Malicious PDF — malware analysis report

Static analysis result for SHA-256 ae512be7dabab89a…

MALICIOUS

PDF

42.5 KB Created: 2018-11-30 20:19:57 +03:00 Authoring application: Microsoft® Office Word 2007
MD5: 1d3769a8ae83700b32239d39010e4710 SHA-1: d44d818dcff1c01454793443dea6530ab9900165 SHA-256: ae512be7dabab89af852df53a24c9ec7721fa7402ca96f3c42d7d123ff0729f2
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious File

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged this PDF as malicious with a high probability. The document body is heavily obfuscated and does not provide clear textual lures, but the sheer volume of links suggests a non-standard purpose, likely related to SEO manipulation or distributing further malicious content. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/experiments-in-oceanography.pdf
    • http://www.gorillawalker.com/the-maid-of-orleans-vocal-score-russian-language-edition-vocal.pdf
    • http://www.gorillawalker.com/argue-with-me-argument-as-a-path-to-developing-students.pdf
    • http://www.gorillawalker.com/informal-institutions-and-democracy-lessons-from-latin-america.pdf
    • http://www.gorillawalker.com/trade-profiles-2013.pdf
    • http://www.gorillawalker.com/seis-personajes-en-busca-de-autor-comedia-a-escenificar-spanish.pdf
    • http://www.gorillawalker.com/frosting-on-the-cake-2-second-helpings.pdf
    • http://www.gorillawalker.com/julius-caesar1599-an-entry-from-gale-s-shakespeare-for-students.pdf
    • http://www.gorillawalker.com/contemporary-german-cinema.pdf
    • http://www.gorillawalker.com/mis-5-with-coursemate-printed-access-card-new-engaging-titles.pdf
    • http://www.gorillawalker.com/el-control-del-color-administraci.pdf
    • http://www.gorillawalker.com/systematics-and-evolution-of-cordylanthus-systematic-botany-monographs.pdf
    • http://www.gorillawalker.com/pugs-for-dummies.pdf
    • http://www.gorillawalker.com/step-up-to-medicine-step-up-series-by-agabegi-steven.pdf
    • http://www.gorillawalker.com/siete-dias-de-julio-best-seller-debolsillo-spanish-edition.pdf
    • http://www.gorillawalker.com/dementia-trek-mi-q-an.pdf
    • http://www.gorillawalker.com/forensics-in-america-a-history.pdf
    • http://www.gorillawalker.com/basic-rhythms-and-styles-for-the-working-drummer.pdf
    • http://www.gorillawalker.com/chimpanzee-and-red-colobus-the-ecology-of-predator-and-prey.pdf
    • http://www.gorillawalker.com/ideas-for-a-philosophy-of-nature-texts-in-german-philosophy.pdf
    • http://www.gorillawalker.com/inmortal-la-vida-en-un-clic-vivir-eternamente-est-a.pdf
    • http://www.gorillawalker.com/html5-game-development-by-example-second-edition.pdf
    • http://www.gorillawalker.com/rural-commercial-capital-agricultural-markets-in-west-bengal.pdf
    • http://www.gorillawalker.com/the-myth-of-the-spoiled-child-challenging-the-conventional-wisdom.pdf
    • http://www.gorillawalker.com/the-christology-of-early-jewish-christianity.pdf
    • http://www.gorillawalker.com/austin-microbiological-ellis-horwood-series-in-aquaculture-and-fisheries-support.pdf
    • http://www.gorillawalker.com/national-vocational-construction-engineering-technology-planning-materials-construction-quality-inspection.pdf
    • http://www.gorillawalker.com/nothing-personal-chronicles-of-chicago-s-lgbtq-community-1977-1997.pdf
    • http://www.gorillawalker.com/thomas-merton-opening-the-bible.pdf
    • http://www.gorillawalker.com/pharmaceutical-stress-testing-predicting-drug-degradation-second-edition-drugs-and.pdf
    • http://www.gorillawalker.com/the-baby-quilt.pdf
    • http://www.gorillawalker.com/the-last-forest-story-of-hatfield-forest.pdf
    • http://www.gorillawalker.com/america-the-beautiful-rediscovering-what-made-this-nation-great-kindle.pdf
    • http://www.gorillawalker.com/our-babies-ourselves-how-biology-and-culture-shape-the-way.pdf
    • http://www.gorillawalker.com/bruce-lee-four-seas-weekly.pdf
    • http://www.gorillawalker.com/lectures-on-the-mathmatics-of-finance-crm-monograph-series.pdf
    • http://www.gorillawalker.com/the-speeches-of-president-george-h-w-bush.pdf
    • http://www.gorillawalker.com/women-and-men-in-organizations-sex-and-gender-issues-at.pdf
    • http://www.gorillawalker.com/argentinian-in-the-outback-argentinian-in-the-outback-cattle-rancher.pdf
    • http://www.gorillawalker.com/guide-to-good-food-teacher-s-powerpoint-presentations-individual-license.pdf
    • http://www.gorillawalker.com/julius-caesar1599-an-entry-from-gale-s-shak
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.