Malicious PDF — malware analysis report

Static analysis result for SHA-256 977d99225e58c284…

MALICIOUS

PDF

43.8 KB Created: 2018-11-30 20:33:54 +03:00 Authoring application: PScript5.dll Version 5.2.2 (via Acrobat Distiller 7.0.5 (Windows))
MD5: cf28ea539ce1632151c7f0eec46f6b2c SHA-1: ba56bf1680d9941b743048250d48976f1d89435b SHA-256: 977d99225e58c28489cf6b61ca96bcb4dca494e2a26c576e37d9e29010b50b9f
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged this document as malicious. The embedded URLs point to a single domain, suggesting a coordinated effort to manipulate search engine results or distribute content from a central location. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9016

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/family-transitions-continuity-and-change-over-the-life-cycle-the.pdf
    • http://www.gorillawalker.com/the-becoming-devotional-bible.pdf
    • http://www.gorillawalker.com/microsoft-office-professional-2013-step-by-step.pdf
    • http://www.gorillawalker.com/elements-of-physical-chemistry-second-edition.pdf
    • http://www.gorillawalker.com/the-disney-middle-ages-a-fairy-tale-and-fantasy-past.pdf
    • http://www.gorillawalker.com/lonely-planet-melbourne-victoria-city-travel-guide.pdf
    • http://www.gorillawalker.com/comicloud-vol-4-no-1-english-only-kindle-edition.pdf
    • http://www.gorillawalker.com/intercropping-and-weed-management-practices-in-maize-cultural-and-chemical.pdf
    • http://www.gorillawalker.com/biography-of-the-memphis-and-charleston-railroad.pdf
    • http://www.gorillawalker.com/15-years-are-plenty.pdf
    • http://www.gorillawalker.com/clinical-lab-sci-series-section-a-nuclear-medn-vol-2.pdf
    • http://www.gorillawalker.com/n-dubz-against-all-odds-from-street-life-to-chart.pdf
    • http://www.gorillawalker.com/narcissism-the-killer-of-love.pdf
    • http://www.gorillawalker.com/stabilisation.pdf
    • http://www.gorillawalker.com/a-newfound-land-graham-saga.pdf
    • http://www.gorillawalker.com/rethinking-the-good-moral-ideals-and-the-nature-of-practical.pdf
    • http://www.gorillawalker.com/advanced-physics-for-you.pdf
    • http://www.gorillawalker.com/building-scientific-apparatus-kindle-edition.pdf
    • http://www.gorillawalker.com/last-resort-mp3-audio-unabridged-digital.pdf
    • http://www.gorillawalker.com/understanding-popular-music-culture.pdf
    • http://www.gorillawalker.com/engage-every-parent-encouraging-families-to-sign-on-show-up.pdf
    • http://www.gorillawalker.com/the-development-of-modern-medicine-in-non-western-countries-historical.pdf
    • http://www.gorillawalker.com/an-seo-checklist-a-step-by-step-plan-for-fixing.pdf
    • http://www.gorillawalker.com/west-s-paralegal-today-study-guide.pdf
    • http://www.gorillawalker.com/the-fourth-bear-a-nursery-crime-jack-spratt-investigates.pdf
    • http://www.gorillawalker.com/land-and-property-tax.pdf
    • http://www.gorillawalker.com/spurs-and-heels-divine-creek-ranch-5-the-heather-rainier.pdf
    • http://www.gorillawalker.com/tresch-and-aronow-s-cardiovascular-disease-in-the-elderly-fifth.pdf
    • http://www.gorillawalker.com/harcourt-school-publishers-trophies-big-book-grade-k-the-big.pdf
    • http://www.gorillawalker.com/marikana-voices-from-south-africa-s-mining-massacre.pdf
    • http://www.gorillawalker.com/sri-lanka-in-pictures-visual-geography-second-series.pdf
    • http://www.gorillawalker.com/the-marine-benthic-flora-of-southern-australia-ceramiales-delessariaceae-sarcomeniaceae.pdf
    • http://www.gorillawalker.com/paul-s-letter-to-philippians-biblical-word-by-word-study.pdf
    • http://www.gorillawalker.com/commerce-of-the-prairies-american-exploration-and-travel-series.pdf
    • http://www.gorillawalker.com/reminiscences-sermons-and-correspondence-proving-adherence-to-the-principle-of.pdf
    • http://www.gorillawalker.com/mel-bay-complete-flatpicking-guitar-book.pdf
    • http://www.gorillawalker.com/the-cambridge-companion-to-the-eighteenth-century-novel-cambridge-companions.pdf
    • http://www.gorillawalker.com/beyond-the-red-doors-the-dawn-of-heartfelt-network-marketing.pdf
    • http://www.gorillawalker.com/a-stage-manager-s-survival-guide-from-callbacks-to-closing.pdf
    • http://www.gorillawalker.com/the-wild-girls.pdf
    • http://www.gorillawalker.com/the-disney-middle-ages-a-fairy-tale-
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.