Malicious PDF — malware analysis report

Static analysis result for SHA-256 b9283968388e6ac2…

MALICIOUS

PDF

43.8 KB Created: 2018-12-15 08:53:58 +03:00 Authoring application: FrameMaker 8.0 (via Acrobat Distiller 10.0.1 (Windows))
MD5: e83ba1391d163d79eda6e6d089f6adb1 SHA-1: 533b8d71fc11736c5f0ba9dba3756ad3c0ad821c SHA-256: b9283968388e6ac2e3609d14f18242e82f7b03179571cc2031a4bbeae0c39a53
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded external links, identified by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged this PDF as malicious. The primary attack pattern appears to be SEO manipulation or hosting malicious content via a link farm, rather than direct exploitation within the PDF itself. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9016

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/myitlab-with-pearson-etext-access-card-for-go-all-in.pdf
    • http://www.gorillawalker.com/the-prayer-of-jabez-gift-edition-breaking-through-to-the.pdf
    • http://www.gorillawalker.com/success-strategies-for-women-in-science-a-portable-mentor-continuing.pdf
    • http://www.gorillawalker.com/the-ballymaloe-cookbook.pdf
    • http://www.gorillawalker.com/cultura-y-melancolia-spanish-edition.pdf
    • http://www.gorillawalker.com/fresh-blood-iii-bloodlines-no-3.pdf
    • http://www.gorillawalker.com/vox-diccionario-escolar-2nd-edition.pdf
    • http://www.gorillawalker.com/god-the-spirit-introducing-pneumatology-in-wesleyan-and-ecumenical-perspective.pdf
    • http://www.gorillawalker.com/code-of-federal-regulations-title-21-food-and-drugs-pt.pdf
    • http://www.gorillawalker.com/mr-chickee-s-funny-money.pdf
    • http://www.gorillawalker.com/the-pasta-lover-s-cookbook.pdf
    • http://www.gorillawalker.com/the-traveller-s-malay-pronouncing-hand-book-for-the-use.pdf
    • http://www.gorillawalker.com/the-survivor-s-guide.pdf
    • http://www.gorillawalker.com/janus-employ-job-interview-gd-4th-ed-95-the-janus.pdf
    • http://www.gorillawalker.com/the-visitor-a-play-in-three-acts.pdf
    • http://www.gorillawalker.com/living-in-hell-the-true-story-of-an-iranian-woman.pdf
    • http://www.gorillawalker.com/the-vegan-therapeutic-meal-plan-for-high-blood-sugar-a.pdf
    • http://www.gorillawalker.com/walk-eat-corsica-walk-eat-series-kindle-edition.pdf
    • http://www.gorillawalker.com/voyage-to-wild-africa.pdf
    • http://www.gorillawalker.com/malachi-historical-commentary-on-the-old-testament.pdf
    • http://www.gorillawalker.com/the-21st-century-pro-method-blues-guitar-rural-urban-and.pdf
    • http://www.gorillawalker.com/the-takeaway-20-unforgettable-life-lessons-every-father-should-pass.pdf
    • http://www.gorillawalker.com/heroes-afar-how-eighty-athletes-and-leaders-inspired-the-world.pdf
    • http://www.gorillawalker.com/holt-science-and-technology-environmental-science-short-course-e.pdf
    • http://www.gorillawalker.com/5-german-dances-d-90-viola-part-qty-3-a1076.pdf
    • http://www.gorillawalker.com/arctic-communities-past-and-present-who-lived-here.pdf
    • http://www.gorillawalker.com/picklemania-school-daze.pdf
    • http://www.gorillawalker.com/ski-magic-secrets-of-skiing-explained.pdf
    • http://www.gorillawalker.com/mighty-mount-kilimanjaro-geronimo-stilton-no-41.pdf
    • http://www.gorillawalker.com/how-to-observe-in-archaeology.pdf
    • http://www.gorillawalker.com/bullfrog-at-magnolia-circle-a-smithsonian-s-backyard-book-mini.pdf
    • http://www.gorillawalker.com/seven-steps-to-mastering-business-analysis-by-carkenord-barbara-2009.pdf
    • http://www.gorillawalker.com/moby-dick-a-norton-critical-edition-reviews-and-letters-analogues.pdf
    • http://www.gorillawalker.com/cookies-funky.pdf
    • http://www.gorillawalker.com/strategies-and-tactics-for-the-multistate-bar-exam.pdf
    • http://www.gorillawalker.com/sanahuja-partners.pdf
    • http://www.gorillawalker.com/american-institute-of-hypnotherapy-22-audio-cassette-tapes-eliminate-anger.pdf
    • http://www.gorillawalker.com/haym-salomon-liberty-s-son.pdf
    • http://www.gorillawalker.com/an-introduction-to-chaos-in-nonequilibrium-statistical-mechanics-cambridge-lecture.pdf
    • http://www.gorillawalker.com/order-of-buildings-and-cities-a-paradigm-of-open-systems.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.