Malicious PDF — malware analysis report

Static analysis result for SHA-256 a302c322824c01bf…

MALICIOUS

PDF

44.5 KB Created: 2018-11-30 01:48:51 +03:00 Authoring application: FPDF 1.53
MD5: f5201ea3e7a6ed9f92c0f7b782551ba8 SHA-1: bf9509a758d451d621b14d72566f6ba65e1bd467 SHA-256: a302c322824c01bf30b061c0e0cd57def30e600e6c90f06e87221abc354fc4d4
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious File

The PDF was flagged by a machine learning classifier as malicious and contains a large number of external links to PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The embedded URLs all point to the same domain, suggesting a coordinated effort to manipulate search engine results or distribute content from a controlled source. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9354

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/amerikabrevene-stjalne-amerikabrev-historien-bak-tyveriet-i-1896-samt-en.pdf
    • http://www.gorillawalker.com/designing-forms-for-microsoft-office-infopath-and-forms-services-2007.pdf
    • http://www.gorillawalker.com/brimstone-pendergast-series-book-5-kindle-edition.pdf
    • http://www.gorillawalker.com/aquarium-atlas-volume-3.pdf
    • http://www.gorillawalker.com/rare.pdf
    • http://www.gorillawalker.com/true-crime-seventeen-real-girls-real-life-stories.pdf
    • http://www.gorillawalker.com/latino-urbanism-the-politics-of-planning-policy-and-redevelopment.pdf
    • http://www.gorillawalker.com/the-kitchen-witch-guide-to-the-timeless-art-of-herbal.pdf
    • http://www.gorillawalker.com/little-jewel.pdf
    • http://www.gorillawalker.com/national-geographic-encyclopedia-of-animals-exclusive-expanded-edition.pdf
    • http://www.gorillawalker.com/program-construction-international-summer-school-lecture-notes-in-computer-science.pdf
    • http://www.gorillawalker.com/magnesium-technology-proceedings-of-the-conference-sponsored-and-organized-by.pdf
    • http://www.gorillawalker.com/riddle-of-the-sands-kindle-edition.pdf
    • http://www.gorillawalker.com/dynamo-5-volume-3-fresh-blood.pdf
    • http://www.gorillawalker.com/the-cultural-space-of-the-arts-and-the-infelicities-of.pdf
    • http://www.gorillawalker.com/grand-central-arena.pdf
    • http://www.gorillawalker.com/how-to-prepare-art-and-copy-for-offset-lithography.pdf
    • http://www.gorillawalker.com/financial-planning-exposed-overcoming-myths-to-create-a-secure-future.pdf
    • http://www.gorillawalker.com/naked-in-the-stream-isle-royale-stories.pdf
    • http://www.gorillawalker.com/secrets-about-men-every-woman-should-know.pdf
    • http://www.gorillawalker.com/deep-future-the-next-100-000-years-of-life-on.pdf
    • http://www.gorillawalker.com/economic-development-of-tropical-agriculture-theory-policy-strategy-and-organization.pdf
    • http://www.gorillawalker.com/financial-reporting-and-analysis-5th-edition.pdf
    • http://www.gorillawalker.com/the-antidote-happiness-for-people-who-can-t-stand-positive.pdf
    • http://www.gorillawalker.com/politicizing-gender-narrative.pdf
    • http://www.gorillawalker.com/tell-it-slant-study-guide.pdf
    • http://www.gorillawalker.com/the-new-oxford-book-of-war-poetry-oxford-books-of.pdf
    • http://www.gorillawalker.com/ashes-in-the-wind-the-destruction-of-dutch-jewry.pdf
    • http://www.gorillawalker.com/ks2-science-year-three-workout-plant-life.pdf
    • http://www.gorillawalker.com/el-burlador-de-sevilla-spanish-edition.pdf
    • http://www.gorillawalker.com/newman-and-the-gospel-of-christ-oxford-theological-monographs.pdf
    • http://www.gorillawalker.com/everything-is-hotsy-totsy-now-ukulele-ike-edwards-on-front.pdf
    • http://www.gorillawalker.com/folklore-of-prehistoric-sites-in-britain.pdf
    • http://www.gorillawalker.com/artwork-pencil-drawings-of-famous-people-101-pencil-sketches-of.pdf
    • http://www.gorillawalker.com/our-principal-promised-to-kiss-a-pig.pdf
    • http://www.gorillawalker.com/the-game-of-my-life-a-true-story-of-challenge.pdf
    • http://www.gorillawalker.com/desperate-for-love.pdf
    • http://www.gorillawalker.com/roadmap-to-the-correct-prescription.pdf
    • http://www.gorillawalker.com/crime-and-the-media-the-postmodern-spectacle.pdf
    • http://www.gorillawalker.com/post-jungian-criticism-theory-and-practice-suny-series-in-psychoanalysis.pdf
    • http://www.gorillawalker.com/latino-urbanism-the-politics-of-planning-pol
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.