Malicious PDF — malware analysis report

Static analysis result for SHA-256 96af6f798868dde2…

MALICIOUS

PDF

33.0 KB Created: 2019-11-10 05:17:03 +03:00 Authoring application: Acrobat PDFMaker 10.1 for Word (via Adobe PDF Library 10.0)
MD5: ff6c28c66141e1d190d7000e6b3db5f5 SHA-1: d1efa62b58c77630347237d5400c48169331f51c SHA-256: 96af6f798868dde27d0cbe791c94022eb51c8be0a31928c1408653cd020f21b3
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded URLs pointing to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. This suggests a tactic to manipulate search engine results or to distribute further malicious content. The ML_NYX_PDF_MALICIOUS heuristic also flagged the document with high confidence. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8215

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/nine-day-novel-writing-faster-10k-a-day-how-to.pdf
    • http://www.gorillawalker.com/without-justice-for-all-the-new-liberalism-and-our-retreat.pdf
    • http://www.gorillawalker.com/eastern-crete-maps-of-crete.pdf
    • http://www.gorillawalker.com/earn-foreign-exchange-online-shop-ebay-raiders-trade-chinese-edition.pdf
    • http://www.gorillawalker.com/window-shopping-through-the-iron-curtain.pdf
    • http://www.gorillawalker.com/integrated-forest-biorefineries-challenges-and-opportunities-rsc-green-chemistry.pdf
    • http://www.gorillawalker.com/by-penny-keay-aromatherapy-recipes-using-pure-essential-oils-volume.pdf
    • http://www.gorillawalker.com/poke-cakes-recipe-book-tasty-easy-to-make-poke-cake.pdf
    • http://www.gorillawalker.com/wolves-of-the-rocky-mountains-from-jasper-to-yellowstone.pdf
    • http://www.gorillawalker.com/walt-disney-s-donald-duck-the-pixilated-parrot-vol-6.pdf
    • http://www.gorillawalker.com/software-protocol-analyzers-reduce-fear-of-bluetooth-an-article-from.pdf
    • http://www.gorillawalker.com/tell-the-truth-and-shame-the-devil-for-nearly-20.pdf
    • http://www.gorillawalker.com/how-to-make-money-from-a-boat-crusing-careers-book.pdf
    • http://www.gorillawalker.com/the-classical-piano-method-3-finger-fitness.pdf
    • http://www.gorillawalker.com/the-nutrition-bible-the-comprehensive-no-nonsense-guide-to-foods.pdf
    • http://www.gorillawalker.com/brain-injury-workbook-exercises-for-cognitive-rehabilitation.pdf
    • http://www.gorillawalker.com/fascial-dysfunction-manual-therapy-approaches.pdf
    • http://www.gorillawalker.com/code-of-federal-regulations-title-19-customs-duties-pt-200.pdf
    • http://www.gorillawalker.com/the-invincible-christ.pdf
    • http://www.gorillawalker.com/horatio-nelson-and-his-valiant-victory-horribly-famous.pdf
    • http://www.gorillawalker.com/the-raw-life-becoming-natural-in-an-unnatural-world.pdf
    • http://www.gorillawalker.com/requiem-ed-maunder-satb-soli-vocal-score.pdf
    • http://www.gorillawalker.com/thinking-statistically-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/applications-of-cognitive-work-analysis.pdf
    • http://www.gorillawalker.com/the-luftwaffe-a-history.pdf
    • http://www.gorillawalker.com/emotion-and-cognitive-life-in-medieval-and-early-modern-philosophy.pdf
    • http://www.gorillawalker.com/fureur-et-mystere-collection-pobesie.pdf
    • http://www.gorillawalker.com/unexpected-romance-fairfield-amish-romance-kindle-edition.pdf
    • http://www.gorillawalker.com/assessing-oral-bioavailability-of-metals-in-soil.pdf
    • http://www.gorillawalker.com/spring-peeps.pdf
    • http://www.gorillawalker.com/the-greatest-minds-and-ideas-of-all-time-by-will.pdf
    • http://www.gorillawalker.com/the-blues-detective-a-study-of-african-american-detective-fiction.pdf
    • http://www.gorillawalker.com/simply-jazzy-bk-1.pdf
    • http://www.gorillawalker.com/how-to-own-a-gun-stay-out-of-jail-what.pdf
    • http://www.gorillawalker.com/epidemiologic-study-of-lung-cancer-conducted-in-pingliang-and-qingyang.pdf
    • http://www.gorillawalker.com/dns-and-bind-kindle-edition.pdf
    • http://www.gorillawalker.com/corporate-tax-planning-and-management.pdf
    • http://www.gorillawalker.com/kundalini-yoga-massage-seven-steps-to-activate-the-seven-chakras.pdf
    • http://www.gorillawalker.com/black-into-white-race-and-nationality-in-brazilian-thought-by.pdf
    • http://www.gorillawalker.com/introduction-to-cell-and-molecular-biology.pdf
    • http://www.gorillawalker.com/wolves-of-th
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.