Malicious PDF — malware analysis report

Static analysis result for SHA-256 b047ae4dab2fde5c…

MALICIOUS

PDF

44.4 KB Created: 2018-12-02 20:18:16 +03:00 Authoring application: Adobe Acrobat 8.0 Combine Files (via Adobe PDF Library 5.0)
MD5: afac325546a02b70e61e2b83580dfde6 SHA-1: eae7e63233dbf9054edeb412652d00e52d85189c SHA-256: b047ae4dab2fde5c7c94a5505322dad64c54dbb84a6e29f407ff4003999d59d2
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML_NYX_PDF_MALICIOUS classifier also flagged the document with high confidence. The embedded URLs point to a website that appears to host a link farm of PDF documents, suggesting a potential SEO manipulation or content distribution scheme. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8439

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/third-eve-book.pdf
    • http://www.gorillawalker.com/teenage-mutant-ninja-turtles-and-other-strangeness.pdf
    • http://www.gorillawalker.com/don-julio-mario-biografia-no-autorizada-cronica-actual-spanish-edition.pdf
    • http://www.gorillawalker.com/jenny-craig-let-s-get-walking-2-audio-cassette-tapes.pdf
    • http://www.gorillawalker.com/pilates-and-calisthenics-for-children-using-imagery-to-reinforce-the.pdf
    • http://www.gorillawalker.com/the-forty-eight-preludes-and-fugues-of-j-s-bach.pdf
    • http://www.gorillawalker.com/robert-ballard-oceanographer-who-discovered-the-titanic-people-to-know.pdf
    • http://www.gorillawalker.com/soil-physics-agriculture-and-environmental-applications.pdf
    • http://www.gorillawalker.com/bidrag-til-hellum-herreds-beskrivelse-og-historie-danish-edition.pdf
    • http://www.gorillawalker.com/the-abcs-of-group-visits-an-implementation-manual-for-your.pdf
    • http://www.gorillawalker.com/new-mystudentsuccesslab-with-pearson-etext-standalone-access-card-for-the.pdf
    • http://www.gorillawalker.com/chasing-the-star-garden-a-steampunk-romantic-adventure-novel-the.pdf
    • http://www.gorillawalker.com/observing-organizations-anxiety-defence-and-culture-in-health-car.pdf
    • http://www.gorillawalker.com/introduction-to-forest-ecosystem-science-and-management-hardcover-2002-3.pdf
    • http://www.gorillawalker.com/pesticide-residues-in-food-2012-fao-who-meeting-on-pesticides.pdf
    • http://www.gorillawalker.com/the-rich-man-and-the-parrot.pdf
    • http://www.gorillawalker.com/driving-force-edge-football-star-power.pdf
    • http://www.gorillawalker.com/no-sex-in-the-city.pdf
    • http://www.gorillawalker.com/the-unreel-drum-book.pdf
    • http://www.gorillawalker.com/interaction-of-color-revised-and-expanded-edition.pdf
    • http://www.gorillawalker.com/basic-qc-practices-training-in-statistical-quality-control-for-healthcare.pdf
    • http://www.gorillawalker.com/making-political-geography.pdf
    • http://www.gorillawalker.com/getting-away-with-murder-kindle-edition.pdf
    • http://www.gorillawalker.com/selected-commercial-statutes-for-payment-systems-courses-2012.pdf
    • http://www.gorillawalker.com/cooking-dirty-life-love-and-death-in-the-kitchen.pdf
    • http://www.gorillawalker.com/the-sage-handbook-of-workplace-learning.pdf
    • http://www.gorillawalker.com/geometric-analysis-of-the-bergman-kernel-and-metric-graduate-texts.pdf
    • http://www.gorillawalker.com/marhaba-your-dubai-guide-visitors-tourists-jobseekers-new-to-dubai.pdf
    • http://www.gorillawalker.com/doctors-of-modernity-darwin-marx-and-freud.pdf
    • http://www.gorillawalker.com/handbook-of-thyroid-hormone.pdf
    • http://www.gorillawalker.com/success-principles-to-guide-your-snowboarding-goggles-online-business.pdf
    • http://www.gorillawalker.com/micro-nanorobotic-manipulation-systems-and-their-applications.pdf
    • http://www.gorillawalker.com/instant-magic.pdf
    • http://www.gorillawalker.com/preparense-para-perder-spanish-edition-no-ficcion.pdf
    • http://www.gorillawalker.com/el-equilibrista-the-acrobat-aforismos-y-microensayos-aphorisms-and-microessays.pdf
    • http://www.gorillawalker.com/bones-of-skeleton-creek-morning-mist-of-blood-paranormal-cowboy.pdf
    • http://www.gorillawalker.com/leaving-a-legacy-sustaining-family-unity-faith-and-wealth.pdf
    • http://www.gorillawalker.com/sunshine-picklelime.pdf
    • http://www.gorillawalker.com/japanese-start-speaking-today-language-30.pdf
    • http://www.gorillawalker.com/12-steps-to-career-freedom-book-2-a-necessary-career.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.