Malicious PDF — malware analysis report

Static analysis result for SHA-256 a901792f15672426…

MALICIOUS

PDF

42.7 KB Created: 2018-11-30 20:23:46 +03:00 Authoring application: Pages (via Mac OS X 10.11.6 Quartz PDFContext)
MD5: a28d09812d23f050a5910a830dd98f2f SHA-1: 140237f5dd4181b1a790bdd98898b1bfcbbeb444 SHA-256: a901792f15672426b65938da166c470e363e49c2cfb0a4475155e1beb954dc19
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF file contains a large number of embedded links to external PDF documents, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged the document as malicious. The embedded URLs all point to the same domain, suggesting a link farm or a method to distribute potentially malicious content disguised as legitimate documents. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8469

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/entourage-a-tracing-file-for-architects-and-interior-design.pdf
    • http://www.gorillawalker.com/litigation-support-the-pricewaterhousecoopers-guide-to-forensic-analysis-and-accounting.pdf
    • http://www.gorillawalker.com/whispers-glenbrooke-book-2.pdf
    • http://www.gorillawalker.com/maintenance-of-historic-buildings-a-practical-handbook.pdf
    • http://www.gorillawalker.com/175-money-saving-tips-for-every-car-owner-a-tower.pdf
    • http://www.gorillawalker.com/mechanick-exercises-on-the-whole-art-of-printing.pdf
    • http://www.gorillawalker.com/everybody-s-america-thomas-pynchon-race-and-the-cultures-of.pdf
    • http://www.gorillawalker.com/vlog-log.pdf
    • http://www.gorillawalker.com/u-s-policy-toward-syria-1949-to-1958.pdf
    • http://www.gorillawalker.com/harvard-business-review-on-what-makes-a-leader-harvard-business.pdf
    • http://www.gorillawalker.com/recent-advances-in-surgery.pdf
    • http://www.gorillawalker.com/mary-shelley-critical-issues.pdf
    • http://www.gorillawalker.com/cantata-no-192-nun-danket-alle-gott-kalmus-edition.pdf
    • http://www.gorillawalker.com/daily-motivations-for-african-american-success.pdf
    • http://www.gorillawalker.com/smithsonian-ocean-our-water-our-world.pdf
    • http://www.gorillawalker.com/collector-s-guide-to-decoys-wallace-homestead-collector-s-guide.pdf
    • http://www.gorillawalker.com/the-roots-of-tolkien-s-middle-earth.pdf
    • http://www.gorillawalker.com/crunchtime-text-only-by-s-l-emanuel.pdf
    • http://www.gorillawalker.com/antares-dawn-antares-book-1-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/ole-evinrude-and-his-outboard-motor-badger-biographies-series.pdf
    • http://www.gorillawalker.com/dr-seuss-my-favorite-writer.pdf
    • http://www.gorillawalker.com/napa-state-hospital-images-of-america-arcadia-publishing.pdf
    • http://www.gorillawalker.com/a-thousand-clowns-a-play-in-three-acts.pdf
    • http://www.gorillawalker.com/el-libro-tibetano-de-los-muertos-bardo-th.pdf
    • http://www.gorillawalker.com/essential-physics-of-medical-imaging.pdf
    • http://www.gorillawalker.com/it-s-not-about-me-second-glances-series-1.pdf
    • http://www.gorillawalker.com/skin-deep-part-2-of-3-all-she-wanted-was.pdf
    • http://www.gorillawalker.com/the-master-s-questions-to-his-disciples-classic-reprint.pdf
    • http://www.gorillawalker.com/exercise-may-cut-colon-cancer-risk-news-an-article-from.pdf
    • http://www.gorillawalker.com/the-wooden-boat.pdf
    • http://www.gorillawalker.com/green-barley-essence.pdf
    • http://www.gorillawalker.com/coaching-tips-for-job-seekers-keys-and-secrets-for-success.pdf
    • http://www.gorillawalker.com/god-bless-america-other-songs-for-a-better-nation-easy.pdf
    • http://www.gorillawalker.com/fractal-time-the-secret-of-2012-and-a-new-world.pdf
    • http://www.gorillawalker.com/eric-liddell-unit-study-curriculum-guide-christian-heroes-then-now.pdf
    • http://www.gorillawalker.com/admission-requirements-for-international-students-at-colleges-and-universities-in.pdf
    • http://www.gorillawalker.com/reforming-women-s-fashion-1850-1920-politics-health-and-art.pdf
    • http://www.gorillawalker.com/the-future-of-ocean-regime-building.pdf
    • http://www.gorillawalker.com/mathematics-for-business-and-mymathlab-mystatlab-valuepack-access-card-package.pdf
    • http://www.gorillawalker.com/compilation-report-for-collectors-of-mammoths-and-mastodons.pdf
    • http://www.gorillaw
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.