Malicious PDF — malware analysis report

Static analysis result for SHA-256 b21b22ed2c24b5a6…

MALICIOUS

PDF

43.0 KB Created: 2018-11-23 20:58:41 +03:00 Authoring application: Adobe InDesign CC (Macintosh) (via Adobe PDF Library 11.0)
MD5: c04fb5347faa0e44c345011e4a6a23e4 SHA-1: 30bb14b659ed4fb998dfc65cc1ed7aa57f7ff06d SHA-256: b21b22ed2c24b5a6cf97948ea00d145a5b6e730e1900989ab26dc8f5b45ba166
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF was flagged by a critical heuristic for containing a mass external link farm, with 32 links pointing to various PDF documents. The ML classifier also indicated a high probability of maliciousness. The document body contains numerous embedded URLs, all pointing to external PDF files on the same domain, suggesting a link farm or SEO poisoning attack. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8872

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/ib-global-issues-project-organizer-3-middle-years-programme-international.pdf
    • http://www.gorillawalker.com/nelles-vietnam-laos-cambodia-travel-map-nelles-map.pdf
    • http://www.gorillawalker.com/libya-a-stone-gardens-country-libia-giardini-di-pietra.pdf
    • http://www.gorillawalker.com/environmental-engineering-fourth-edition.pdf
    • http://www.gorillawalker.com/conversation-pieces-poems-that-talk-to-other-poems-everyman-s.pdf
    • http://www.gorillawalker.com/tom-clancy-commander-in-chief-jack-ryan-novel-a.pdf
    • http://www.gorillawalker.com/multi-voltage-cmos-circuit-design.pdf
    • http://www.gorillawalker.com/abu-dulaf-mis-ar-ibn-muhalhil-s-travels-in-iran.pdf
    • http://www.gorillawalker.com/quiet-the-power-of-introverts-in-a-world-that-can.pdf
    • http://www.gorillawalker.com/american-indian-trickster-tales-myths-and-legends.pdf
    • http://www.gorillawalker.com/plastiki-across-the-pacific-on-plastic-an-adventure-to-save.pdf
    • http://www.gorillawalker.com/first-week-at-cow-school.pdf
    • http://www.gorillawalker.com/israel-and-new-breed-alive-in-south-africa.pdf
    • http://www.gorillawalker.com/salad-love-how-to-create-a-lunchtime-salad-every-weekday.pdf
    • http://www.gorillawalker.com/chess-master-at-any-age.pdf
    • http://www.gorillawalker.com/my-first-bilingual-book-indoors-english-french-french-and-english.pdf
    • http://www.gorillawalker.com/ecotourism-nature-conservation-and-development.pdf
    • http://www.gorillawalker.com/aryan-invasion-theory-a-reappraisal.pdf
    • http://www.gorillawalker.com/the-hutchinson-treasury-of-children-s-literature.pdf
    • http://www.gorillawalker.com/cambodia-animal-rescue-footprint-reading-library-3-incredible-animals-level.pdf
    • http://www.gorillawalker.com/integrated-interconnect-technologies-for-3d-nanoelectronic-systems-integrated-microsystems.pdf
    • http://www.gorillawalker.com/hidden-warbirds-ii-more-epic-stories-of-finding-recovering-and.pdf
    • http://www.gorillawalker.com/product-planning-essentials-2nd-edition.pdf
    • http://www.gorillawalker.com/human-motivation.pdf
    • http://www.gorillawalker.com/chinese-herb-medicine-and-therapy.pdf
    • http://www.gorillawalker.com/you-can-sing.pdf
    • http://www.gorillawalker.com/inside-the-welfare-lobby-a-history-of-the-australian-council.pdf
    • http://www.gorillawalker.com/stop-eating-your-heart-out-digital-workbook-the-21-day.pdf
    • http://www.gorillawalker.com/storytown-grammar-practice-book-student-edition-grade-2.pdf
    • http://www.gorillawalker.com/the-greatest-benefit-to-mankind-a-medical-history-of-humanity.pdf
    • http://www.gorillawalker.com/the-billionaire-and-the-mechanic-how-larry-ellison-and-a.pdf
    • http://www.gorillawalker.com/morning-has-broken.pdf
    • http://www.gorillawalker.com/the-scepter-and-the-star-anchor-bible-reference.pdf
    • http://www.gorillawalker.com/wheelchair-road-racing-wheelchair-sports.pdf
    • http://www.gorillawalker.com/picture-frames-in-an-afternoon.pdf
    • http://www.gorillawalker.com/bodyguard-bear-bbw-bear-shifter-paranormal-romance-protection-inc-book.pdf
    • http://www.gorillawalker.com/radical-reactions-in-organic-synthesis-oxford-chemistry-masters.pdf
    • http://www.gorillawalker.com/the-atkoi-war-volume-1-slave-girl-of-akkadis-kindle.pdf
    • http://www.gorillawalker.com/daniel-tiger-s-neighborhood-grr-ific-game.pdf
    • http://www.gorillawalker.com/antigone-from-the-complete-greek-tragedies.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.