Malicious PDF — malware analysis report

Static analysis result for SHA-256 97e9a663d109cbef…

MALICIOUS

PDF

42.9 KB Created: 2018-12-15 08:11:12 +03:00 Authoring application: FrameMaker 10.0.2 (via Acrobat Distiller 11.0 (Windows))
MD5: 2391d09437ebb6b4eb48fb15d0333951 SHA-1: 323d0240a4dbf95af0ddba56381498642b87c9f0 SHA-256: 97e9a663d109cbef8110e43f08da4e05b557ca192d92d3d06b8a8042639834a8
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links to external PDF files hosted on the same domain, as indicated by the PDF_SEO_LINK_FARM heuristic. This suggests a link farm or a distribution point for further malicious content. The ML_NYX_PDF_MALICIOUS heuristic also flagged the document with high confidence. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8872

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/puerto-escondido-m.pdf
    • http://www.gorillawalker.com/self-knowing-agents.pdf
    • http://www.gorillawalker.com/practical-conic-sections-the-geometric-properties-of-ellipses-parabolas-and.pdf
    • http://www.gorillawalker.com/legendary-northwoods-animals-a-field-guide.pdf
    • http://www.gorillawalker.com/roach-s-introductory-clinical-pharmacology-text-only-9th-ninth-edition.pdf
    • http://www.gorillawalker.com/health-physics-and-radiological-health.pdf
    • http://www.gorillawalker.com/little-threepenny-music-for-wind-orchestra-full-score.pdf
    • http://www.gorillawalker.com/the-sacred-thread-a-true-story-of-becoming-a-mother.pdf
    • http://www.gorillawalker.com/geothermal-treasures-m-ori-living-with-heat-and-steam.pdf
    • http://www.gorillawalker.com/the-photographer-s-guide-to-the-maine-coast-where-to.pdf
    • http://www.gorillawalker.com/neuroscience-databases-a-practical-guide.pdf
    • http://www.gorillawalker.com/stolen-fate.pdf
    • http://www.gorillawalker.com/location-based-services-and-telecartography-ii-from-sensor-fusion-to.pdf
    • http://www.gorillawalker.com/eyewitness-butterfly-moth-eyewitness-books.pdf
    • http://www.gorillawalker.com/understanding-and-managing-the-complexity-of-healthcare-engineering-systems.pdf
    • http://www.gorillawalker.com/the-marketing-of-evil-how-radicals-elitists-and-pseudo-experts.pdf
    • http://www.gorillawalker.com/the-dairy-hoe-the-billionaires-hucow-bwwm-taboo-adult-nursing.pdf
    • http://www.gorillawalker.com/shopping-a-century-of-art-and-consumer-culture.pdf
    • http://www.gorillawalker.com/structural-masonry-designers-manual.pdf
    • http://www.gorillawalker.com/book-of-the-long-range-rifle-from-point-of-purchase.pdf
    • http://www.gorillawalker.com/jihad-in-palestine-political-islam-and-the-israeli-palestinian-conflict.pdf
    • http://www.gorillawalker.com/sefer-hamitzvos-of-the-rambam-volume-2-kindle-edition.pdf
    • http://www.gorillawalker.com/i-am-aspiengirl-the-unique-characteristics-traits-and-gifts-of.pdf
    • http://www.gorillawalker.com/understanding-islam-a-listener-s-guide-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/the-legend-of-ohio-myths-legends-fairy-and-folktales.pdf
    • http://www.gorillawalker.com/better-homes-and-gardens-cooking-for-today-stir-fries.pdf
    • http://www.gorillawalker.com/my-body-needs-to-be-clean-healthy-me.pdf
    • http://www.gorillawalker.com/crazy-in-america-the-hidden-tragedy-of-our-criminalized-mentally.pdf
    • http://www.gorillawalker.com/the-esan-people-of-nigeria-west-africa.pdf
    • http://www.gorillawalker.com/holt-biology-michigan-strategies-and-practice-for-reading-biology-2004.pdf
    • http://www.gorillawalker.com/a-gentleman-s-wardrobe.pdf
    • http://www.gorillawalker.com/principles-of-stable-isotope-geochemistry-paperback-2006-author-zachary-sharp.pdf
    • http://www.gorillawalker.com/frontiers-of-numerical-mathematics-a-symposium-conducted-by-the-mathematics.pdf
    • http://www.gorillawalker.com/twelve-gates-to-the-city-tommy-lee-tyson.pdf
    • http://www.gorillawalker.com/game-change-obama-and-the-clintons-mccain-and-palin-and.pdf
    • http://www.gorillawalker.com/photography-eye-on-art.pdf
    • http://www.gorillawalker.com/uruguay-con-amor-al-paso-por-am.pdf
    • http://www.gorillawalker.com/our-thai-sex-vacation-book-one-sex-beyond-imagination.pdf
    • http://www.gorillawalker.com/the-prisoner-list.pdf
    • http://www.gorillawalker.com/impossibly-glamorous-how-a-misfit-from-kansas-became-an-asian.pdf
    • http://www.gorillawalker.com/little-threepenny-music
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.