Malicious PDF — malware analysis report

Static analysis result for SHA-256 b6dfd2a4e16b29a3…

MALICIOUS

PDF

41.0 KB Created: 2018-12-02 10:58:19 +03:00 Authoring application: Adobe Acrobat 10.1 (via Adobe Acrobat 10.1 Paper Capture Plug-in)
MD5: 7182322481cc33c3fc7f1b6ed7061a1b SHA-1: 1e3c174a45e1c3f21866c6ac2bc08a3c37578d5c SHA-256: b6dfd2a4e16b29a333646be6b619b2465284c384ba76b2e8f3c590dfd5d55b07
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links pointing to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML_NYX_PDF_MALICIOUS heuristic also flagged the document as malicious. The document body is heavily obfuscated and does not provide clear textual lures, but the sheer volume of links suggests a malicious intent, possibly for SEO spam or to distribute further malware. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9027

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/how-we-got-our-friends-to-swap-book-one-joanna.pdf
    • http://www.gorillawalker.com/garfield-will-eat-for-food-garfield-series-book-48.pdf
    • http://www.gorillawalker.com/le-stretching-pour-tre-et-rester-en-forme.pdf
    • http://www.gorillawalker.com/modern-fiddling-method-volume-2-book-2-cd-set-modern.pdf
    • http://www.gorillawalker.com/dr-xargle-s-book-of-earth-weather.pdf
    • http://www.gorillawalker.com/the-investor-s-tax-bible-how-to-slash-your-taxes.pdf
    • http://www.gorillawalker.com/mystic-union-an-essay-in-the-phenomenology-of-mysticism-cornell.pdf
    • http://www.gorillawalker.com/analysis-of-algorithms-an-active-learning-approach.pdf
    • http://www.gorillawalker.com/mis-abuelos-y-yo-my-grandparents-and-i-spanish-edition.pdf
    • http://www.gorillawalker.com/boomers-and-beyond-reconsidering-the-role-of-libraries.pdf
    • http://www.gorillawalker.com/superheroes-amelia-rules.pdf
    • http://www.gorillawalker.com/the-vietnam-experience-complete-25-volumes-including-a-map-of.pdf
    • http://www.gorillawalker.com/meditation-the-joyful-art-of-persistence-kindle-edition.pdf
    • http://www.gorillawalker.com/french-dictionary-for-beginners.pdf
    • http://www.gorillawalker.com/caribbean-reasonings-the-george-lamming-reader-the-aesthetics-of-decolonisation.pdf
    • http://www.gorillawalker.com/applied-single-variable-calculus-for-loyola-university-chicago.pdf
    • http://www.gorillawalker.com/programmer-s-guide-to-fortran-90.pdf
    • http://www.gorillawalker.com/the-erotic-art.pdf
    • http://www.gorillawalker.com/biochemistry-of-vision.pdf
    • http://www.gorillawalker.com/dressed-a-century-of-hollywood-costume-design.pdf
    • http://www.gorillawalker.com/electromagnetic-wave-propagation-radiation-and-scattering.pdf
    • http://www.gorillawalker.com/the-mole-sisters-and-the-cool-breeze.pdf
    • http://www.gorillawalker.com/gabriel-s-palace-jewish-mystical-tales.pdf
    • http://www.gorillawalker.com/in-brazil-you-would-say-universo-paralello-twisted-travel-tales.pdf
    • http://www.gorillawalker.com/nidi-violati-italian-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/basic-genetics-a-primer-covering-molecular-composition-of-genetic-material.pdf
    • http://www.gorillawalker.com/sons-and-daughters-of-the-light-united-states-catholic-conference.pdf
    • http://www.gorillawalker.com/prom-impossible.pdf
    • http://www.gorillawalker.com/the-stormrider-surf-guide-iceland-and-scandinavia-the-stormrider-surf.pdf
    • http://www.gorillawalker.com/christmas-in-my-heart-book-18.pdf
    • http://www.gorillawalker.com/social-security-benefits-for-women.pdf
    • http://www.gorillawalker.com/you-ll-always-be-my-baby.pdf
    • http://www.gorillawalker.com/social-behavior-of-the-bees.pdf
    • http://www.gorillawalker.com/neuropsychopharmacology-and-the-affective-disorders-new-england-journal-of-medicine.pdf
    • http://www.gorillawalker.com/cultural-psychology-second-edition.pdf
    • http://www.gorillawalker.com/milena-joy-making-your-statement-with-image-consulting.pdf
    • http://www.gorillawalker.com/atlas-of-vascular-surgery-basic-techniques-and-exposures.pdf
    • http://www.gorillawalker.com/semi-presidentialism-in-central-and-eastern-europe.pdf
    • http://www.gorillawalker.com/views-on-vegas-a-journey-beyond-the-famous-strip.pdf
    • http://www.gorillawalker.com/football-in-the-blood-my-autobiography.pdf
    • http://www.gorillawalker.com/mystic-union-an-essay-in-the-phenomenology-of-mysticism-c
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.