Malicious PDF — malware analysis report

Static analysis result for SHA-256 9f70a081b562d3a7…

MALICIOUS

PDF

40.7 KB Created: 2018-11-14 08:37:13 +03:00 Authoring application: Adobe Acrobat 8.0 (via Adobe Acrobat 8.0 Image Conversion Plug-in)
MD5: 358428f42156cdf59d952912464b875d SHA-1: 9a7ffe9eac7d0e0ebfd6f1bb588d5770c3fd71bb SHA-256: 9f70a081b562d3a7683c172bfba4287b330722bc2806263901fdd291c5dde99d
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML_NYX_PDF_MALICIOUS classifier also flagged this document with high confidence. The primary attack pattern appears to be a link farm designed to manipulate search engine results or to distribute further malicious content via the linked PDFs. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/your-immune-system-a-first-book.pdf
    • http://www.gorillawalker.com/how-to-make-an-atheist-back-slide.pdf
    • http://www.gorillawalker.com/conozca-los-profetas-mayores-spanish-meet-the-major-prophets-spanish.pdf
    • http://www.gorillawalker.com/personal-training-theory-and-practice.pdf
    • http://www.gorillawalker.com/o-s-nock-s-pocket-encyclopedia-of-british-steam-railways.pdf
    • http://www.gorillawalker.com/borderline-personality-disorder-and-the-conversational-model-a-clinician-s.pdf
    • http://www.gorillawalker.com/parenteral-and-enteral-hyperalimentation-international-symposium-proceedings-international-congress-series.pdf
    • http://www.gorillawalker.com/4-pezzi-sacri-stabat-mater-no-2-harp-part-qty.pdf
    • http://www.gorillawalker.com/mysticism-for-modern-times-converstations-with-willigis-jager.pdf
    • http://www.gorillawalker.com/tennessee-williams-plays-1957-1980-library-of-america.pdf
    • http://www.gorillawalker.com/fiber-cans-drums-and-similar-products-state-industry-market-evaluator.pdf
    • http://www.gorillawalker.com/my-husband-s-mistress-the-complete-series-cuckquean-bdsm-voyeur.pdf
    • http://www.gorillawalker.com/insight-pocket-guide-dublin-insight-pocket-guides-dublin.pdf
    • http://www.gorillawalker.com/islamic-art-culture-world-art-culture.pdf
    • http://www.gorillawalker.com/building-a-passive-solar-house-my-experience-shared.pdf
    • http://www.gorillawalker.com/daughter-of-the-dark-the-xandra-book-1.pdf
    • http://www.gorillawalker.com/hawaii-cookbook-and-backyard-luau.pdf
    • http://www.gorillawalker.com/feng-shui-for-beginners-a-complete-guide-to-using-feng.pdf
    • http://www.gorillawalker.com/perceptions-of-jewish-history.pdf
    • http://www.gorillawalker.com/black-man-let-us-make-man-in-our-image.pdf
    • http://www.gorillawalker.com/white-soul-country-music-the-church-and-working-americans-paperback.pdf
    • http://www.gorillawalker.com/strategic-dynamics-concepts-and-cases.pdf
    • http://www.gorillawalker.com/a-la-sombra-de-su-mano-daughters-of-the-faith.pdf
    • http://www.gorillawalker.com/reprints-of-medical-literature-on-chelation-therapy.pdf
    • http://www.gorillawalker.com/todo-tango-all-tango-spanish-edition.pdf
    • http://www.gorillawalker.com/elegant-oval-artist-s-pad.pdf
    • http://www.gorillawalker.com/an-heir-for-the-flame-dragon-fantasy-romance-book-2.pdf
    • http://www.gorillawalker.com/caffey-s-pediatric-diagnostic-imaging-with-website-2-volume-set.pdf
    • http://www.gorillawalker.com/the-troll-circle-modern-scandinavian-literature-in-translation.pdf
    • http://www.gorillawalker.com/mentefactura-el-cambio-del-modelo-productivo-1-spanish-edition-kindle.pdf
    • http://www.gorillawalker.com/analytic-geometry-and-the-elements-of-calculus.pdf
    • http://www.gorillawalker.com/get-well-friends-momo-goes-flying.pdf
    • http://www.gorillawalker.com/barney-s-halloween-party.pdf
    • http://www.gorillawalker.com/ingles-para-el-viajero-phrasebook-spanish-edition.pdf
    • http://www.gorillawalker.com/step-by-step-thai.pdf
    • http://www.gorillawalker.com/home-book-three-the-darwin-s-world-series-kindle-edition.pdf
    • http://www.gorillawalker.com/hydrometeorological-disasters-and-climate-change-digital.pdf
    • http://www.gorillawalker.com/just-don-t-fall-a-hilariously-true-story-of-childhood.pdf
    • http://www.gorillawalker.com/room-full-of-men-a-modern-bbw-s-first-group.pdf
    • http://www.gorillawalker.com/the-andes-this-beautiful-world-v-33.pdf
    • http://www.gorillawalker.com/parenteral-and-enteral-hyperalimentation-international-symposium-proceedi
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.