Malicious PDF — malware analysis report

Static analysis result for SHA-256 b1cbf6a787c3e6ee…

MALICIOUS

PDF

44.6 KB Created: 2018-12-07 18:27:59 +03:00 Authoring application: - (via ABBYY FineReader 11)
MD5: 0d557b7dcf72b9a715fbe4096d3e3395 SHA-1: 4702040b2b53e79f9900f29fb0491f441db0a15f SHA-256: b1cbf6a787c3e6ee8d1535abad18f003b66ed35124daf0d6c96059c5e9262067
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF was flagged by a machine learning classifier and contains a large number of external links, suggesting a link farm or SEO poisoning attempt. The primary heuristic indicates a 'PDF_SEO_LINK_FARM' with 32 external PDF links, the first of which is http://www.gorillawalker.com/medieval-mercenaries-the-great-companies-volume-i.pdf. The document body is heavily obfuscated and does not provide clear textual lures, but the sheer volume of links points to a malicious intent to redirect users to potentially harmful content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9007

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/medieval-mercenaries-the-great-companies-volume-i.pdf
    • http://www.gorillawalker.com/byron-napoleon-j-c-hobhouse-and-the-hundred-days.pdf
    • http://www.gorillawalker.com/llamado-a-ser-un-l-der-de-dios-c-mo.pdf
    • http://www.gorillawalker.com/death-penalty-introducing-issues-with-opposing-viewpoints.pdf
    • http://www.gorillawalker.com/dante-y-su-obra.pdf
    • http://www.gorillawalker.com/gm-lumina-apv-silhouette-trans-sport-and-venture-1990-99.pdf
    • http://www.gorillawalker.com/kids-travel-journal-my-trip-to-miami.pdf
    • http://www.gorillawalker.com/seeking-stillness-and-the-great-nothingness-of-the-cosmos.pdf
    • http://www.gorillawalker.com/the-internal-auditing-pocket-guide-preparing-performing-reporting-and-follow.pdf
    • http://www.gorillawalker.com/organic-nanostructures-international-school-of-physics-enrico-fermi-149.pdf
    • http://www.gorillawalker.com/o-yes-lesson-learn-you-will-learn-a-lesson-1.pdf
    • http://www.gorillawalker.com/play-therapy-and-asperger-s-syndrome-helping-children-and-adolescents.pdf
    • http://www.gorillawalker.com/mauritius-central-grand-bassin-quatre-bornes-and-volcanic-mountains-n.pdf
    • http://www.gorillawalker.com/the-middle-ages-watts-reference.pdf
    • http://www.gorillawalker.com/jacob-do-bandolim-classics-of-the-brazilian-choro-choro-music.pdf
    • http://www.gorillawalker.com/principles-of-oocyte-and-embryo-donation.pdf
    • http://www.gorillawalker.com/12-concerti-grossi-op-6-concerto-no-8-in-g.pdf
    • http://www.gorillawalker.com/sweet-miniatures-the-art-of-making-bite-size-desserts.pdf
    • http://www.gorillawalker.com/ack-ack-macaque.pdf
    • http://www.gorillawalker.com/toda-suya-volumen-5-spanish-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/kotoku-shusui-portrait-of-a-japanese-radical.pdf
    • http://www.gorillawalker.com/daughters-of-eve-strong-women-of-the-bible.pdf
    • http://www.gorillawalker.com/shuva-the-future-of-the-jewish-past.pdf
    • http://www.gorillawalker.com/educating-the-young-child-with-autism-spectrum-disorders-moving-from.pdf
    • http://www.gorillawalker.com/wolf-of-the-west.pdf
    • http://www.gorillawalker.com/sickness-and-healing-a-case-study-on-the-dialectic-of.pdf
    • http://www.gorillawalker.com/dearest-stepbrother-the-billionaire-s-baby-bargain-book-three.pdf
    • http://www.gorillawalker.com/eisenman-inside-out-selected-writings-1963-1988.pdf
    • http://www.gorillawalker.com/federal-banking-law-regulations-a-handbook-for-lawyers.pdf
    • http://www.gorillawalker.com/alphabet-of-animals-a-smithsonian-alphabet-book-with-audiobook-cd.pdf
    • http://www.gorillawalker.com/the-economics-of-immigration.pdf
    • http://www.gorillawalker.com/das-tal-der-unsterblichen-meister-german-edition.pdf
    • http://www.gorillawalker.com/endangered-animals-color-and-learn-book-the-coloring-book-for.pdf
    • http://www.gorillawalker.com/partial-differential-equations-basic-theory-texts-in-applied-mathematics.pdf
    • http://www.gorillawalker.com/bin-ich-klein-nan-rompac-cinnavala-kinderbuch-deutsch-tamil-zweisprachig.pdf
    • http://www.gorillawalker.com/the-earth-is-the-lord-s.pdf
    • http://www.gorillawalker.com/jane-austen-dictionary.pdf
    • http://www.gorillawalker.com/ted-the-empowerment-dynamic-for-diabetes-a-health-empowerment-story.pdf
    • http://www.gorillawalker.com/rigby-on-our-way-to-english-writing-resource-guide-grade.pdf
    • http://www.gorillawalker.com/tristana-spanish-edition.pdf
    • http://www.gorillaw
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.