Malicious PDF — malware analysis report

Static analysis result for SHA-256 98717138678fc66a…

MALICIOUS

PDF

41.3 KB Created: 2019-03-17 09:47:55 +03:00 Authoring application: God (via Robotic Despoiler 1.0 for Windoze)
MD5: 41b403563986089d0c4dc79dcb0ee118 SHA-1: 3f69f3e7cbc19f10cdf04b5d4de23f0aded8858f SHA-256: 98717138678fc66a976ec833dc6b8c9941eca174630162982e947d7e8d86850d
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML_NYX_PDF_MALICIOUS heuristic also flagged the document with high confidence. The embedded URLs all point to the same domain, suggesting a link farm or a distribution point for further malicious content. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8872

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/my-drawing-doodling-and-coloring-book.pdf
    • http://www.gorillawalker.com/handbook-of-parent-training-parents-as-co-therapists-for-children.pdf
    • http://www.gorillawalker.com/kerouac-the-word-and-the-way-prose-artist-as-spiritual.pdf
    • http://www.gorillawalker.com/funny-peculiar.pdf
    • http://www.gorillawalker.com/psychiatrie-bd-allgemeine-psychiatrie-german-edition.pdf
    • http://www.gorillawalker.com/the-resurrection-man-kindle-edition.pdf
    • http://www.gorillawalker.com/blackjack-bluebook-ii-the-simplest-winning-strategies-ever-published.pdf
    • http://www.gorillawalker.com/for-the-love-of-physics-from-the-end-of-the.pdf
    • http://www.gorillawalker.com/white-savages-in-the-south-seas.pdf
    • http://www.gorillawalker.com/walter-benjamin-selected-writings-volume-2-part-2-1931-1934.pdf
    • http://www.gorillawalker.com/a-year-with-the-bible-2007-10-pack.pdf
    • http://www.gorillawalker.com/processed-foods-food-matters.pdf
    • http://www.gorillawalker.com/epitope-mapping-a-practical-approach-the-practical-approach-series.pdf
    • http://www.gorillawalker.com/tree-of-freedom-kindle-edition.pdf
    • http://www.gorillawalker.com/pro-tools-6-for-macintosh-and-windows.pdf
    • http://www.gorillawalker.com/about-philosophy-11th-edition.pdf
    • http://www.gorillawalker.com/worshipped-worshipped-series-book-1-kindle-edition.pdf
    • http://www.gorillawalker.com/taken-by-the-cops-my-wildest-fantasy.pdf
    • http://www.gorillawalker.com/the-diving-bell-and-the-butterfly.pdf
    • http://www.gorillawalker.com/draw-fairies-how-to-draw-fairies-for-beginners-drawings-fairies.pdf
    • http://www.gorillawalker.com/fifty-quick-ideas-to-improve-your-user-stories.pdf
    • http://www.gorillawalker.com/a-new-understanding-of-terrorism-case-studies-trajectories-and-lessons.pdf
    • http://www.gorillawalker.com/hechizos-para-la-prosperidad-spanish-silver-s-spells-series-spanish.pdf
    • http://www.gorillawalker.com/801-easy-and-effective-ways-to-improve-your-child-s.pdf
    • http://www.gorillawalker.com/john-lennon-the-new-york-years.pdf
    • http://www.gorillawalker.com/city-of-numbered-men-the-best-of-prison-stories.pdf
    • http://www.gorillawalker.com/mtel-physics-11.pdf
    • http://www.gorillawalker.com/a-kid-s-guide-to-autism.pdf
    • http://www.gorillawalker.com/an-introduction-to-the-old-testament-second-edition-the-canon.pdf
    • http://www.gorillawalker.com/cognitive-media-theory-afi-film-readers.pdf
    • http://www.gorillawalker.com/first-footsteps-in-east-africa-or-an-exploration-of-harar.pdf
    • http://www.gorillawalker.com/authentic-ex-centric-conceptualism-in-contemporary-african-art.pdf
    • http://www.gorillawalker.com/bravest-warriors-vol-5.pdf
    • http://www.gorillawalker.com/the-iba-rules-on-the-taking-of-evidence-in-international.pdf
    • http://www.gorillawalker.com/shadowrun-ghost-cartels-shadowrun-catalyst.pdf
    • http://www.gorillawalker.com/the-world-s-greatest-blackjack-book.pdf
    • http://www.gorillawalker.com/harlem-beat-03.pdf
    • http://www.gorillawalker.com/atlas-of-science-literacy-volume-2.pdf
    • http://www.gorillawalker.com/100-best-letters-1847-1947.pdf
    • http://www.gorillawalker.com/assassin-6-los-ninos-assassin-series.pdf
    • http://www.gorilla
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.