Malicious PDF — malware analysis report

Static analysis result for SHA-256 b40622a159dd2d9f…

MALICIOUS

PDF

41.8 KB Created: 2018-12-28 08:08:58 +03:00 Authoring application: Acrobat PDFMaker 9.0 for Word (via Acrobat Distiller 9.0.0 (Windows))
MD5: c28a2d7eeeab80488698cbd65f046613 SHA-1: 2cb22060c21d916c49e806671bf4ef902227fe2d SHA-256: b40622a159dd2d9f6419ee9fae34cb7df7a04f86562d464f5457145f8160d229
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML_NYX_PDF_MALICIOUS heuristic also flagged the document. The embedded URLs all point to the same domain, suggesting a link farm or a method to distribute potentially malicious content disguised as legitimate documents. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8872

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/kink-an-autobiography.pdf
    • http://www.gorillawalker.com/hunting-the-hooligans.pdf
    • http://www.gorillawalker.com/jodo-shinshu-shin-buddhism-in-medieval-japan-institute-of-buddhist.pdf
    • http://www.gorillawalker.com/cybercrime-in-canadian-criminal-law.pdf
    • http://www.gorillawalker.com/dictionary-of-music-facts-on-file.pdf
    • http://www.gorillawalker.com/outdoor-power-equipment-lab-manual.pdf
    • http://www.gorillawalker.com/vivien-leigh-a-biography.pdf
    • http://www.gorillawalker.com/microeconomics-11th-edition.pdf
    • http://www.gorillawalker.com/texes-principal-068-flashcard-study-system-texes-test-practice-questions.pdf
    • http://www.gorillawalker.com/the-black-atlantic-modernity-and-double-consciousness.pdf
    • http://www.gorillawalker.com/boy-on-ice-the-derek-boogaard-story.pdf
    • http://www.gorillawalker.com/international-business-oxford-higher-education.pdf
    • http://www.gorillawalker.com/a-client-s-guide-to-engaging-an-architect.pdf
    • http://www.gorillawalker.com/the-miscellaneous-writings-of-tobias-smollett-the-pickering-masters.pdf
    • http://www.gorillawalker.com/summit-of-the-wolf-silver-wolf-clan-book-4.pdf
    • http://www.gorillawalker.com/la-transformaci-n-total-de-su-dinero-un-plan-efectivo.pdf
    • http://www.gorillawalker.com/magnetic-therapy-its-application-to-the-menstrual-cycle.pdf
    • http://www.gorillawalker.com/500-words-pictures-my-first-bilingual-visual-dictionary-english-filipino.pdf
    • http://www.gorillawalker.com/rights-and-responsibilities-of-citizens-first-grade-social-science-lesson.pdf
    • http://www.gorillawalker.com/true-history-of-the-ghost-and-all-about-metempsychosis-cambridge.pdf
    • http://www.gorillawalker.com/barriers-and-accident-prevention.pdf
    • http://www.gorillawalker.com/pan-cake-pancake-sandcastle-compound-words.pdf
    • http://www.gorillawalker.com/flowers-of-evil-in-pattern-and-prose-fleurs-du-mal.pdf
    • http://www.gorillawalker.com/decision-making-in-spinal-care.pdf
    • http://www.gorillawalker.com/modell-s-drugs-in-current-use-and-new-drugs-2003.pdf
    • http://www.gorillawalker.com/laboratory-anatomy-of-the-frog-and-toad.pdf
    • http://www.gorillawalker.com/this-time-with-love-a-christian-romance-the-mckinleys-book.pdf
    • http://www.gorillawalker.com/a-key-to-the-solar-compass-and-surveyor-s-companion.pdf
    • http://www.gorillawalker.com/gita-mehta-writing-home-creating-homeland-writers-of-the-indian.pdf
    • http://www.gorillawalker.com/universal-prayer.pdf
    • http://www.gorillawalker.com/wooden-horse.pdf
    • http://www.gorillawalker.com/maigrir-une-bonne-fois-pour-toutes-avec-weight-watchers.pdf
    • http://www.gorillawalker.com/inorganic-chemistry-principles-of-structure-and-reactivity-4th-edition.pdf
    • http://www.gorillawalker.com/shluffy-girl-matzah-ball-books.pdf
    • http://www.gorillawalker.com/prehistory-of-the-americas.pdf
    • http://www.gorillawalker.com/creative-elements-landscape-photography-darkroom-techniques.pdf
    • http://www.gorillawalker.com/pilgrimage-to-rome-in-the-middle-ages-studies-in-the.pdf
    • http://www.gorillawalker.com/champs-de-l-imaginaire-selected-writings-of-gilbert-durand-ateliers.pdf
    • http://www.gorillawalker.com/highland-wolf-clan-series-book-1-the-reluctant-alpha-kindle.pdf
    • http://www.gorillawalker.com/flora-of-north-america-volume-8-magnoliophyta-paeoniaceae-to-ericaceae.pdf
    • http://www.gorillawalker.com/microeconomics-11th-ed
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.