Malicious PDF — malware analysis report

Static analysis result for SHA-256 b75e68e3a2351e97…

MALICIOUS

PDF

44.1 KB Created: 2018-11-26 20:06:10 +03:00 Authoring application: doPDF Ver 7.2 Build 376 (Windows XP Professional Edition (SP 3) - Version: 5.1.2600 (x86))
MD5: 496254ff9d30f11befb118b3335cfe2c SHA-1: 026793591c8bcda533052f7761d12cf1c820c14e SHA-256: b75e68e3a2351e976bd36e569b7d242135aedc81f9b75570bf57dd9be6475154
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded external links, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged the document as malicious. The embedded URLs point to various PDF documents hosted on the same domain, suggesting a link farm or a method to distribute further malicious content. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9171

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/der-congress-zu-wein-v1-2-historischer-roman-1854-german.pdf
    • http://www.gorillawalker.com/mr-boston-holiday-cocktails.pdf
    • http://www.gorillawalker.com/atlas-of-laparoscopic-urologic-surgery-with-dvd-1e.pdf
    • http://www.gorillawalker.com/tall-ships-the-fleet-for-the-21st-century.pdf
    • http://www.gorillawalker.com/a-handbook-of-ophthalmology-for-developing-countries-oxford-medical-publications.pdf
    • http://www.gorillawalker.com/teach-yourself-hammer-throw.pdf
    • http://www.gorillawalker.com/exploitation-of-coral-reefs-british-ecological-society-ecological-issues.pdf
    • http://www.gorillawalker.com/thinking-feeling-behaving-an-emotional-education-curriculum-for-children-grades.pdf
    • http://www.gorillawalker.com/the-problem-of-anxiety.pdf
    • http://www.gorillawalker.com/elissa.pdf
    • http://www.gorillawalker.com/cannabis-and-its-derivatives-pharmacology-and-experimental-psychology-symposium-proceedings.pdf
    • http://www.gorillawalker.com/twenty-first-century-anarchism-unorthodox-ideas-for-a-new-millennium.pdf
    • http://www.gorillawalker.com/he-touched-me-vocal-solo-piano-sheet-music.pdf
    • http://www.gorillawalker.com/shellshocked-prophets-former-anglican-army-chaplains-in-inter-war-britain.pdf
    • http://www.gorillawalker.com/the-investigator-s-guide-to-computer-crime.pdf
    • http://www.gorillawalker.com/iso-ts-13353-2002-diesel-fuel-and-petrol-filters-for.pdf
    • http://www.gorillawalker.com/foe.pdf
    • http://www.gorillawalker.com/starving-for-salvation-the-spiritual-dimensions-of-eating-problems-among.pdf
    • http://www.gorillawalker.com/los-l-mites-del-amor-hasta-d-nde-amarte-sin.pdf
    • http://www.gorillawalker.com/the-economics-of-alcohol-policy-who-regional-publications-european.pdf
    • http://www.gorillawalker.com/valentine-s-night-remember-when-volume-6.pdf
    • http://www.gorillawalker.com/manual-of-definitive-surgical-trauma-care-2e-a-hodder-arnold.pdf
    • http://www.gorillawalker.com/mala-hierba-la-lucha-por-la-vida-ii-spanish-edition.pdf
    • http://www.gorillawalker.com/passing-through-the-later-poems-new-and-selected.pdf
    • http://www.gorillawalker.com/springer-handbook-of-experimental-fluid-mechanics.pdf
    • http://www.gorillawalker.com/the-godling-chronicles-the-reborn-king-book-6-unabridged-audible.pdf
    • http://www.gorillawalker.com/the-heroic-slave.pdf
    • http://www.gorillawalker.com/battlezone-ww2-rules-for-wargaming-ww2.pdf
    • http://www.gorillawalker.com/the-tai-chi-manual-a-step-by-step-guide-to.pdf
    • http://www.gorillawalker.com/healing-your-wounded-spirit-a-guide-to-fighting-the-battle.pdf
    • http://www.gorillawalker.com/cross-country-riding-school-series.pdf
    • http://www.gorillawalker.com/sappho-a-garland-the-poems-and-fragments-of-sappho.pdf
    • http://www.gorillawalker.com/administrative-assistant-i-passbooks-career-examination-passbooks.pdf
    • http://www.gorillawalker.com/the-men-who-made-the-sas-the-history-of-the.pdf
    • http://www.gorillawalker.com/euphonium-concerto-tuba-euph-pn.pdf
    • http://www.gorillawalker.com/bowtie-and-tails.pdf
    • http://www.gorillawalker.com/how-to-collect-child-support.pdf
    • http://www.gorillawalker.com/lippincott-s-photo-atlas-of-medication-administration-3e-pb.pdf
    • http://www.gorillawalker.com/anza-borrego-desert-region-a-guide-to-state-park-and.pdf
    • http://www.gorillawalker.com/elementary-and-middle-school-mathematics-teaching-developmentally-8th-edition-teaching.pdf
    • http://www.gorillawalker.com/a-handbook-of-ophthalmology-for-developing-countries-oxford-medical-publi
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.