Malicious PDF — malware analysis report

Static analysis result for SHA-256 b22541b35b46a270…

MALICIOUS

PDF

43.2 KB Created: 2018-11-30 20:56:45 +03:00 Authoring application: http://www.helpandmanual.com (via wPDF3 by WPCubed GmbH)
MD5: 8f74928739458fc73ff9231635a9375c SHA-1: 02591df746cd6cb53d79cb3fed12d584a586be35 SHA-256: b22541b35b46a2706c272d8bd116acd1bcdeb2a41211e05312fcc9d9d57c2fc6
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of external links, identified by the PDF_SEO_LINK_FARM heuristic. These links point to various topics, suggesting a broad lure strategy. The ML_NYX_PDF_MALICIOUS heuristic also flagged the document as malicious. No scripts were extracted from this sample, and the document body was truncated, limiting further analysis of the specific lure.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8859

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/abortion-in-the-developing-world.pdf
    • http://www.gorillawalker.com/politics-of-conflict-a-survey.pdf
    • http://www.gorillawalker.com/adagio-and-vivace-from-symphony-no-6-haydn-accordion-solo.pdf
    • http://www.gorillawalker.com/the-ukulele-playlist-ballads.pdf
    • http://www.gorillawalker.com/farm-animals-first-discoveries.pdf
    • http://www.gorillawalker.com/estil-zate-el-entrenamiento-de-alto-rendimiento-sin-pesas-que.pdf
    • http://www.gorillawalker.com/50-superfood-juicing-recipes-how-to-have-more-energy-lose.pdf
    • http://www.gorillawalker.com/d-i-y-design-it-yourself-design-handbooks.pdf
    • http://www.gorillawalker.com/op-tribebook-glass-walkers-sourcebook-for-werewolf-the-apocalypse-tribebook.pdf
    • http://www.gorillawalker.com/how-to-support-struggling-students-mastering-the-principles-of-great.pdf
    • http://www.gorillawalker.com/first-words-scholastic-hands-on-learning-cards.pdf
    • http://www.gorillawalker.com/atonal-storytime-kindle-edition.pdf
    • http://www.gorillawalker.com/tana-umaga-up-close.pdf
    • http://www.gorillawalker.com/cone-beam-ct-and-3d-imaging-a-practical-guide.pdf
    • http://www.gorillawalker.com/the-ten-laws-of-sexual-health-for-men-kindle-edition.pdf
    • http://www.gorillawalker.com/lecture-notes-on-electron-correlation-and-magnetism-series-in-modern.pdf
    • http://www.gorillawalker.com/textbook-of-orthodontics-1e.pdf
    • http://www.gorillawalker.com/starting-and-operating-a-business-in-nebraska-starting-and-operating.pdf
    • http://www.gorillawalker.com/geotechnical-engineering-of-dams.pdf
    • http://www.gorillawalker.com/elementary-number-theory-second-edition-dover-books-on-mathematics-kindle.pdf
    • http://www.gorillawalker.com/the-case-of-the-howling-dog-a-perry-mason-mystery.pdf
    • http://www.gorillawalker.com/ocean-governance-regimes-and-the-south-china-sea-issues-a.pdf
    • http://www.gorillawalker.com/young-femininity-girlhood-power-and-social-change.pdf
    • http://www.gorillawalker.com/given-time-i-counterfeit-money-vol-1.pdf
    • http://www.gorillawalker.com/a-wayfarer-in-hungary.pdf
    • http://www.gorillawalker.com/dictionary-of-building-preservation.pdf
    • http://www.gorillawalker.com/poker-tournament-strategies.pdf
    • http://www.gorillawalker.com/time-out-1000-things-to-do-in-london-for-under.pdf
    • http://www.gorillawalker.com/nuclear-instrumentation-i-instrumentelle-hilfsmittel-der-kernphysik-i-handbuch-der.pdf
    • http://www.gorillawalker.com/the-human-body-science-vocabulary-readers-6-book-set-the.pdf
    • http://www.gorillawalker.com/the-gallaudet-survival-guide-to-signing.pdf
    • http://www.gorillawalker.com/college-typewriting-basic-course.pdf
    • http://www.gorillawalker.com/split-in-two-taboo-interracial-pregnancy.pdf
    • http://www.gorillawalker.com/two-miles-to-tynecastle.pdf
    • http://www.gorillawalker.com/pass-your-driving-test-first-time-2012-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/the-use-of-drugs-in-psychiatry.pdf
    • http://www.gorillawalker.com/exceeding-righteousness-studies-in-the-sermon-on-the-mount.pdf
    • http://www.gorillawalker.com/nutritional-anti-nutritions-of-anchote-coccinia-abyssinica-tubers-effect-of.pdf
    • http://www.gorillawalker.com/the-sweet-trade.pdf
    • http://www.gorillawalker.com/quilt-blocks-around-the-world-50-appliqu-patterns-for-international.pdf
    • http://www.helpandmanual.com
    • http://www.gorillawalker.com/estil-zate-el-en
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    +1 more URL(s)

Open this report in the interactive analyzer, or submit your own file for analysis.