www.gorillawalker.com/focus-on-grammar-and-meaning.pdf
    • http://www.gorillawalker.com/enterprise-risk-management-in-international-construction-operations.pdf
    • http://www.gorillawalker.com/il-vino-del-papa-italian-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/charmed-thirds.pdf
    • http://www.gorillawalker.com/wealth-management-the-financial-advisor-s-guide-to-investing-and.pdf
    • http://www.gorillawalker.com/extreme-measures-a-thriller-the-mitch-rapp-series-book-11.pdf
    • http://www.gorillawalker.com/a-kiowa-s-odyssey-a-sketchbook-from-fort-marion.pdf
    • http://www.gorillawalker.com/2006-code-of-federal-regulations-title-46-shipping-parts-1.pdf
    • http://www.gorillawalker.com/basic-biostatistics-for-geneticists-and-epidemiologists-a-practical-approach.pdf
    • http://www.gorillawalker.com/from-the-indus-to-the-tigris-a-narrative-of-a.pdf
    • http://www.gorillawalker.com/path-between-the-seas-the-creation-of-the-panama-canal.pdf
    • http://www.gorillawalker.com/the-greatest-games-of-all-time-wiley-science-editions.pdf
    • http://www.gorillawalker.com/the-myth-of-sanity-divided-consciousness-and-the-promise-of.pdf
    • http://www.gorillawalker.com/lebanon-a-model-of-consociational-conflict-european-university-studies-europaische.pdf
    • http://www.gorillawalker.com/introduction-to-medical-surgical-nursing-text-study-guide-package-3e.pdf
    • http://www.gorillawalker.com/computer-simulated-experiments-for-electronic-devices-usi
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.