Malicious PDF — malware analysis report

Static analysis result for SHA-256 b14aaba88fd6e99c…

MALICIOUS

PDF

44.1 KB Created: 2018-11-14 11:31:51 +03:00 Authoring application: Adobe InDesign CS6 (Macintosh) (via 3-Heights(TM) PDF Optimization Shell 4.6.23.0 (http://www.pdf-tools.com))
MD5: 9f9795c061277d3064117204b213f47e SHA-1: 94c6c9aed1727d94e9a3c706c80b6c307bd3cccf SHA-256: b14aaba88fd6e99c939d03da66245242bf1d2857717d0192b242e9b3ac9c0e2e
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged this PDF as malicious with a high score. The document body is heavily obfuscated and unreadable, but the presence of numerous links suggests a malicious intent, possibly to manipulate search engine results or to distribute further malware through these linked documents. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9171

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/teaching-to-mastery-mathematics-teaching-of-whole-numbers.pdf
    • http://www.gorillawalker.com/the-ottawa-st-lawrence-navigator.pdf
    • http://www.gorillawalker.com/is-functional-neuroimaging-currently-useful-in-the-diagnosis-of-adult.pdf
    • http://www.gorillawalker.com/intermediate-algebra-for-collage-students-instructors-solutions-manual.pdf
    • http://www.gorillawalker.com/singing-in-celebration-hymns-for-special-occasions.pdf
    • http://www.gorillawalker.com/the-bell-witch-an-american-haunting.pdf
    • http://www.gorillawalker.com/betty-friedan-and-the-making-of-the-feminine-mystique-the.pdf
    • http://www.gorillawalker.com/rock-climbing-2015-square-12x12.pdf
    • http://www.gorillawalker.com/the-executive-in-the-constitution-structure-autonomy-and-internal-control.pdf
    • http://www.gorillawalker.com/biomarker-validation-technological-clinical-and-commercial-aspects.pdf
    • http://www.gorillawalker.com/barcelona-hallwag-city-flash.pdf
    • http://www.gorillawalker.com/death-becomes-us.pdf
    • http://www.gorillawalker.com/the-safn-49-battle-rifle-a-shooter-s-and-collector.pdf
    • http://www.gorillawalker.com/g-x-e-interaction-and-genetic-divergence-study-in-aromatic.pdf
    • http://www.gorillawalker.com/ishmael-an-adventure-of-the-mind-and-spirit.pdf
    • http://www.gorillawalker.com/life-in-a-farming-community-learn-about-rural-life.pdf
    • http://www.gorillawalker.com/science-and-the-indian-tradition-when-einstein-met-tagore-india.pdf
    • http://www.gorillawalker.com/take-back-the-economy-an-ethical-guide-for-transforming-our.pdf
    • http://www.gorillawalker.com/painting-flowers-with-impact-in-watercolor.pdf
    • http://www.gorillawalker.com/practical-boat-building-revised-enlarged-vol-34.pdf
    • http://www.gorillawalker.com/locomotive-valves-and-valve-gears.pdf
    • http://www.gorillawalker.com/the-dispatches-of-field-marshal-the-duke-of-wellington-during.pdf
    • http://www.gorillawalker.com/the-greatest-newspaper-dot-to-dot-puzzles-vol-5.pdf
    • http://www.gorillawalker.com/fortress-america-the-american-military-and-the-consequences-of-peace.pdf
    • http://www.gorillawalker.com/plastic-deformation-of-metals.pdf
    • http://www.gorillawalker.com/roman-tales-20th-century-classics.pdf
    • http://www.gorillawalker.com/a-question-of-class-the-redneck-stereotype-in-southern-fiction.pdf
    • http://www.gorillawalker.com/agatha-h-and-the-airship-city-girl-genius.pdf
    • http://www.gorillawalker.com/the-complete-guide-to-investing-in-bonds-and-bond-funds.pdf
    • http://www.gorillawalker.com/the-pregnancy-decision-handbook-for-women-with-depression.pdf
    • http://www.gorillawalker.com/mating-wolves-5.pdf
    • http://www.gorillawalker.com/vacation-to-darkness-watching-my-gay-husband-go-interracial-flirting.pdf
    • http://www.gorillawalker.com/curls-versatile-wearable-wraps-to-knit-at-any-gauge.pdf
    • http://www.gorillawalker.com/what-you-should-know-about-the-united-states-constitution-and.pdf
    • http://www.gorillawalker.com/chunky-cookbook-vegetarian-main-dishes-from-around-the-world.pdf
    • http://www.gorillawalker.com/from-slave-to-governor-the-unlikely-life-of-lott-cary.pdf
    • http://www.gorillawalker.com/cardamom-the-genus-elettaria-medicinal-and-aromatic-plants-industrial-profiles.pdf
    • http://www.gorillawalker.com/blues-an-illustrated-history.pdf
    • http://www.gorillawalker.com/oa-the-big-book-way-an-aa-big-book-study.pdf
    • http://www.gorillawalker.com/crunch-whole-grain-artisan-chips-and-crackers-low-fat-low.pdf
    • http://www.gorillawalker.com/singing-in-
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://www.pdf-tools.com
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    +1 more URL(s)

Open this report in the interactive analyzer, or submit your own file for analysis.