Malicious PDF — malware analysis report

Static analysis result for SHA-256 b0b777bdd130f318…

MALICIOUS

PDF

42.9 KB Created: 2018-11-14 23:30:21 +03:00 Authoring application: Adobe Acrobat 7.0 (via Adobe Acrobat 7.0 Image Conversion Plug-in)
MD5: 326618d6a98e689f08f6995ecf66d528 SHA-1: 40cca4c1c8053fc8fb9d2b97e839520187aa56f5 SHA-256: b0b777bdd130f3185105b0621e86fd1971eb350adfc4cc0c7e8c5d951ea10422
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded URLs pointing to external PDF files on the same domain, as indicated by the PDF_SEO_LINK_FARM heuristic. This suggests the document is part of an SEO manipulation scheme or a link farm designed to drive traffic to potentially malicious content. No scripts were extracted, and the document body was heavily obfuscated, limiting further analysis of the specific lure.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9027

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/glitter-and-grit-lonesome-point-texas-volume-4.pdf
    • http://www.gorillawalker.com/skoldo-elementary-french-teacher-s-handbook-skoldo-primary-language.pdf
    • http://www.gorillawalker.com/windows-10-for-dummies-for-dummies-computers.pdf
    • http://www.gorillawalker.com/la-nvi-experiencia-viva-los-evangelios-audio-cd-spanish-edition.pdf
    • http://www.gorillawalker.com/the-priority-of-prudence-virtue-and-natural-law-in-thomas.pdf
    • http://www.gorillawalker.com/karstj-ger-guerilla-and-anti-guerrilla-in-ozah-1942-1945.pdf
    • http://www.gorillawalker.com/in-the-shade-of-spring-leaves-the-life-of-higuchi.pdf
    • http://www.gorillawalker.com/brain-and-oral-functions-oral-motor-function-and-dysfunction-international.pdf
    • http://www.gorillawalker.com/modern-dental-assisting-textbook-and-workbook-package-10e.pdf
    • http://www.gorillawalker.com/la-novela-en-colombia-spanish-edition.pdf
    • http://www.gorillawalker.com/a-sourcebook-about-liturgy-sourcebook-anthologies.pdf
    • http://www.gorillawalker.com/the-nine-doors-of-midgard-a-complete-curriculum-of-rune.pdf
    • http://www.gorillawalker.com/the-spinal-cord-an-article-from-science-weekly-html-digital.pdf
    • http://www.gorillawalker.com/migration-and-international-legal-norms.pdf
    • http://www.gorillawalker.com/vol-44-autumn-leaves-book-cd-set-play-a-long.pdf
    • http://www.gorillawalker.com/music-in-the-renaissance-2nd-edition.pdf
    • http://www.gorillawalker.com/essentials-of-managed-health-care-5th-edition-by-kongstvedt-peter.pdf
    • http://www.gorillawalker.com/essential-zbrush-wordware-game-and-graphics-library.pdf
    • http://www.gorillawalker.com/ankylosing-spondylitis-pyramid-the-lifestyle-that-lets-you-take-back.pdf
    • http://www.gorillawalker.com/hinter-den-mauern-der-stadt-eine-reise-ins-mittelalterliche-wien.pdf
    • http://www.gorillawalker.com/the-puritan-family-religion-and-domestic-relations-in-seventeenth-century.pdf
    • http://www.gorillawalker.com/guinness-world-records-2008.pdf
    • http://www.gorillawalker.com/asimov-s-choice-extraterrestrials-eclipses.pdf
    • http://www.gorillawalker.com/volando-sobre-el-asfalto-los-a-os-que-tocamos-la.pdf
    • http://www.gorillawalker.com/the-4-percent-universe-dark-matter-dark-energy-and-the.pdf
    • http://www.gorillawalker.com/favorite-bible-verses-happy-day.pdf
    • http://www.gorillawalker.com/the-ferris-conspiracy.pdf
    • http://www.gorillawalker.com/conservation-of-the-richmond-birdwing-butterfly-in-australia.pdf
    • http://www.gorillawalker.com/places-to-go-in-southern-new-mexico.pdf
    • http://www.gorillawalker.com/revista-antenna-eletronica-popular-anep-ref-1205-2007-portuguese-edition.pdf
    • http://www.gorillawalker.com/crowd-actions-in-britain-and-france-from-the-middle-ages.pdf
    • http://www.gorillawalker.com/muscle-men-rock-hard-gay-erotica.pdf
    • http://www.gorillawalker.com/hospital-and-medical-school-design-international-symposium-held-at-queen.pdf
    • http://www.gorillawalker.com/student-workbook-choose-you-this-day.pdf
    • http://www.gorillawalker.com/s-a-special-a-vol-12.pdf
    • http://www.gorillawalker.com/motocross-2016-16-month-calendar-september-2015-through-december-2016.pdf
    • http://www.gorillawalker.com/stresses-in-plates-shells.pdf
    • http://www.gorillawalker.com/the-life-of-emily-dickinson.pdf
    • http://www.gorillawalker.com/invisible-rough-cut.pdf
    • http://www.gorillawalker.com/florence-and-tuscany-dk-eyewitness-travel-guide.pdf
    • http://www.gorillawalke
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.