Malicious PDF — malware analysis report

Static analysis result for SHA-256 b77511df86fe8ef0…

MALICIOUS

PDF

44.7 KB Created: 2018-12-14 20:13:47 +03:00 Authoring application: FrameMaker 7.1 (via Acrobat Distiller 7.0.5 (Windows))
MD5: 72c1cf04604a56acfab22cd270046e7a SHA-1: 0912a44eec783d0f49fe5a751ab002dc9268b477 SHA-256: b77511df86fe8ef074726b8b77e487765d66bb82f01671ac36fdc47b6b1ac9b4
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF was flagged by a machine learning classifier and contains a large number of external links, many of which appear to be SEO-optimized book titles. This suggests a link farm or SEO manipulation tactic. The document body is heavily obfuscated and does not provide clear intent beyond the presence of these links.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8173

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/biostatistics-basic-concepts-and-methodology-for-the-health-sciences-10th.pdf
    • http://www.gorillawalker.com/genetic-entropy.pdf
    • http://www.gorillawalker.com/the-education-of-blacks-in-the-south-1860-1935.pdf
    • http://www.gorillawalker.com/a-couple-s-guide-to-communication.pdf
    • http://www.gorillawalker.com/modern-jewish-cooking-recipes-customs-for-today-146-s-kitchen.pdf
    • http://www.gorillawalker.com/oil-diminishing-resources.pdf
    • http://www.gorillawalker.com/5-steps-to-a-5-ap-biology-2016.pdf
    • http://www.gorillawalker.com/invasive-species-what-everyone-needs-to-know.pdf
    • http://www.gorillawalker.com/the-poetry-of-yunus-emre-a-turkish-sufi-poet-uc.pdf
    • http://www.gorillawalker.com/the-turban-for-the-crown-the-islamic-revolution-in-iran.pdf
    • http://www.gorillawalker.com/data-conversion-handbook-analog-devices.pdf
    • http://www.gorillawalker.com/10-steps-against-pornagraphy-a-step-journey-to-overcoming-internet.pdf
    • http://www.gorillawalker.com/masters-of-all-they-surveyed-exploration-geography-and-a-british.pdf
    • http://www.gorillawalker.com/alexander-invincible-king-of-macedonia-military-profiles.pdf
    • http://www.gorillawalker.com/the-bartender.pdf
    • http://www.gorillawalker.com/drug-synergism-and-dose-effect-data-analysis.pdf
    • http://www.gorillawalker.com/crazy-about-amsterdam-the-coffeeshops-enjoy-your-time-during-your.pdf
    • http://www.gorillawalker.com/arius-heresy-and-tradition.pdf
    • http://www.gorillawalker.com/casting-your-cares-upon-lord.pdf
    • http://www.gorillawalker.com/nabucco-part-iii-chorus-of-hebrew-slaves-va-pensiero-chorus.pdf
    • http://www.gorillawalker.com/performance-in-the-texts-of-mallarm-the-passage-from-art.pdf
    • http://www.gorillawalker.com/how-to-get-a-medical-device-sales-job-your-best.pdf
    • http://www.gorillawalker.com/human-anatomy-physiology-laboratory-manual-fetal-pig-version-12th-edition.pdf
    • http://www.gorillawalker.com/predicate-calculus-and-program-semantics-monographs-in-computer-science.pdf
    • http://www.gorillawalker.com/the-lightning-flash-iet-power-and-energy.pdf
    • http://www.gorillawalker.com/english-hearing-problem-private-edition-1990-isbn-4010396660-japanese-import.pdf
    • http://www.gorillawalker.com/performance-enhancing-substances-in-sport-and-exercise.pdf
    • http://www.gorillawalker.com/lord-of-the-four-quarters-the-mythology-of-kingship-jung.pdf
    • http://www.gorillawalker.com/acrylics-bold-and-new-64-innovative-ideas-and-techniques.pdf
    • http://www.gorillawalker.com/thomas-merton-selected-essays.pdf
    • http://www.gorillawalker.com/historical-atlas-of-china.pdf
    • http://www.gorillawalker.com/blue-note-the-album-cover-art.pdf
    • http://www.gorillawalker.com/design-of-concrete-buildings-for-earthquake-and-wind-forces.pdf
    • http://www.gorillawalker.com/back-to-basics-breakthrough-proposals-for-the-australian-environment.pdf
    • http://www.gorillawalker.com/the-rising-sun-in-the-pacific-1931-august-1942-history.pdf
    • http://www.gorillawalker.com/oscar-wilde-and-a-death-of-no-importance-a-mystery.pdf
    • http://www.gorillawalker.com/what-high-schools-don-t-tell-you-and-other-parents.pdf
    • http://www.gorillawalker.com/there-s-always-room-for-one-more.pdf
    • http://www.gorillawalker.com/assisting-with-nutrition-and-hydration-in-long-term-care.pdf
    • http://www.gorillawalker.com/the-darkest-evening-fesler-lampert-minnesota-heritage.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.