Malicious PDF — malware analysis report

Static analysis result for SHA-256 b9f88c7670054e65…

MALICIOUS

PDF

44.3 KB Created: 2018-12-14 10:24:12 +03:00 Authoring application: - (via Acrobat PDFWriter 3.02 for Windows NT)
MD5: b1884202daeac26f25e880bc6016c7ac SHA-1: 746329e504862efa8b47fab048fe3fc291963c4c SHA-256: b9f88c7670054e65f9784bcee0f7f527eb6ff871a7a2d2463acd9330cbf0287e
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious File

The PDF file contains a large number of embedded URLs pointing to external PDF documents, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged this PDF as malicious. The primary attack pattern appears to be a link farm designed to manipulate search engine results or to distribute a large volume of content, potentially malicious, through a seemingly innocuous PDF. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8683

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/20-microwave-mug-cake-recipes-perfect-for-that-sweet-craving.pdf
    • http://www.gorillawalker.com/motorsport-fitness-manual-improve-your-performance-with-physical-and-mental.pdf
    • http://www.gorillawalker.com/making-sense-of-phonics-the-hows-and-whys-solving-problems.pdf
    • http://www.gorillawalker.com/the-house-of-mirth-case-studies-in-contemporary-criticism.pdf
    • http://www.gorillawalker.com/le-cuisinier-francois-enseignant-la-maniere-de-bien-apprester-et.pdf
    • http://www.gorillawalker.com/queen-of-someday-stolen-empire.pdf
    • http://www.gorillawalker.com/aristotle-s-physics-a-guided-study-masterworks-of-discovery.pdf
    • http://www.gorillawalker.com/kiss-my-little-world.pdf
    • http://www.gorillawalker.com/harms-way-lust-madness-murder-mayhem-a-book-of-photographs.pdf
    • http://www.gorillawalker.com/living-west-new-residential-architecture-in-southern-california.pdf
    • http://www.gorillawalker.com/the-winning-fifa-13-mindset-why-only-5-of-players.pdf
    • http://www.gorillawalker.com/add-success-stories-a-guide-to-fulfillment-for-families-with.pdf
    • http://www.gorillawalker.com/sir-mumphrey-wilton-and-the-lost-city-of-mystery.pdf
    • http://www.gorillawalker.com/index-astartes-warhammer-40-000.pdf
    • http://www.gorillawalker.com/lower-bounds-on-vlsi-implementations-of-communication-networks.pdf
    • http://www.gorillawalker.com/com-dcom-blue-book-the-essential-learning-guide-for-component.pdf
    • http://www.gorillawalker.com/time-mother-teresa-at-100-the-life-and-works-of.pdf
    • http://www.gorillawalker.com/introduction-to-sound-acoustics-for-the-hearing-and-speech-sciences.pdf
    • http://www.gorillawalker.com/the-pasdaran-inside-iran-s-islamic-revolutionary-guard-corps.pdf
    • http://www.gorillawalker.com/the-power-of-half-cd.pdf
    • http://www.gorillawalker.com/under-the-royal-palms-a-childhood-in-cuba.pdf
    • http://www.gorillawalker.com/bmw-automobile.pdf
    • http://www.gorillawalker.com/the-greatest-minds-and-ideas-of-all-time-audio-editions.pdf
    • http://www.gorillawalker.com/the-ultimate-burns-supper-book-a-practical-but-irreverent-guide.pdf
    • http://www.gorillawalker.com/minecraft-all-in-one-ultimate-player-s-guide-minecraft-handbook.pdf
    • http://www.gorillawalker.com/violin-concerto-no-1-op-6-allegro-moderato-free-arrangement.pdf
    • http://www.gorillawalker.com/the-spymistress.pdf
    • http://www.gorillawalker.com/enabled-learning-educating-a-student-with-down-syndrome-in-a.pdf
    • http://www.gorillawalker.com/social-skills-training-and-frustration-management.pdf
    • http://www.gorillawalker.com/stepping-stones-interviews-with-seamus-heaney.pdf
    • http://www.gorillawalker.com/tenerife-landscapes-series-sunflower-landscapes.pdf
    • http://www.gorillawalker.com/grand-livre-de-cuisine.pdf
    • http://www.gorillawalker.com/minerals-identifying-learning-about-and-collecting-the-most-beautiful-minerals.pdf
    • http://www.gorillawalker.com/puppet-master-2-that-ill-na-na-kindle-edition.pdf
    • http://www.gorillawalker.com/iridology-have-you-taken-a-good-look-at-your-eyes.pdf
    • http://www.gorillawalker.com/where-does-the-mail-go-a-book-about-the-postal.pdf
    • http://www.gorillawalker.com/cognitive-developmental-therapy-with-children-helping-children-to-help-themselves.pdf
    • http://www.gorillawalker.com/dash-diet-healthy-and-delicious-dash-diet-recipes-for-weight.pdf
    • http://www.gorillawalker.com/illustrated-atlas-of-the-himalaya.pdf
    • http://www.gorillawalker.com/playing-woodwind-instruments-a-guide-for-teachers-performers-and-composers.pdf
    • http://www.gorillawalker.com/le-cuisinier-francois-enseignant-la-maniere
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.