Malicious PDF — malware analysis report

Static analysis result for SHA-256 afb5ebf5029029f8…

MALICIOUS

PDF

33.2 KB Created: 2019-08-10 08:01:47 +03:00 Authoring application: - (via Foxit Phantom Printer Version 3.0.3.0804)
MD5: 161365e3f2a503519e56b81a779f1375 SHA-1: 66e6ee3b12689476e5f2c30105ccc029298b68c5 SHA-256: afb5ebf5029029f8386e99cb00399c9670777484b4817db3e7b12344a85f9846
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1566.002 Spearphishing Link

The PDF contains a large number of embedded URLs pointing to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. This suggests a tactic to manipulate search engine results or to distribute a large volume of content, potentially malicious. The ML_NYX_PDF_MALICIOUS heuristic further supports the malicious nature of the file. No scripts were extracted, and the document body was heavily obfuscated, limiting further analysis of the specific lure.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8215

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/treasure-house-151-year-4-vocabulary-grammar-and-punctuation-pupil.pdf
    • http://www.gorillawalker.com/successfully-passed-the-pmp-exam-full-guidance-chinese-edition.pdf
    • http://www.gorillawalker.com/puppets-and-pockets-from-paper-plates-reproducible-classroom-activity-books.pdf
    • http://www.gorillawalker.com/the-balance-of-nature-ecological-issues-in-the-conservation-of.pdf
    • http://www.gorillawalker.com/a-blackbird-fabulation-3pac-kindle-edition.pdf
    • http://www.gorillawalker.com/ukrainian-black-leather-bible-zipper-golden-edges-thumb-index-maps.pdf
    • http://www.gorillawalker.com/stir-it-up-lessons-in-community-organizing-and-advocacy-the.pdf
    • http://www.gorillawalker.com/reconocimiento-de-palabras-un-experimento-a-partir-de-la-tarea.pdf
    • http://www.gorillawalker.com/life-kindle-edition.pdf
    • http://www.gorillawalker.com/illustrated-voice.pdf
    • http://www.gorillawalker.com/cathedrals-and-abbeys-of-england-and-wales-blue-guides.pdf
    • http://www.gorillawalker.com/les-oeufs-verts-au-jambon-the-french-edition-of-green.pdf
    • http://www.gorillawalker.com/to-herland-and-beyond-the-life-and-work-of-charlotte.pdf
    • http://www.gorillawalker.com/how-to-gracefully-exit-a-relationship.pdf
    • http://www.gorillawalker.com/emma-goldman-a-documentary-history-of-the-american-years-vol.pdf
    • http://www.gorillawalker.com/thermodynamik-des-kraftfahrzeugs-german-edition.pdf
    • http://www.gorillawalker.com/math-video-tutor-dvd-1-video-tutor.pdf
    • http://www.gorillawalker.com/casenote-legal-briefs-family-law-keyed-to-wadlington-o-brien.pdf
    • http://www.gorillawalker.com/financial-accounting-8th-edition-for-indiana-university-primer-a524-and.pdf
    • http://www.gorillawalker.com/the-iep-checklist-your-guide-to-creating-meaningful-and-compliant.pdf
    • http://www.gorillawalker.com/buddhist-temples-of-thailand-a-visual-journey-through-thailand-s.pdf
    • http://www.gorillawalker.com/running-lips.pdf
    • http://www.gorillawalker.com/marxism-existentialism.pdf
    • http://www.gorillawalker.com/alternative-beauties-tattoo-s-piercing-s-attitude-volume-1.pdf
    • http://www.gorillawalker.com/kohala-tiki-series-concert-ukulele-linden-wood-built-in-tuner.pdf
    • http://www.gorillawalker.com/forced-labour-and-human-trafficking-casebook-of-court-decisions-a.pdf
    • http://www.gorillawalker.com/travel-of-fio-4-i-cannot-hear-your-voice-fionotabi.pdf
    • http://www.gorillawalker.com/revolutionary-war-almanac-almanacs-of-american-wars.pdf
    • http://www.gorillawalker.com/noblemen-webster-s-specialty-crossword-puzzles.pdf
    • http://www.gorillawalker.com/wind-from-an-enemy-sky.pdf
    • http://www.gorillawalker.com/very-young-children-with-special-needs-pearson-etext-with-loose.pdf
    • http://www.gorillawalker.com/complete-science-of-wrestling-original-version-restored.pdf
    • http://www.gorillawalker.com/mystical-works-of-russian-writers-russian-edition.pdf
    • http://www.gorillawalker.com/the-new-abs-diet-cookbook-hundreds-of-delicious-meals-that.pdf
    • http://www.gorillawalker.com/instrumental-titration-techniques-principles-and-applications-of-the-volumetric-analysis.pdf
    • http://www.gorillawalker.com/how-to-build-ponds-and-waterfalls-and-much-more-the.pdf
    • http://www.gorillawalker.com/encyclopedia-of-cognitive-behavior-therapy-social-indicators-research-series.pdf
    • http://www.gorillawalker.com/card-manipulations-no-s-1-5.pdf
    • http://www.gorillawalker.com/lake-kivu-limnology-and-biogeochemistry-of-a-tropical-great-lake.pdf
    • http://www.gorillawalker.com/star-trek-2016-wall-calendar-the-original-series.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.