Malicious PDF — malware analysis report

Static analysis result for SHA-256 9ebb78112fac26b5…

MALICIOUS

PDF

43.1 KB Created: 2018-11-30 20:31:38 +03:00 Authoring application: FrameMaker 8.0 (via Acrobat Distiller 10.0.1 (Windows))
MD5: 1a70d2dbae46ee8823d7dee0c1b5e041 SHA-1: 551d1966e4c23f5775347530762f71b906053c76 SHA-256: 9ebb78112fac26b5ab7c5341a20ef97c57b870f3d6699022442ef5262c42e438
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious File

The PDF was flagged by a machine learning classifier and a critical heuristic for containing a large number of external links. These links likely serve as a link farm, potentially for SEO manipulation or to host further malicious content. The document body was heavily obfuscated and did not provide direct clues to the user-facing lure.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8469

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/porsche-911-993-carrera-turbo-rs-the-ultimate-owner-s.pdf
    • http://www.gorillawalker.com/freedom-summer.pdf
    • http://www.gorillawalker.com/mega-man-1-let-the-games-begin.pdf
    • http://www.gorillawalker.com/concerto-for-tuba.pdf
    • http://www.gorillawalker.com/modernist-women-writers-and-narrative-art.pdf
    • http://www.gorillawalker.com/they-fought-like-demons-women-soldiers-in-the-civil-war.pdf
    • http://www.gorillawalker.com/th1nk-lifechange-mark-a-double-edged-bible-study.pdf
    • http://www.gorillawalker.com/ed-reardon-s-week-series-8-six-episodes-of-the.pdf
    • http://www.gorillawalker.com/the-oxford-handbook-of-recruitment-oxford-library-of-psychology.pdf
    • http://www.gorillawalker.com/romance-of-the-three-kingdoms-2-tuttle-classics-kindle-edition.pdf
    • http://www.gorillawalker.com/mccall-s-cooking-school-recipe-card-vegetables-40-potatoes-nicoise.pdf
    • http://www.gorillawalker.com/thornton-wilder-the-eighth-day-theophilus-north-autobiographicalwritings-library-of.pdf
    • http://www.gorillawalker.com/dictionary-of-dna-and-genome-technology.pdf
    • http://www.gorillawalker.com/wasted-a-memoir-of-anorexia-and-bulimia-p-s-paperback.pdf
    • http://www.gorillawalker.com/customs-bulletin-v-36-january-december-2002-treasury-decisions-under.pdf
    • http://www.gorillawalker.com/henry-vi-part-1-arkangel-shakespeare-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/pakistan-s-elite-secret-service-the-isi-global-security-and.pdf
    • http://www.gorillawalker.com/american-nat-ins-co-v-yee-lim-shee-u-s.pdf
    • http://www.gorillawalker.com/depresi.pdf
    • http://www.gorillawalker.com/beyond-black-belt-sudoku-if-you-have-to-ask-it.pdf
    • http://www.gorillawalker.com/super-grains-seeds-pulses-legumes-nuts.pdf
    • http://www.gorillawalker.com/osama-bin-laden-non-est.pdf
    • http://www.gorillawalker.com/richard-wagner-and-his-world-the-bard-music-festival.pdf
    • http://www.gorillawalker.com/plato-s-parmenides-and-its-heritage-volume-ii-reception-in.pdf
    • http://www.gorillawalker.com/an-historical-atlas-of-central-asia-handbook-of-oriental-studies.pdf
    • http://www.gorillawalker.com/military-quotations-for-managers.pdf
    • http://www.gorillawalker.com/the-technique-of-lithography.pdf
    • http://www.gorillawalker.com/advances-in-future-manufacturing-engineering-proceedings-of-the-2014-international.pdf
    • http://www.gorillawalker.com/the-meditations-of-guigo-i-prior-of-the-charterhouse-cistercian.pdf
    • http://www.gorillawalker.com/psychosocial-aspects-of-narcolepsy-loss-grief-care-series-volume-5.pdf
    • http://www.gorillawalker.com/essential-words-for-the-gre-barron-s-essential-words-for.pdf
    • http://www.gorillawalker.com/advent-and-christmas-with-thomas-merton-a-redemptorist-pastoral-publication.pdf
    • http://www.gorillawalker.com/nice-girls-don-t-get-the-corner-office-rich.pdf
    • http://www.gorillawalker.com/learning-counseling-and-problem-solving-skills-with-instructor-s-manual.pdf
    • http://www.gorillawalker.com/partition-classique-un-automne-paris-a-lopez-trombone-et-piano.pdf
    • http://www.gorillawalker.com/photojournalism-life-library-of-photography.pdf
    • http://www.gorillawalker.com/us-army-technical-manual-tm-55-8115-204-23-p.pdf
    • http://www.gorillawalker.com/chance-and-temporal-asymmetry.pdf
    • http://www.gorillawalker.com/blue-murder-lord-lady-hetheridge-book-2-unabridged-audible-audio.pdf
    • http://www.gorillawalker.com/woodworking-with-the-router-revised-updated-professional-router-techniques-and.pdf
    • http://www.gorillawalker.com/ed-reardon-s-week-series-8-six-ep
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.