Malicious PDF — malware analysis report

Static analysis result for SHA-256 a8cf250d42ace35a…

MALICIOUS

PDF

44.1 KB Created: 2018-11-30 20:24:13 +03:00 Authoring application: Acrobat PDFMaker 7.0 for Publisher (via Acrobat Distiller 7.0 (Windows))
MD5: 3f6fce80483fd0ce00e2d33e7188f01b SHA-1: f0a60528d2dac9931b080f951f8120481b75d2e0 SHA-256: a8cf250d42ace35ac357339a8e088479a68f5218baeb19b9ced62d8658442ffc
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged the document as malicious. The primary attack pattern appears to be a link farm designed to manipulate search engine results or to distribute further malicious content through the linked PDFs. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9007

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/showdown-the-lithuanian-rebellion-and-the-breakup-of-the-soviet.pdf
    • http://www.gorillawalker.com/my-life-among-the-deathworks-illustrations-of-the-aesthetics-of.pdf
    • http://www.gorillawalker.com/the-philosophy-of-david-hume-with-a-new-introduction-by.pdf
    • http://www.gorillawalker.com/bibliographic-guide-to-maps-and-atlases.pdf
    • http://www.gorillawalker.com/easy-classical-duets-for-ukulele-bass-japanese-edition-paperback.pdf
    • http://www.gorillawalker.com/cities-of-others-reimagining-urban-spaces-in-asian-american-literature.pdf
    • http://www.gorillawalker.com/the-law-of-the-sea-and-northeast-asia-a-challenge.pdf
    • http://www.gorillawalker.com/the-origins-of-islamic-reformism-in-southeast-asia-networks-of.pdf
    • http://www.gorillawalker.com/by-claire-l-wendland-a-heart-for-the-work-journeys.pdf
    • http://www.gorillawalker.com/mobil-travel-guide-san-francisco-mobil-travel-guide-city-guides.pdf
    • http://www.gorillawalker.com/connect-plus-accounting-2-semester-access-card-for-auditing-and.pdf
    • http://www.gorillawalker.com/naive-set-theory.pdf
    • http://www.gorillawalker.com/texes-ppr-for-ec-6-ec-12-4-8-8.pdf
    • http://www.gorillawalker.com/fetish-worship-erotica.pdf
    • http://www.gorillawalker.com/alhambra-and-the-generalife-official-guide.pdf
    • http://www.gorillawalker.com/identidad-quien-eres-spanish-edition.pdf
    • http://www.gorillawalker.com/comprehensive-toxicology-second-edition.pdf
    • http://www.gorillawalker.com/the-saint-clairs-of-the-isles-being-a-history-of.pdf
    • http://www.gorillawalker.com/dumb-witness-complete-unabridged.pdf
    • http://www.gorillawalker.com/new-venture-creation-entrepreneurship-for-the-21st-century-8th-egith.pdf
    • http://www.gorillawalker.com/managing-the-construction-process-estimating-scheduling-and-project-control-3rd.pdf
    • http://www.gorillawalker.com/field-guide-to-meteors-and-meteorites-the-patrick-moore-practical.pdf
    • http://www.gorillawalker.com/the-art-of-cutting-tradition-and-new-techniques-for-paper.pdf
    • http://www.gorillawalker.com/the-aspern-papers-and-other-stories.pdf
    • http://www.gorillawalker.com/modern-chemistry-teacher-edition-2012.pdf
    • http://www.gorillawalker.com/achieve-your-own-emotional-branding-the-secrets-of-appealing-to.pdf
    • http://www.gorillawalker.com/scary-monsters-really-scary-stuff.pdf
    • http://www.gorillawalker.com/there-s-a-bear-in-there-and-he-wants-swedish.pdf
    • http://www.gorillawalker.com/play-together-stay-together-games-that-fortify-your-family-paperback.pdf
    • http://www.gorillawalker.com/adventures-amidst-the-equatorial-forests-and-rivers-of-south-america.pdf
    • http://www.gorillawalker.com/making-candy-at-home-illustrated.pdf
    • http://www.gorillawalker.com/the-greatest-christmas-gift.pdf
    • http://www.gorillawalker.com/los-horrores-de-filipinas-versi-n-castellana-1876-spanish-edition.pdf
    • http://www.gorillawalker.com/transmitting-beam-patterns-of-the-atlantic-bottlenose-dolphin-tursiops-truncatus.pdf
    • http://www.gorillawalker.com/the-greek-myths-1-and-2.pdf
    • http://www.gorillawalker.com/fluid-mechanics-and-thermo-acoustic-waves.pdf
    • http://www.gorillawalker.com/cello-sonata-in-e-minor-rv-40-arrangement-for-cello.pdf
    • http://www.gorillawalker.com/pathways-grade-7-gallaudet-friend-of-the-deaf-trade-book.pdf
    • http://www.gorillawalker.com/start-run-a-creative-services-business.pdf
    • http://www.gorillawalker.com/acadiana-louisiana-s-historic-cajun-country.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.