Malicious PDF — malware analysis report

Static analysis result for SHA-256 b40c3c29593c6715…

MALICIOUS

PDF

32.9 KB Created: 2019-09-18 17:53:53 +03:00 Authoring application: FrameMaker 7.0 (via Acrobat Distiller 5.0.5 (Windows); modified using iText® 5.5.4 ©2000-2014 iText Group NV (AGPL-version))
MD5: 0c9f2f90cf6fea3058b23957cc1dc168 SHA-1: ec98b68e517f4d413576f2c56a6a3c15ab49f148 SHA-256: b40c3c29593c6715483cd4e5289aa1d24bb2ae1cea5fe5cc431e3ab3deeab279
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded external links, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged the document as malicious. The embedded URLs point to various PDF documents hosted on the same domain, suggesting a link farm or a distribution point for further malicious content. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8529

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/life-of-saint-paul-the.pdf
    • http://www.gorillawalker.com/feldspars.pdf
    • http://www.gorillawalker.com/it-could-happen-tommorrow.pdf
    • http://www.gorillawalker.com/designing-floor-slabs-on-grade-step-by-step-procedures-sample.pdf
    • http://www.gorillawalker.com/singapore-classic-desserts-8-mouth-watering-delights-from-the-red.pdf
    • http://www.gorillawalker.com/viet-cong-charlie-and-his-deadly-tricks-kindle-edition.pdf
    • http://www.gorillawalker.com/measure-theory.pdf
    • http://www.gorillawalker.com/electric-generators-handbook-two-volume-set.pdf
    • http://www.gorillawalker.com/i-am-the-walrus-confessions-and-tips-from-a-blue.pdf
    • http://www.gorillawalker.com/photonic-crystals-molding-the-flow-of-light-print-replica-kindle.pdf
    • http://www.gorillawalker.com/rand-mcnally-colorado-springs-colorado-rand-mcnally-city-maps.pdf
    • http://www.gorillawalker.com/angels-in-late-ancient-christianity.pdf
    • http://www.gorillawalker.com/population-growth-and-economic-development-policy-questions.pdf
    • http://www.gorillawalker.com/los-angeles-riots-the-headliners.pdf
    • http://www.gorillawalker.com/american-bar-association-section-of-antitrust-law-staff-antitrust-law.pdf
    • http://www.gorillawalker.com/the-tourism-system.pdf
    • http://www.gorillawalker.com/accounting-for-lawyers-university-casebook-series.pdf
    • http://www.gorillawalker.com/bob-artley-s-country-christmas-as-remembered-by-a-former.pdf
    • http://www.gorillawalker.com/genetics-analysis-and-principles-analysis-principles-print-replica-kindle-edition.pdf
    • http://www.gorillawalker.com/flame-of-recca-22-japanese-edition-flame-of-recca.pdf
    • http://www.gorillawalker.com/concise-oxford-american-thesaurus.pdf
    • http://www.gorillawalker.com/design-of-normal-concrete-mixes-br-331-ci-sfb.pdf
    • http://www.gorillawalker.com/in-the-solemn-hours-a-collection-of-poems-sonnets-and.pdf
    • http://www.gorillawalker.com/la-dechirure-libanaise-questions-au-xxe-siecle-french-edition.pdf
    • http://www.gorillawalker.com/the-universal-tone-bringing-my-story-to-light.pdf
    • http://www.gorillawalker.com/who-s-your-bartender-the-secret-techniques-and-basics-of.pdf
    • http://www.gorillawalker.com/from-where-we-came-poems.pdf
    • http://www.gorillawalker.com/it-s-even-worse-than-it-looks-how-the-american.pdf
    • http://www.gorillawalker.com/les-trophees-oeuvres-de-jose-maria-de-heredia.pdf
    • http://www.gorillawalker.com/general-integration-and-measure.pdf
    • http://www.gorillawalker.com/prove-it-god.pdf
    • http://www.gorillawalker.com/uma-historia-da-cidade-da-bahia-portuguese-edition.pdf
    • http://www.gorillawalker.com/introduction-to-matrices-and-linear-transformations-a-series-of-books.pdf
    • http://www.gorillawalker.com/pediatric-eeg-an-interactive-reading-session.pdf
    • http://www.gorillawalker.com/the-complete-idiot-s-guide-to-communicating-with-spirits-idiot.pdf
    • http://www.gorillawalker.com/the-piano-improvisation-handbook.pdf
    • http://www.gorillawalker.com/best-handwriting-for-ages-8-9.pdf
    • http://www.gorillawalker.com/handbook-of-loss-prevention-and-crime-prevention.pdf
    • http://www.gorillawalker.com/flat-out-awesome-knock-knock-jokes-for-kids.pdf
    • http://www.gorillawalker.com/disney-tinker-bell-wall-calendar-2015.pdf
    • http://www.gorillawalker.com/american-bar-association-section-of-antitrust
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.