Malicious PDF — malware analysis report

Static analysis result for SHA-256 ba77839fc6c93bc5…

MALICIOUS

PDF

45.8 KB Created: 2019-03-17 06:59:52 +03:00 Authoring application: FrameMaker 9.0 (via Acrobat Distiller 8.1.0 (Windows))
MD5: 911b19df0b3906a459736ab504d8c003 SHA-1: a6a6449bc22d6cd720a5096c3f0b7665dcbad0ad SHA-256: ba77839fc6c93bc5565cea1117cbc82252b9667a09b078adae0f5eeab2755a57
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links to external PDF files, as detected by the PDF_SEO_LINK_FARM heuristic. The ML_NYX_PDF_MALICIOUS heuristic also flagged the document as malicious. The primary attack pattern involves directing users to a website hosting numerous PDF documents, likely for SEO spam or to distribute further malicious content. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8974

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/sicily-the-new-winter-resort.pdf
    • http://www.gorillawalker.com/mary-and-joseph-models-of-faith-saints-and-me.pdf
    • http://www.gorillawalker.com/pic-microcontroller-and-embedded-systems.pdf
    • http://www.gorillawalker.com/2013-proceedings-of-the-asme-2013-21st-international-conference-on.pdf
    • http://www.gorillawalker.com/terror-on-the-bay.pdf
    • http://www.gorillawalker.com/heidegger-habermas-and-the-mobile-phone-postmodern-encounters.pdf
    • http://www.gorillawalker.com/1000-football-shirts-the-colours-of-the-beautiful-game.pdf
    • http://www.gorillawalker.com/dystopian-fiction-east-and-west-universe-of-terror-and-trial.pdf
    • http://www.gorillawalker.com/organization-development-behavioral-science-interventions-for-organization-improvement-6th-edition.pdf
    • http://www.gorillawalker.com/private-eyes-what-private-investigators-really-do.pdf
    • http://www.gorillawalker.com/the-castle-of-wolfenbach.pdf
    • http://www.gorillawalker.com/cancer-on-five-dollars-a-day-chemo-not-included-how.pdf
    • http://www.gorillawalker.com/comets-to-cosmology-proceedings-of-the-third-iras-conference-held.pdf
    • http://www.gorillawalker.com/celica-supra-the-book-of-toyota-s-sports-coup-s.pdf
    • http://www.gorillawalker.com/and-the-river-flowed-as-a-raft-of-corpses-the.pdf
    • http://www.gorillawalker.com/karen-brown-s-englands-charming-bed-breakfasts-2004-karen-brown.pdf
    • http://www.gorillawalker.com/summer-quest-153-grades-2-3.pdf
    • http://www.gorillawalker.com/the-freshly-squeezed-method-recover-from-anorexia-and-bulimia-kindle.pdf
    • http://www.gorillawalker.com/the-worn-archive-a-fashion-journal-about-the-art-ideas.pdf
    • http://www.gorillawalker.com/sonoma-a-food-and-wine-lovers-journey.pdf
    • http://www.gorillawalker.com/amadeus-a-play-by-peter-shaffer.pdf
    • http://www.gorillawalker.com/high-acuity-nursing-4th-edition.pdf
    • http://www.gorillawalker.com/consumer-credit-compliance-manual-cumulative-supplement-volume-2-2013-second.pdf
    • http://www.gorillawalker.com/theodosia-and-the-eyes-of-horus-the-theodosia-series-book.pdf
    • http://www.gorillawalker.com/carnival-and-national-identity-in-the-poetry-of-afrocubanismo.pdf
    • http://www.gorillawalker.com/pure-de-papas-mashed-potatoes-spanish-edition.pdf
    • http://www.gorillawalker.com/saunders-math-skills-for-health-professions-pageburst-e-book-on.pdf
    • http://www.gorillawalker.com/escoffier-le-guide-culinaire-the-first-complete-translation-into-english.pdf
    • http://www.gorillawalker.com/the-skull-throne-the-demon-cycle-series-book-4-kindle.pdf
    • http://www.gorillawalker.com/human-rights-politics-and-practice-2nd-edition.pdf
    • http://www.gorillawalker.com/richard-strauss-20th-century-composers.pdf
    • http://www.gorillawalker.com/barbara-barber-s-solos-for-young-violinists-three-book-set.pdf
    • http://www.gorillawalker.com/managing-diabetes-awareness-in-long-term-care-targeting-the-right.pdf
    • http://www.gorillawalker.com/the-ride-a-shocking-murder-and-a-bereaved-father-s.pdf
    • http://www.gorillawalker.com/donizetti-s-lucia-di-lammermoor-libretto-opera-journeys-libretto-series.pdf
    • http://www.gorillawalker.com/the-understanding-the-rainbow-club.pdf
    • http://www.gorillawalker.com/writing-for-the-mass-media-8th-edition.pdf
    • http://www.gorillawalker.com/september-11-we-the-people-modern-america.pdf
    • http://www.gorillawalker.com/ashtanga-flash-cards-primary-series.pdf
    • http://www.gorillawalker.com/eves-mountain-a-novel-of-passion-mystery-in-the-blue.pdf
    • http://www.gorillawalker.com/terror
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.