Malicious PDF — malware analysis report

Static analysis result for SHA-256 b1b69c4d431b83ff…

MALICIOUS

PDF

42.9 KB Created: 2019-04-04 23:18:24 +03:00 Authoring application: Adobe Acrobat 10.1 (via Adobe Acrobat 10.1 Paper Capture Plug-in)
MD5: ce57d032c40e45f85f165b12684d6675 SHA-1: 459ec844039f85a9406d2d1c1f545a3312e7998d SHA-256: b1b69c4d431b83ff9f4159c33baac87e2f8a33e3f350d2b33d3074c72897fc2a
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious File

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged the document as malicious. The embedded URLs suggest an attempt to redirect users to a large collection of documents, potentially for SEO manipulation or to serve as a distribution point for further malicious content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8856

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/back-to-basics-science-for-5-6-year-olds-bk.pdf
    • http://www.gorillawalker.com/the-touch-of-your-hand-erotic-love-stories-v-1.pdf
    • http://www.gorillawalker.com/the-penguin-historical-atlas-of-the-bible-lands-paperback-2009.pdf
    • http://www.gorillawalker.com/wild-side-series-8-volume-set-angry-animals-beyond-belief.pdf
    • http://www.gorillawalker.com/buy-the-future-learning-to-negotiate-for-a-future-better.pdf
    • http://www.gorillawalker.com/drawing-for-architecture-writing-architecture.pdf
    • http://www.gorillawalker.com/accounting-bookkeeping-freedom-for-women-how-to-quickly-easily-find.pdf
    • http://www.gorillawalker.com/claiming-his-wife-unlikely-love-book-3.pdf
    • http://www.gorillawalker.com/teaching-in-america-5th-edition.pdf
    • http://www.gorillawalker.com/mathematical-modelling-of-biosystems-applied-optimization.pdf
    • http://www.gorillawalker.com/siberia-in-the-eyes-of-russian-photographers.pdf
    • http://www.gorillawalker.com/mayes-midwifery-a-textbook-for-midwives-14e.pdf
    • http://www.gorillawalker.com/go-karts-wild-rides.pdf
    • http://www.gorillawalker.com/from-buddy-to-boss-effective-fire-service-leadership-audio-book.pdf
    • http://www.gorillawalker.com/building-diplomacy-the-architecture-of-american-embassies.pdf
    • http://www.gorillawalker.com/information-architecture-for-designers-structuring-websites-for-business-success.pdf
    • http://www.gorillawalker.com/andriessen-ballade-for-oboe-piano.pdf
    • http://www.gorillawalker.com/deux-caprices-en-forme-de-valse-pour-basson-solo-accompagnement.pdf
    • http://www.gorillawalker.com/a-handbook-of-wine-how-to-buy-serve-store-and.pdf
    • http://www.gorillawalker.com/genoma-humano-y-derecho-resultados-de-la-investigaci.pdf
    • http://www.gorillawalker.com/wake-up-to-your-dreams-transform-your-relationships-career-and.pdf
    • http://www.gorillawalker.com/more-make-it-fast-cook-it-slow-200-brand-new.pdf
    • http://www.gorillawalker.com/but-if-not-enduring-loss-illness-and-death-vol-2.pdf
    • http://www.gorillawalker.com/google-compute-engine-kindle-edition.pdf
    • http://www.gorillawalker.com/numbers-turtleback-school-library-binding-edition.pdf
    • http://www.gorillawalker.com/one-hundred-poems-from-the-japanese.pdf
    • http://www.gorillawalker.com/wordly-wise-3000-book-11-answer-key-systematic-academic-vocabulary.pdf
    • http://www.gorillawalker.com/cape-horn-to-starboard.pdf
    • http://www.gorillawalker.com/swimming-competitive-sports-series.pdf
    • http://www.gorillawalker.com/tasty-catalog-of-japanese-cuisine-wonderful-magnificent-art-book-52.pdf
    • http://www.gorillawalker.com/the-new-economics-for-industry-government-education-kindle-edition.pdf
    • http://www.gorillawalker.com/micro-econometrics-for-policy-program-and-treatment-effects-advanced-texts.pdf
    • http://www.gorillawalker.com/final-harvest-poems.pdf
    • http://www.gorillawalker.com/older-man-younger-woman-seduction-older-younger-seduction-taboo.pdf
    • http://www.gorillawalker.com/world-war-second-1939-45-norway-the-commandos-dieppe-a.pdf
    • http://www.gorillawalker.com/a-p-technician-powerplant-textb00k.pdf
    • http://www.gorillawalker.com/step-by-step-to-financial-independence-the-golden-rules-of.pdf
    • http://www.gorillawalker.com/literary-half-lives-doris-lessing-clancy-sigal-and-roman-clef.pdf
    • http://www.gorillawalker.com/omaha-s-easter-tornado-of-1913-ne-images-of-america.pdf
    • http://www.gorillawalker.com/triage-x-vol-7.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.