Malicious PDF — malware analysis report

Static analysis result for SHA-256 b6488274e5edf787…

MALICIOUS

PDF

42.5 KB Created: 2018-12-15 21:32:01 +03:00 Authoring application: QuarkXPress(tm) 6.1
MD5: a09c4ad494a24a1fbdf43647b3827ae7 SHA-1: f55f3621ab3e83ec8ef8ed32a72c700ba2227ac8 SHA-256: b6488274e5edf7876583f89c0d6d8db5e588fb432d449c735860611dc4256fc9
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded URLs, identified by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged the document as malicious with high confidence. The primary attack pattern appears to be the creation of a link farm, likely for SEO manipulation or to distribute traffic to potentially malicious sites, as indicated by the numerous links to external PDF files.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9027

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/charting-the-divide-between-common-and-civil-law.pdf
    • http://www.gorillawalker.com/hawk-occupation-skateboarder-skate-my-friend-skate-kindle-edition.pdf
    • http://www.gorillawalker.com/file-folder-games-in-color-alphabet-10-ready-to-go.pdf
    • http://www.gorillawalker.com/left-hand-writing-skills-a-comprehensive-scheme-of-techniques-and.pdf
    • http://www.gorillawalker.com/well-traveled.pdf
    • http://www.gorillawalker.com/today-is-going-to-be-a-great-day-2015-page.pdf
    • http://www.gorillawalker.com/what-you-should-expect-from-uctd-learning-to-live-with.pdf
    • http://www.gorillawalker.com/spanish-village-cooking-recetas-del-campo.pdf
    • http://www.gorillawalker.com/boston-s-central-artery-ma-images-of-america.pdf
    • http://www.gorillawalker.com/atlas-of-functional-neuroanatomy-pap-cdr-edition-by-hendelman-m.pdf
    • http://www.gorillawalker.com/el-arbol-genealogico-spanish-edition.pdf
    • http://www.gorillawalker.com/el-ngel-ca-do-el-gremio-de-los-cazadores-1.pdf
    • http://www.gorillawalker.com/5-steps-to-a-5-500-ap-physics-1-questions.pdf
    • http://www.gorillawalker.com/radiative-transfer-in-the-atmosphere-and-ocean-cambridge-atmospheric-and.pdf
    • http://www.gorillawalker.com/made-simple-hershey-s.pdf
    • http://www.gorillawalker.com/good-night-and-god-bless-a-guide-to-convent-and.pdf
    • http://www.gorillawalker.com/enders.pdf
    • http://www.gorillawalker.com/beneath-falkland-island-waters.pdf
    • http://www.gorillawalker.com/divorce-in-ohio-a-people-s-guide-to-marriage-divorce.pdf
    • http://www.gorillawalker.com/analysis-of-essential-nuclear-reactor-materials.pdf
    • http://www.gorillawalker.com/buibm-und-gitschn-beinando-is-ka-zoig-jugend-in-osttirol.pdf
    • http://www.gorillawalker.com/hold-fast-to-dreams.pdf
    • http://www.gorillawalker.com/sweet-debbie-s-organic-treats-allergy-free-and-vegan-recipes.pdf
    • http://www.gorillawalker.com/fashion-unraveled-second-edition-how-to-start-and-manage-your.pdf
    • http://www.gorillawalker.com/the-amber-keeper-kindle-edition.pdf
    • http://www.gorillawalker.com/chase-s-calendar-of-events-1998.pdf
    • http://www.gorillawalker.com/unexpected-angel-forbidden-unexpected-angel-book-1-kindle-edition.pdf
    • http://www.gorillawalker.com/searching-for-modernity-western-influence-and-true-view-landscape-in.pdf
    • http://www.gorillawalker.com/60-minute-training-series-set-how-to-speak-up-without.pdf
    • http://www.gorillawalker.com/methaqualone-the-encyclopedia-of-psychoactive-drugs.pdf
    • http://www.gorillawalker.com/great-source-writer-s-express-student-edition-grade-4-handbook.pdf
    • http://www.gorillawalker.com/the-art-of-weathering.pdf
    • http://www.gorillawalker.com/laboratory-exercises-in-historical-geology.pdf
    • http://www.gorillawalker.com/digital-and-information-literacy-set-4.pdf
    • http://www.gorillawalker.com/utopiates.pdf
    • http://www.gorillawalker.com/sidney-stella-and-the-moon.pdf
    • http://www.gorillawalker.com/secrets-of-the-irish-landscape-the-story-of-the-irish.pdf
    • http://www.gorillawalker.com/the-tibetan-way-of-life-death-and-rebirth-the-illustrated.pdf
    • http://www.gorillawalker.com/the-rough-guide-to-cuba.pdf
    • http://www.gorillawalker.com/tales-from-the-house-of-morecock.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.