Malicious PDF — malware analysis report

Static analysis result for SHA-256 a754146f67498cfa…

MALICIOUS

PDF

43.1 KB Created: 2018-12-15 08:53:28 +03:00 Authoring application: - (via Acrobat Distiller 15.0 (Windows))
MD5: 08786acd5c19dcb239b8e97f3bc6fbe9 SHA-1: 687d12cabe3c1dfcbc79b0921e283c9a9564c58b SHA-256: a754146f67498cfa885ccf41357f470c42ea0c4c92286c7bf944344c052a4b34
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged this PDF as malicious. The document body contains numerous URLs, all pointing to the same domain, suggesting a link farm or redirection scheme. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-complete-guide-to-guitar-and-amp-maintenance-a-practical.pdf
    • http://www.gorillawalker.com/indy-cars-seedlings.pdf
    • http://www.gorillawalker.com/george-washington-s-interest-in-the-ohio-country.pdf
    • http://www.gorillawalker.com/textile-coating-and-laminating-opportunities-for-growth-issues-technology-markets.pdf
    • http://www.gorillawalker.com/great-american-ships-great-american-places-series.pdf
    • http://www.gorillawalker.com/36-diverticulitis-recipes-quick-and-easy-diverticulitis-diet-recipes-for.pdf
    • http://www.gorillawalker.com/after-a-stroke-300-tips-for-making-life-easier-kindle.pdf
    • http://www.gorillawalker.com/teach-yourself-electricity-and-electronics-fourth-edition.pdf
    • http://www.gorillawalker.com/switch-c-mo-cambiar-las-cosas-cuando-cambiar-es-dif.pdf
    • http://www.gorillawalker.com/65-gateway-to-sexual-adventure-for-women-and-men.pdf
    • http://www.gorillawalker.com/psychology-applied-to-work.pdf
    • http://www.gorillawalker.com/barometer-makers-and-retailers-1660-1900.pdf
    • http://www.gorillawalker.com/hedging-energy-risks-with-derivative-instruments-in-oil-trading.pdf
    • http://www.gorillawalker.com/a-lute-of-jade.pdf
    • http://www.gorillawalker.com/head-first-servlets-and-jsp-passing-the-sun-certified-web.pdf
    • http://www.gorillawalker.com/dancing-for-a-living-ballet-and-contemporary-dance-my-life.pdf
    • http://www.gorillawalker.com/subtracting-and-taking-away-basic-math.pdf
    • http://www.gorillawalker.com/general-topology-graduate-texts-in-mathematics.pdf
    • http://www.gorillawalker.com/business-continuity-and-disaster-recovery-planning-for-it-professionals.pdf
    • http://www.gorillawalker.com/oil-and-politics-in-the-gulf-of-guinea-columbia-hurst.pdf
    • http://www.gorillawalker.com/hydrodynamic-instabilities-and-the-transition-to-turbulence-topics-in-applied.pdf
    • http://www.gorillawalker.com/voices-of-delinquency.pdf
    • http://www.gorillawalker.com/what-ever-happened-to-baby-jane.pdf
    • http://www.gorillawalker.com/a-practical-guide-to-neural-networks.pdf
    • http://www.gorillawalker.com/black-morocco-a-history-of-slavery-race-and-islam-african.pdf
    • http://www.gorillawalker.com/cianotipia-fotograf-a-antigua-y-alternativa-spanish-edition.pdf
    • http://www.gorillawalker.com/basic-fiddlers-philharmonic-celtic-fiddle-tunes-teacher-s-manual-book.pdf
    • http://www.gorillawalker.com/a-worthy-opponent.pdf
    • http://www.gorillawalker.com/a-night-of-hunger-the-countess-trilogy-book-1.pdf
    • http://www.gorillawalker.com/the-victor-part-i-a-novella.pdf
    • http://www.gorillawalker.com/the-birth-of-the-solar-system-facts-theories-hypotheses-etc.pdf
    • http://www.gorillawalker.com/forever-a-chief-derrick-thomas-always-giving-back.pdf
    • http://www.gorillawalker.com/san-tseu-king-tam-tu-kinh-le-livre-des-trois.pdf
    • http://www.gorillawalker.com/competitiveness-outsourcing-tech-development-issues-come-to-fore-jimtof-tokyo.pdf
    • http://www.gorillawalker.com/recognition-of-vlsi-module-isomorphism.pdf
    • http://www.gorillawalker.com/recollections-of-a-chinese-physicist.pdf
    • http://www.gorillawalker.com/their-hill-my-forest-the-incredible-adventures-of-a-little.pdf
    • http://www.gorillawalker.com/elementos-de-historia-universal-ordenados-por-un-profesor-del-seminario.pdf
    • http://www.gorillawalker.com/brazil-medical-device-industry-key-company-profiles-download-pdf-digital.pdf
    • http://www.gorillawalker.com/science-of-the-magical-from-the-holy-grail-to-love.pdf
    • http://www.gorillawalker.com/teach-yourself-electricity-and-electronics-fo
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.