Malicious PDF — malware analysis report

Static analysis result for SHA-256 a177c7954523550c…

MALICIOUS

PDF

45.2 KB Created: 2018-11-15 19:35:23 +03:00 Authoring application: - (via Acrobat Distiller 5.0.1 for Macintosh)
MD5: 3684e506db13f45d208afb9e2c519901 SHA-1: 51a886022b9ccc3cbd4fd7e4f477be4e5991a660 SHA-256: a177c7954523550cad7c2cbc89a4a5c41c1b7e8f15edd13ae9f8e38af2709e04
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious File

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged the document as malicious. The embedded URLs all point to the same domain, suggesting a coordinated effort to manipulate search engine results or distribute content from a central location. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8452

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/land-quality-agricultural-productivity-and-food-security-biophysical-processes-and.pdf
    • http://www.gorillawalker.com/statistical-data-analytics-foundations-for-data-mining-informatics-and-knowledge.pdf
    • http://www.gorillawalker.com/south-asian-coins-and-paper-money-indian-edition-including-undivided.pdf
    • http://www.gorillawalker.com/classification-discover-grades-4-6.pdf
    • http://www.gorillawalker.com/the-roles-of-amino-acid-chelates-in-animal-nutrition-noyes.pdf
    • http://www.gorillawalker.com/football-stadium-busy-places.pdf
    • http://www.gorillawalker.com/the-extreme-centre-a-warning.pdf
    • http://www.gorillawalker.com/the-traitor-baru-cormorant.pdf
    • http://www.gorillawalker.com/invitation-to-mediterranean-cooking.pdf
    • http://www.gorillawalker.com/the-leader-as-communicator-strategies-and-tactics-to-build-loyalty.pdf
    • http://www.gorillawalker.com/simplemente-palabras-ii-spanish-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/mcts-self-paced-training-kit-exam-70-536-microsoft-net.pdf
    • http://www.gorillawalker.com/john-muir-trail-map-pack-shaded-relief-topo-maps-tom.pdf
    • http://www.gorillawalker.com/americans-with-disabilities-act-handbook-1996-cumulative-supplement-no-2.pdf
    • http://www.gorillawalker.com/target-receptors-for-anxiolytics-and-hypnotics-from-molecular-pharmacology-to.pdf
    • http://www.gorillawalker.com/a-you-re-adorable-the-alphabet-song-vintage-sheet-music.pdf
    • http://www.gorillawalker.com/the-word-wizard-s-book-of-synonyms-and-antonyms.pdf
    • http://www.gorillawalker.com/lucretia-mott-friend-of-justice-biography.pdf
    • http://www.gorillawalker.com/an-introduction-to-the-earth-life-system.pdf
    • http://www.gorillawalker.com/martha-stewart-a-biography-greenwood-biographies.pdf
    • http://www.gorillawalker.com/enabling-engineer-officers-as-terrain-experts-kindle-edition.pdf
    • http://www.gorillawalker.com/blue-tango.pdf
    • http://www.gorillawalker.com/the-ionosphere-communications-surveillance-and-direction-finding-orbit-a-foundation.pdf
    • http://www.gorillawalker.com/for-the-pleasure-of-seeing-her-again.pdf
    • http://www.gorillawalker.com/a-summer-of-fear-a-true-haunting-in-new-england.pdf
    • http://www.gorillawalker.com/istanbul-kadim-dost.pdf
    • http://www.gorillawalker.com/alba-fantastica-italian-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/your-country-needs-you-volunteering-to-fight-in-the-great.pdf
    • http://www.gorillawalker.com/travels-of-an-extraordinary-hamster-gecko-press-titles.pdf
    • http://www.gorillawalker.com/tro-project-phoenix-battletech.pdf
    • http://www.gorillawalker.com/chinese-indian-and-thai-cuisine-passport-let-s-eat-out.pdf
    • http://www.gorillawalker.com/film-review-2007-2008.pdf
    • http://www.gorillawalker.com/the-castrato-reflections-on-natures-and-kinds-ernest-bloch-lectures.pdf
    • http://www.gorillawalker.com/tort-law-text-and-materials.pdf
    • http://www.gorillawalker.com/the-ultimate-street-fighting-manual-kindle-edition.pdf
    • http://www.gorillawalker.com/voices-and-images-of-nunavimmiut-environment-renewable-resources-and-wildlife.pdf
    • http://www.gorillawalker.com/canadian-transcultural-nursing-assessment-and-intervention-1e.pdf
    • http://www.gorillawalker.com/compassionate-careers-making-a-living-by-making-a-difference.pdf
    • http://www.gorillawalker.com/the-mystery-on-the-train-the-boxcar-children-mysteries-book.pdf
    • http://www.gorillawalker.com/civil-rights-leaders-profiles-of-great-black-americans.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.