Malicious PDF — malware analysis report

Static analysis result for SHA-256 a6e6d95d862a53ec…

MALICIOUS

PDF

45.2 KB Created: 2018-11-30 20:34:15 +03:00 Authoring application: Acrobat Distiller 5.0 (Windows) (via Adobe PDF Library 9.9)
MD5: aa35ece409d6495c58b2d9ad3ec6fa05 SHA-1: c864f2af4b8e0cc7d6368ba62363a7eacf5e42e8 SHA-256: a6e6d95d862a53ecdb971c53fc9d41c9031de07b6d85da35b43852a937d9f0a1
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF contains a large number of embedded URLs pointing to external PDF files, indicating a link farm designed to attract traffic. The ML classifier also flagged this PDF as malicious. No scripts were extracted, and the document body was unreadable, but the heuristic firings strongly suggest a malicious intent to redirect users to a large collection of content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9074

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/a-secret-safe-to-tell.pdf
    • http://www.gorillawalker.com/a-stream-of-dreams.pdf
    • http://www.gorillawalker.com/best-friends-road-to-writing.pdf
    • http://www.gorillawalker.com/fulfill-your-greatest-dreams-desires-goals-aspirations-astrology-the-eternal.pdf
    • http://www.gorillawalker.com/a-companion-to-dental-studies-anatomy-biochemistry-and-physiology-v.pdf
    • http://www.gorillawalker.com/the-visitor-andr-palmeiro-and-the-jesuits-in-asia.pdf
    • http://www.gorillawalker.com/magnus-robot-fighter-archives-volume-1-v-1.pdf
    • http://www.gorillawalker.com/afro-caribbean-drum-grooves.pdf
    • http://www.gorillawalker.com/agricultural-medicine-occupational-and-environmental-health-for-the-health-professions.pdf
    • http://www.gorillawalker.com/grammar-for-english-language-teachers.pdf
    • http://www.gorillawalker.com/the-story-of-golf-in-fifty-holes-fifty-things-that.pdf
    • http://www.gorillawalker.com/coach-sense-coaching-to-make-a-difference.pdf
    • http://www.gorillawalker.com/cultureshock-japan-a-survival-guide-to-customs-and-etiquette-cultureshock.pdf
    • http://www.gorillawalker.com/ladish-general-catalog-no-55-forged-and-seamless-welding-pipe.pdf
    • http://www.gorillawalker.com/folens-history-renaissance-revolution-and-reformation-student-book.pdf
    • http://www.gorillawalker.com/passion-paths.pdf
    • http://www.gorillawalker.com/beatles-vs-stones.pdf
    • http://www.gorillawalker.com/reputational-risk-how-to-manage-for-value-creation-management-briefings.pdf
    • http://www.gorillawalker.com/ghid-turistic-romania-cu-harta-engleza.pdf
    • http://www.gorillawalker.com/jungle-fire-the-erotic-adventures-of-henry-jeanie-kinkade-treasure.pdf
    • http://www.gorillawalker.com/war-junkie-one-man-s-addiction-to-the-worst-places.pdf
    • http://www.gorillawalker.com/practical-procedures-in-orthopaedic-surgery-joint-aspiration-injection-bone-graft.pdf
    • http://www.gorillawalker.com/bigfoot-fact-or-fiction-creature-scene-investigation.pdf
    • http://www.gorillawalker.com/selena-gomez-big-buddy-biographies.pdf
    • http://www.gorillawalker.com/abc-limericks-for-boys-the-abc-limericks-for-children-series.pdf
    • http://www.gorillawalker.com/101-things-you-thought-you-knew-about-the-titanic-butdidn.pdf
    • http://www.gorillawalker.com/juridification-and-social-citizenship-in-the-welfare-state.pdf
    • http://www.gorillawalker.com/the-player-christy-mathewson-baseball-and-the-american-century.pdf
    • http://www.gorillawalker.com/the-phanerozoic-carbon-cycle-co-2-and-o-2.pdf
    • http://www.gorillawalker.com/curious-baby-everyday-shapes-puzzle-book-a-puzzle-play-book.pdf
    • http://www.gorillawalker.com/computational-recreations-in-mathematica.pdf
    • http://www.gorillawalker.com/oracle-wait-event-tuning-high-performance-with-wait-event-interface.pdf
    • http://www.gorillawalker.com/chat-noir-pocket-diary-2016.pdf
    • http://www.gorillawalker.com/comprising-reports-of-cases-in-the-courts-of-chancery-king.pdf
    • http://www.gorillawalker.com/torn-lace-other-stories-texts-translations.pdf
    • http://www.gorillawalker.com/great-ideas-using-service-learning-differentiated-instruction-to-help-your.pdf
    • http://www.gorillawalker.com/xml-how-to-program-java-2-perl-cgi-and-active.pdf
    • http://www.gorillawalker.com/the-good-life-gets-better-panning-for-gold.pdf
    • http://www.gorillawalker.com/god-gulliver-and-genocide-barbarism-and-the-european-imagination-1492.pdf
    • http://www.gorillawalker.com/shots-in-the-dark-the-wayward-search-for-an-aids.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.