Malicious PDF — malware analysis report

Static analysis result for SHA-256 ba3c52fe94296b9f…

MALICIOUS

PDF

42.6 KB Created: 2018-12-15 08:11:01 +03:00 Authoring application: FrameMaker 9.0 (via Acrobat Distiller 9.0.0 (Windows))
MD5: 580825274d0fc929b5f816e801f67fca SHA-1: 076aca7d24d1c931588ccce1c82990368a385158 SHA-256: ba3c52fe94296b9fc02a21a690b3f73c2ee2a53f3968214541de4996992226ff
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious File

The PDF was flagged by a machine learning classifier and contains a large number of external links to PDF files, indicating a link farm. The document body is heavily obfuscated, preventing analysis of its direct content. The primary attack pattern observed is the mass distribution of external links, likely for SEO manipulation or to serve as a lure for further malicious activity.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/vegetarian-flip-books-for-cooks.pdf
    • http://www.gorillawalker.com/one-man-s-war-one-man-s-island-book-2.pdf
    • http://www.gorillawalker.com/water-resources-and-coastal-management-managing-the-environment-for-sustainable.pdf
    • http://www.gorillawalker.com/framing-anna-karenina-tolstoy-women-question-victorian-nov-theory-interpretation.pdf
    • http://www.gorillawalker.com/foundations-and-clinical-applications-of-nutrition-a-nursing-approach-study.pdf
    • http://www.gorillawalker.com/bloody-confused-a-clueless-american-sportswriter-seeks-solace-in-english.pdf
    • http://www.gorillawalker.com/how-to-improve-rubber-compounds-1800-experimental-ideas-for-problem.pdf
    • http://www.gorillawalker.com/the-gentle-sleep-solution-the-naturally-nurturing-way-to-help.pdf
    • http://www.gorillawalker.com/my-boss-the-dominatrix-a-femdom-story.pdf
    • http://www.gorillawalker.com/thermal-physics-2nd-edition.pdf
    • http://www.gorillawalker.com/body-space-image-notes-toward-improvision-and-performance.pdf
    • http://www.gorillawalker.com/ghosts-of-clinton-county.pdf
    • http://www.gorillawalker.com/cyprus-travel-guide-nelles-pocket-issue-1-kipr-putevoditel-nelles.pdf
    • http://www.gorillawalker.com/stefan-lessard-new-gear-from-frankfurt-s-music-messe-gospel.pdf
    • http://www.gorillawalker.com/research-guide-to-corporate-acquisitions-mergers-and-other-restructuring.pdf
    • http://www.gorillawalker.com/how-to-castrate-a-bull-unexpected-lessons-on-risk-growth.pdf
    • http://www.gorillawalker.com/marine-engineering-volume-iii-only.pdf
    • http://www.gorillawalker.com/monetary-and-financial-management-in-asia-in-the-21st-century.pdf
    • http://www.gorillawalker.com/the-odyssey-butler-translation-large-print-edition.pdf
    • http://www.gorillawalker.com/an-occult-view-of-health-disease.pdf
    • http://www.gorillawalker.com/ming-gong-ci-mandarin-chinese-edition.pdf
    • http://www.gorillawalker.com/wisconsin-america-the-beautiful-third.pdf
    • http://www.gorillawalker.com/the-hidden-world-book-one-age-of-tolerance-paperback.pdf
    • http://www.gorillawalker.com/kiss-of-darkness-charmed.pdf
    • http://www.gorillawalker.com/product-liability-insurance-a-study.pdf
    • http://www.gorillawalker.com/family-maps-of-lauderdale-county-mississippi.pdf
    • http://www.gorillawalker.com/anarchy-and-elegance-confessions-of-a-journalist-at-yale-law.pdf
    • http://www.gorillawalker.com/california-the-beautiful-2004-wall-calendar.pdf
    • http://www.gorillawalker.com/the-saver-kindle-edition.pdf
    • http://www.gorillawalker.com/groundwater-remediation-volume-viii-water-quality-management-library.pdf
    • http://www.gorillawalker.com/dirty-girls-3-stories-of-the-baddest-girls.pdf
    • http://www.gorillawalker.com/y-dios-resucit-en-dendera.pdf
    • http://www.gorillawalker.com/better-than-talking-young-feminists-social-aspects-of-recreational-viagra.pdf
    • http://www.gorillawalker.com/multiple-occupancy-eleanor-antin-s-selves.pdf
    • http://www.gorillawalker.com/alter-ego-methode-de-francais-no-5-c1-c2-french.pdf
    • http://www.gorillawalker.com/playwriting-for-dummies.pdf
    • http://www.gorillawalker.com/how-to-teach-mathematics.pdf
    • http://www.gorillawalker.com/breath-of-god-move-my-hand-poems-of-salvation-and.pdf
    • http://www.gorillawalker.com/founding-documents-of-america-documents-decoded.pdf
    • http://www.gorillawalker.com/modelos-at-micos-ondas-configuraciones-electr-nicas-y-energ-as.pdf
    • http://www.gori
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.