Malicious PDF — malware analysis report

Static analysis result for SHA-256 b81aca70b5c26d0c…

MALICIOUS

PDF

42.5 KB Created: 2018-11-14 08:19:41 +03:00 Authoring application: Adobe InDesign CS4_J (6.0.5) (via Acrobat Distiller 7.0 (Windows))
MD5: 043c8ad47d8b793c07a0496d79ed2b2f SHA-1: fe6bba09e45bd8fe24501780f54631836146c0f3 SHA-256: b81aca70b5c26d0c713754d0f0347c2cd96c4175e8abbbc70a303d315b85996a
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded URLs, identified by the PDF_SEO_LINK_FARM heuristic. These URLs point to various documents on the same domain, suggesting a link farm or content distribution strategy. The ML_NYX_PDF_MALICIOUS heuristic also flagged the document as malicious. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9027

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/crayon-portraiture-complete-instructions-for-making-crayon-portraits-on-crayon.pdf
    • http://www.gorillawalker.com/studying-gods-word-g-teachers-manual.pdf
    • http://www.gorillawalker.com/around-the-world-in-80-words-11-18-essex.pdf
    • http://www.gorillawalker.com/jesus-last-of-the-pharaohs.pdf
    • http://www.gorillawalker.com/desert-rock-a-climber-s-guide-to-the-canyon-country.pdf
    • http://www.gorillawalker.com/delphite-jadite-schiffer-book-for-collectors.pdf
    • http://www.gorillawalker.com/the-chinese-banking-system.pdf
    • http://www.gorillawalker.com/the-arab-spring-opposing-viewpoints.pdf
    • http://www.gorillawalker.com/the-grub-street-dictionary-of-international-aircraft-nicknames-variants-and.pdf
    • http://www.gorillawalker.com/microjazz-collection-3-level-5.pdf
    • http://www.gorillawalker.com/jotham-s-journey-a-storybook-for-advent-jotham-s-journey.pdf
    • http://www.gorillawalker.com/the-devil-you-know.pdf
    • http://www.gorillawalker.com/seduction-in-the-forest-a-taboo-tale-of-passion-and.pdf
    • http://www.gorillawalker.com/by-andrew-j-rodican-how-to-ace-the-physician-assistant.pdf
    • http://www.gorillawalker.com/the-occurrence-of-clavicles-within-dinosauria-implications-for-the-homology.pdf
    • http://www.gorillawalker.com/fodor-s-europe-1974.pdf
    • http://www.gorillawalker.com/reapers.pdf
    • http://www.gorillawalker.com/chanteh-the-gnostic-s-cosmos.pdf
    • http://www.gorillawalker.com/the-rockin-50s-the-people-who-made-the-music.pdf
    • http://www.gorillawalker.com/castle-revised-and-in-full-color.pdf
    • http://www.gorillawalker.com/quantum-information-processing-with-diamond-principles-and-applications-woodhead-publishing.pdf
    • http://www.gorillawalker.com/strategizing-disequilibrium-and-profit.pdf
    • http://www.gorillawalker.com/city-county-consolidation-and-its-alternatives-reshaping-the-local-government.pdf
    • http://www.gorillawalker.com/st-pancras-station-through-time.pdf
    • http://www.gorillawalker.com/clinical-radiology-made-ridiculously-simple-edition-2.pdf
    • http://www.gorillawalker.com/from-photons-to-higgs-a-story-of-light.pdf
    • http://www.gorillawalker.com/structural-geology-of-eastern-massachusetts.pdf
    • http://www.gorillawalker.com/el-superzorro-libro-de-actividades-fantastic-mr-fox-superzorro-spanish.pdf
    • http://www.gorillawalker.com/a-wizard-abroad-digest-the-fourth-book-in-the-young.pdf
    • http://www.gorillawalker.com/teaching-concepts-an-instructional-design-guide.pdf
    • http://www.gorillawalker.com/mighty-to-save-30-of-today-s-most-powerful-modern.pdf
    • http://www.gorillawalker.com/painting-the-energy-body-signs-and-symbols-for-vibrational-healing.pdf
    • http://www.gorillawalker.com/tennyson-and-victorian-periodicals-commodities-in-context-the-nineteenth-century.pdf
    • http://www.gorillawalker.com/routledge-dictionary-of-language-and-linguistics-routledge-reference.pdf
    • http://www.gorillawalker.com/blog-inc-blogging-for-passion-profit-and-to-create-community.pdf
    • http://www.gorillawalker.com/death-to-the-starving-artist-art-marketing-strategies-for-a.pdf
    • http://www.gorillawalker.com/introduction-to-limnology.pdf
    • http://www.gorillawalker.com/the-william-morris-kelmscott-chaucer.pdf
    • http://www.gorillawalker.com/chinese-folk-band-ensemble-anthology-book-5-paperback.pdf
    • http://www.gorillawalker.com/investing-in-small-cap-stocks-bloomberg-personal-bookshelf.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.