Malicious PDF — malware analysis report

Static analysis result for SHA-256 a431215cb9f21024…

MALICIOUS

PDF

42.8 KB Created: 2018-11-23 20:58:56 +03:00 Authoring application: Acrobat PDFMaker 7.0.7 for Word (via Acrobat Distiller 7.0.5 (Windows))
MD5: 80c5367ced5a7132c4c596950800ed44 SHA-1: 5040e0402ac4d821ba3ff3b82f9d02dca22488f8 SHA-256: a431215cb9f2102434ce660cb5c55397e024ea2840a78733bc38256b009395fa
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF file was flagged by a machine learning classifier and contains a large number of embedded links to external PDF documents. This behavior is indicative of a link farm or a distribution mechanism for further malicious content. No scripts were extracted, and the document body was heavily obfuscated, limiting further analysis of the specific lure.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8872

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/dreamer-a-prequel-to-the-mongoliad-the-foreworld-saga.pdf
    • http://www.gorillawalker.com/american-economic-history-8th-edition-pearson-series-in-economics.pdf
    • http://www.gorillawalker.com/be-your-own-doctor-using-reiki-complete-authentic-information-about.pdf
    • http://www.gorillawalker.com/crystallography-vol-1-an-outline-of-the-geometrical-properties-of.pdf
    • http://www.gorillawalker.com/los-poetas-que-cayeron-del-cielo-la-generacion-beat-comentada.pdf
    • http://www.gorillawalker.com/the-last-ten-surahs-of-the-holy-qur-an-activity.pdf
    • http://www.gorillawalker.com/jet-setting-escort-a-curvy-girl-erotic-romance-book-8.pdf
    • http://www.gorillawalker.com/junjo-romantica-volume-5-yaoi-v-5.pdf
    • http://www.gorillawalker.com/vegetarian-soup-cuisine-125-soups-and-stews-from-around-the.pdf
    • http://www.gorillawalker.com/job-interview-patterns-100-behavioral-interview-questions-and-answers-second.pdf
    • http://www.gorillawalker.com/brands-visions-and-values.pdf
    • http://www.gorillawalker.com/arguing-deal-with-it-word-by-word-lorimer-deal-with.pdf
    • http://www.gorillawalker.com/shades-of-vengeance-jude-magdalyn-book-5-kindle-edition.pdf
    • http://www.gorillawalker.com/streetfinder-west-palm-beach-and-vicinity-rand-mcnally-streetfinder.pdf
    • http://www.gorillawalker.com/levana-cooks-dairy-free-natural-and-delicious-recipes-for-your.pdf
    • http://www.gorillawalker.com/here-he-comes-again-storybook-lake.pdf
    • http://www.gorillawalker.com/lightfall-genealogy-of-a-museum-paul-and-herta-amir-building.pdf
    • http://www.gorillawalker.com/across-the-red-river-rwanda-burundi-and-the-heart-of.pdf
    • http://www.gorillawalker.com/the-double-v-campaign-african-americans-in-world-war-ii.pdf
    • http://www.gorillawalker.com/la-grandeza-del-cine-mexicano-the-greatness-of-mexican-film.pdf
    • http://www.gorillawalker.com/pizzas-mas-de-100-recetas-para-compartir-en-familia-spanish.pdf
    • http://www.gorillawalker.com/carbon-markets-an-international-business-guide.pdf
    • http://www.gorillawalker.com/the-fencing-master-kindle-edition.pdf
    • http://www.gorillawalker.com/adventures-of-maisie-dude-ranch-and-morton-s-dreams-2.pdf
    • http://www.gorillawalker.com/druid-animal-oracle.pdf
    • http://www.gorillawalker.com/role-of-cyclin-inhibitor-protein-p21-in-the-inhibition-of.pdf
    • http://www.gorillawalker.com/the-darkest-desires-erotic-poetry-freedom-s-soul-the-darkest.pdf
    • http://www.gorillawalker.com/daily-devotions-for-advent-2015-living-gospel.pdf
    • http://www.gorillawalker.com/qualities-of-effective-principals.pdf
    • http://www.gorillawalker.com/minecraft-magic-guide-tc-kindle-edition.pdf
    • http://www.gorillawalker.com/geriatric-psychopharmacology-medical-psychiatry-series.pdf
    • http://www.gorillawalker.com/catalytic-shape-architecture-and-digital-design.pdf
    • http://www.gorillawalker.com/the-kuan-yin-oracle.pdf
    • http://www.gorillawalker.com/la-r-v-lation-d-herm-s-trism-giste-etudes.pdf
    • http://www.gorillawalker.com/christus-am-lberge-op-85-welten-singen-dank-und-ehre.pdf
    • http://www.gorillawalker.com/platelet-concentrates-to-treat-musculoskeletal-disease-in-horses-clinical-studies.pdf
    • http://www.gorillawalker.com/mathematical-methods-for-physicists-a-concise-introduction.pdf
    • http://www.gorillawalker.com/strong-deaf.pdf
    • http://www.gorillawalker.com/doing-time-online.pdf
    • http://www.gorillawalker.com/rose-paterson-s-illalong-letters-1873-1888.pdf
    • http://www.gorillawalker.com/jet-setting-escort-a-c
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.