Malicious PDF — malware analysis report

Static analysis result for SHA-256 b3c2cb98eea91f90…

MALICIOUS

PDF

40.9 KB Created: 2018-11-30 21:10:19 +03:00 Authoring application: Arbortext 5.4 (via PDFlib+PDI 7.0.4 (Win32))
MD5: 33009aa81224e3b9ad9135ce88fa6399 SHA-1: 3a42bb17b47a128173e9796dbe90b50643b2a051 SHA-256: b3c2cb98eea91f9066c501e0b143d7cb70b749217e40b724c163078e289a1a1b
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF sample was flagged by a machine learning classifier as malicious. A critical heuristic identified a large number of embedded external links, suggesting a link farm designed to redirect users. The document body is heavily obfuscated and does not provide clear textual lures, but the sheer volume of links points towards a malicious intent, likely for phishing or malware distribution.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9027

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-mathematics-of-love-patterns-proofs-and-the-search-for.pdf
    • http://www.gorillawalker.com/t-bar-m-coach.pdf
    • http://www.gorillawalker.com/400-days-of-oppression.pdf
    • http://www.gorillawalker.com/runners-hi-japanese-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/changing-of-the-guard-saga-of-the-god-touched-mage.pdf
    • http://www.gorillawalker.com/elements-of-literature-fifth-course-teacher-edition.pdf
    • http://www.gorillawalker.com/the-birth-dearth-what-happens-when-people-in-free-countries.pdf
    • http://www.gorillawalker.com/the-encyclopaedia-of-music-in-ireland.pdf
    • http://www.gorillawalker.com/into-harm-s-way.pdf
    • http://www.gorillawalker.com/erotic-themes-of-nepal-an-analytical-study-and-interpretations-of.pdf
    • http://www.gorillawalker.com/shamanic-wisdom-in-the-pyramid-texts-the-mystical-tradition-of.pdf
    • http://www.gorillawalker.com/groucho-marx-and-other-short-stories-and-tall-tales-the.pdf
    • http://www.gorillawalker.com/sealed-with-a-kiss-inspy-kisses-volume-2.pdf
    • http://www.gorillawalker.com/asvab-for-dummies-kindle-edition.pdf
    • http://www.gorillawalker.com/characters-and-plots-in-the-fiction-of-raymond-chandler.pdf
    • http://www.gorillawalker.com/the-paleo-chef-quick-flavourful-paleo-meals-for-eating-well.pdf
    • http://www.gorillawalker.com/coleccion-de-historiadores-de-chile-y-documentos-relativos-a-la.pdf
    • http://www.gorillawalker.com/air-it-out-increasing-suspension-in-a-pickup-truck-to.pdf
    • http://www.gorillawalker.com/car-audio-for-dummies-publisher-for-dummies.pdf
    • http://www.gorillawalker.com/franklin-delano-roosevelt-and-the-making-of-modern-america-library.pdf
    • http://www.gorillawalker.com/no-victor-no-vanquished-yom-kippur-war.pdf
    • http://www.gorillawalker.com/new-nurse-s-survival-guide.pdf
    • http://www.gorillawalker.com/organizational-learning-individual-differences-technologies-and-impact-of-teaching.pdf
    • http://www.gorillawalker.com/twin-tracks-the-autobiography.pdf
    • http://www.gorillawalker.com/an-inspector-calls-philip-allan-literature-guide-for-gcse.pdf
    • http://www.gorillawalker.com/the-canon-law-letter-and-spirit-a-practical-guide-to.pdf
    • http://www.gorillawalker.com/modern-biology-biotechnology-labs.pdf
    • http://www.gorillawalker.com/explaining-the-real-life-of-the-living-goddess-nepal-travel.pdf
    • http://www.gorillawalker.com/tales-from-1-001-nights-aladdin-ali-baba-and-other.pdf
    • http://www.gorillawalker.com/nkjv-giant-print-reference-bible-cobalt-blue-leathertouch-indexed.pdf
    • http://www.gorillawalker.com/dirt-bikes-ultimate-motorcycle-series.pdf
    • http://www.gorillawalker.com/angel-fire-east-pre-shannara-word-and-void-book-3.pdf
    • http://www.gorillawalker.com/process-plant-machinery-second-edition.pdf
    • http://www.gorillawalker.com/tested-how-twelve-wrongly-imprisoned-men-held-onto-hope.pdf
    • http://www.gorillawalker.com/the-immigrant-world-of-ybor-city-italians-and-their-latin.pdf
    • http://www.gorillawalker.com/ibsen-s-theatre-of-ritualistic-visions-an-interdisciplinary-study-of.pdf
    • http://www.gorillawalker.com/a-year-of-prayer-approaching-god-with-an-open-heart.pdf
    • http://www.gorillawalker.com/the-face-of-scotland-the-scottish-national-portrait-gallery-at.pdf
    • http://www.gorillawalker.com/the-bone-factory-kindle-edition.pdf
    • http://www.gorillawalker.com/at-home-with-the-diplomats-inside-a-european-foreign-ministry.pdf
    • http://www.gorillawalker.com/the-birth-de
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.