Malicious PDF — malware analysis report

Static analysis result for SHA-256 96ea890199bc6507…

MALICIOUS

PDF

40.7 KB Created: 2018-12-03 18:00:02 +03:00 Authoring application: doPDF Ver 7.1 Build 349 (Windows XP Professional Edition (SP 3) - Version: 5.1.2600 (x86))
MD5: a76b60e28d5fd02dcdf6f05adeb43490 SHA-1: f09f9789d8494e326301a46391180bddbdf130d4 SHA-256: 96ea890199bc65075ae5471e0f393c22304109fd1705c7780d7c4e371b356057
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious File

The PDF was flagged by a machine learning classifier as malicious and contains a large number of embedded URLs. The heuristic 'PDF_SEO_LINK_FARM' indicates that the PDF contains a mass external PDF link farm, with 32 links detected. This suggests the PDF is likely used for SEO manipulation or as a distribution point for other malicious content. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9027

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/sacred-therapy-jewish-spiritual-teachings-on-emotional-healing-and-inner.pdf
    • http://www.gorillawalker.com/minneapolis-moline-shop-manual-mm-201-i-t-shop-service.pdf
    • http://www.gorillawalker.com/talking-to-girls-about-duran-duran-one-young-man-s.pdf
    • http://www.gorillawalker.com/optimal-control-of-induction-heating-processes-mechanical-engineering.pdf
    • http://www.gorillawalker.com/teacher-pointing-3-hours-examination-fan-painting-portrait-drawing-paperback.pdf
    • http://www.gorillawalker.com/automobiles-and-other-motor-vehicles-state-industry-market-evaluator-download.pdf
    • http://www.gorillawalker.com/alpha-males-turning-them-gay-bundle-three-separate-hot-stories.pdf
    • http://www.gorillawalker.com/heroquest-the-tyrant-s-tomb.pdf
    • http://www.gorillawalker.com/promises-to-keep-a-novel.pdf
    • http://www.gorillawalker.com/the-modern-voice-in-american-poetry.pdf
    • http://www.gorillawalker.com/legende-op-66-for-alto-saxophone-and-piano-by-florent.pdf
    • http://www.gorillawalker.com/shenandoah-valley-1861-65-the-destruction-of-granary-of-the.pdf
    • http://www.gorillawalker.com/gre-contextual-vocabulary-gre-test-preparation.pdf
    • http://www.gorillawalker.com/snap-decision-game-face.pdf
    • http://www.gorillawalker.com/365-days-math-addition-series-two-3-digit-addends-daily.pdf
    • http://www.gorillawalker.com/clinical-management-of-hypertension.pdf
    • http://www.gorillawalker.com/classical-hebrew-composition.pdf
    • http://www.gorillawalker.com/konstantin-s-meln-nikov-and-the-construction-of-moscow.pdf
    • http://www.gorillawalker.com/surveillance-studies-an-overview.pdf
    • http://www.gorillawalker.com/cafe-culture-in-pune-being-young-and-middle-class-in.pdf
    • http://www.gorillawalker.com/golf-the-mental-game.pdf
    • http://www.gorillawalker.com/the-best-of-eric-frank-russell.pdf
    • http://www.gorillawalker.com/iso-iec-20000-2011-a-pocket-guide.pdf
    • http://www.gorillawalker.com/play-framework-2-for-java-easy-guide.pdf
    • http://www.gorillawalker.com/digital-bank-strategies-to-launch-or-become-a-digital-bank.pdf
    • http://www.gorillawalker.com/tyra-banks-modern-role-models.pdf
    • http://www.gorillawalker.com/i-won-t-give-up-jason-mraz-ssa-ssa-sheet.pdf
    • http://www.gorillawalker.com/adorable-wearables-human-body-reproducible-patterns-for-hear-muffs-vision.pdf
    • http://www.gorillawalker.com/the-land-of-fair-play-american-civics-from-a-christian.pdf
    • http://www.gorillawalker.com/marshal-mistletoe.pdf
    • http://www.gorillawalker.com/beyond-smells-and-bells-the-wonder-and-power-of-christian.pdf
    • http://www.gorillawalker.com/handbook-of-thermal-conductivity-of-liquids-and-gases.pdf
    • http://www.gorillawalker.com/akenaton-el-faraon-olvidado-spanish-edition-hombre-y-sus-ideas.pdf
    • http://www.gorillawalker.com/the-norton-anthology-of-western-music-seventh-edition-vol-3.pdf
    • http://www.gorillawalker.com/once-burned-candy-kathy-soulmates-volume-1.pdf
    • http://www.gorillawalker.com/maps-kindle-edition.pdf
    • http://www.gorillawalker.com/foods-that-harm-foods-that-heal-an-a-z-guide.pdf
    • http://www.gorillawalker.com/fotocuentos-spanish-edition.pdf
    • http://www.gorillawalker.com/the-far-side-of-the-world.pdf
    • http://www.gorillawalker.com/the-best-ever-book-of-mongolian-jokes-lots-and-lots.pdf
    • http://www.gori
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.