Malicious PDF — malware analysis report

Static analysis result for SHA-256 b32e1ccfeebb9bbd…

MALICIOUS

PDF

44.9 KB Created: 2018-11-23 08:06:11 +03:00 Authoring application: C2 v4.2.0220 build 670 - c2_rendition_config : Techlit_Active (via Acrobat Distiller 10.0.0 (Windows); modified using iText 2.1.7 by 1T3XT)
MD5: 2635205b825f6cc15ab7e49f93078ced SHA-1: f61fdcd6066318835de9e1b34b747c68f0f249ab SHA-256: b32e1ccfeebb9bbdef9fa5a6cb410dbedbc6cd46b215235e5cf33b3ccc67ef34
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF was flagged for containing a large number of external links, a technique often used for SEO spam or to distribute further malicious content. The ML classifier also indicated a high probability of maliciousness. While no scripts were extracted, the sheer volume of links suggests a malicious intent to redirect users to potentially harmful sites.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8822

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/pieces-to-play-book-1-piano-solos-composed-to-correlate.pdf
    • http://www.gorillawalker.com/the-apostolic-cell-church.pdf
    • http://www.gorillawalker.com/forman-s-guide-to-third-reich-german-awards-and-their.pdf
    • http://www.gorillawalker.com/guiding-those-left-behind-in-wisconsin.pdf
    • http://www.gorillawalker.com/regreso-al-v-nculo-familiar-coleccion-familia-sana-para-un.pdf
    • http://www.gorillawalker.com/the-art-of-wolfenstein-the-new-order.pdf
    • http://www.gorillawalker.com/toxic-sludge-is-good-for-you-lies-damn-lies-and.pdf
    • http://www.gorillawalker.com/short-story-criticism-excerpts-from-criticism-of-the-works-of.pdf
    • http://www.gorillawalker.com/first-recital-series-piano-accompaniment-viola.pdf
    • http://www.gorillawalker.com/statistics-for-business-and-economics-10th-revised-edition.pdf
    • http://www.gorillawalker.com/sex-orgies-in-vienna.pdf
    • http://www.gorillawalker.com/clinical-diagnostic-bacteriology-including-serum-diagnosis-cytodiagnosis.pdf
    • http://www.gorillawalker.com/wheat-diet-secrets-lose-those-extra-pounds-in-7-days.pdf
    • http://www.gorillawalker.com/mountain-biking-uk-magazine-january-2014.pdf
    • http://www.gorillawalker.com/atlas-of-functional-neuroanatomy-2nd-06-by-md-walter-hendelman.pdf
    • http://www.gorillawalker.com/a-peculiar-imbalance-the-fall-and-rise-of-racial-equality.pdf
    • http://www.gorillawalker.com/captain-cook-and-his-exploration-of-the-pacific-snapping-turtle.pdf
    • http://www.gorillawalker.com/exploring-medical-language-text-and-audio-cd-rom-package.pdf
    • http://www.gorillawalker.com/simplifying-immigration-law-the-draft-immigration-bill-cm.pdf
    • http://www.gorillawalker.com/brigand-noble-passions-book-4.pdf
    • http://www.gorillawalker.com/animals-and-society-an-introduction-to-human-animal-studies-by.pdf
    • http://www.gorillawalker.com/nude-foods-raw-food-diet-recipes-berverages-collection-kindle-edition.pdf
    • http://www.gorillawalker.com/philip-guston-s-poor-richard.pdf
    • http://www.gorillawalker.com/learning-to-light-easy-and-affordable-techniques-for-the-photographer.pdf
    • http://www.gorillawalker.com/multicast-sockets-practical-guide-for-programmers-the-practical-guides.pdf
    • http://www.gorillawalker.com/shut-them-down-the-global-g8-gleneagles-2005-and-the.pdf
    • http://www.gorillawalker.com/astrophysics-processes-the-physics-of-astronomical-phenomena.pdf
    • http://www.gorillawalker.com/latin-manuscript-books-before-1600.pdf
    • http://www.gorillawalker.com/the-five-wisdom-energies-a-buddhist-way-of-understanding-personalities.pdf
    • http://www.gorillawalker.com/the-indecencies-of-isabelle-nexus.pdf
    • http://www.gorillawalker.com/hell-the-logic-of-damnation.pdf
    • http://www.gorillawalker.com/omega-a-jack-sigler-thriller.pdf
    • http://www.gorillawalker.com/the-responsible-corporation-in-a-global-economy.pdf
    • http://www.gorillawalker.com/lean-basics-for-r-d-developing-innovative-and-profitable-products.pdf
    • http://www.gorillawalker.com/diamond-spirit-diamond-spirit-1-kindle-edition.pdf
    • http://www.gorillawalker.com/captain-alex-maclean-jack-london-s-sea-wolf.pdf
    • http://www.gorillawalker.com/rx-for-advertising-a-common-sense-cure-for-business-owners.pdf
    • http://www.gorillawalker.com/everyday-cryptography-fundamental-principles-and-applications.pdf
    • http://www.gorillawalker.com/the-big-four-a-hercule-poirot-mystery-hercule-poirot-mysteries.pdf
    • http://www.gorillawalker.com/recommended-bed-breakfasts-153-california-9th-recommended-bed-breakfasts-series.pdf
    • http://www.gorillawalker.com/toxic-sludge-is-goo
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.