Malicious PDF — malware analysis report

Static analysis result for SHA-256 b27300f8d193d09a…

MALICIOUS

PDF

44.1 KB Created: 2019-03-19 16:33:38 +03:00 Authoring application: FrameMaker 12.0.2 (via Acrobat Distiller 11.0 (Windows))
MD5: d6b7093f6346d61cc222d631e9a9b346 SHA-1: d7c9e7a0a75a8416567267910bdc5fc5e1e4e787 SHA-256: b27300f8d193d09ab6dce0332061a978dec74ad36b7190d305cd9efc853d2e86
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious File

The PDF heuristic 'PDF_SEO_LINK_FARM' indicates the presence of 32 external links, with the first being http://www.gorillawalker.com/public-knowledge-private-ignorance-toward-a-library-and-information-policy.pdf. This suggests the document's primary purpose is to act as a link farm, potentially for SEO manipulation or to distribute malicious content. The ML classifier also flagged the PDF as malicious with a high probability. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9007

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/public-knowledge-private-ignorance-toward-a-library-and-information-policy.pdf
    • http://www.gorillawalker.com/crisis-intervention-theory-and-methodology.pdf
    • http://www.gorillawalker.com/first-book-of-bassoon-solos-faber-edition.pdf
    • http://www.gorillawalker.com/politics-in-the-age-of-peel-a-study-in-the.pdf
    • http://www.gorillawalker.com/elements-of-import-practice.pdf
    • http://www.gorillawalker.com/monet-s-waterlilies-wall-calendar-2016-art-calendar.pdf
    • http://www.gorillawalker.com/teacher-s-manual-for-student-books-1-4-challenger-adult.pdf
    • http://www.gorillawalker.com/panic-disorder-and-agoraphobia-oxford-psychiatry-library.pdf
    • http://www.gorillawalker.com/stepparenting.pdf
    • http://www.gorillawalker.com/analytic-philosophy-an-anthology.pdf
    • http://www.gorillawalker.com/emanuel-law-outlines-property-dukeminier-edition-aspenlaw-studydesk.pdf
    • http://www.gorillawalker.com/jaxson.pdf
    • http://www.gorillawalker.com/allan-s-australian-music-books-no-31-serenade-sheet-music.pdf
    • http://www.gorillawalker.com/the-illustrated-guide-to-film-scanning-a-best-practice-guide.pdf
    • http://www.gorillawalker.com/surrealistic-erotic-dreams-frank-c-hauser.pdf
    • http://www.gorillawalker.com/doctor-blakelys-handbook-of-wit-and-pungent-humor.pdf
    • http://www.gorillawalker.com/getting-started-in-genealogy-online.pdf
    • http://www.gorillawalker.com/the-lost-prophet-the-book-of-enoch-and-its-influence.pdf
    • http://www.gorillawalker.com/cracking-the-ap-chemistry-exam-2009-edition-college-test-preparation.pdf
    • http://www.gorillawalker.com/the-jane-austen-pocket-bible-everything-you-want-to-know.pdf
    • http://www.gorillawalker.com/kill-as-few-patients-as-possible-and-56-other-essays.pdf
    • http://www.gorillawalker.com/palladian-style.pdf
    • http://www.gorillawalker.com/l-assommoir.pdf
    • http://www.gorillawalker.com/children-s-clothing-designing-selecting-fabrics-patternmaking-and-sewing-f.pdf
    • http://www.gorillawalker.com/between-silk-and-cyanide-a-codemaker-s-war-1941-1945.pdf
    • http://www.gorillawalker.com/developing-self-discipline-and-preventing-and-correcting-misbehavior.pdf
    • http://www.gorillawalker.com/hunger-sean-kelly-the-autobiography.pdf
    • http://www.gorillawalker.com/la-gioconda-tuba-part-a2324.pdf
    • http://www.gorillawalker.com/genocide-of-one-a-thriller.pdf
    • http://www.gorillawalker.com/firsthand-america-a-history-of-the-united-states-volume-1.pdf
    • http://www.gorillawalker.com/loose-leaf-version-for-world-regional-geography-launchpad-6-month.pdf
    • http://www.gorillawalker.com/representation-in-western-music.pdf
    • http://www.gorillawalker.com/the-jerusalem-question-and-its-resolution-selected-documents.pdf
    • http://www.gorillawalker.com/the-bourgeois-interior.pdf
    • http://www.gorillawalker.com/sexual-violence-and-american-manhood.pdf
    • http://www.gorillawalker.com/recasting-egalitarianism-new-rules-for-communities-states-and-markets-the.pdf
    • http://www.gorillawalker.com/diseno-fotografico-photographic-design-spanish-edition.pdf
    • http://www.gorillawalker.com/early-capitals-of-islamic-culture-the-art-and-culture-of.pdf
    • http://www.gorillawalker.com/pcr-technology-principles-and-applications-for-dna-amplification-breakthroughs-in.pdf
    • http://www.gorillawalker.com/historical-scripts-from-classical-times-to-the-renaissance.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.