Malicious PDF — malware analysis report

Static analysis result for SHA-256 bcfd0be9e7834b7f…

MALICIOUS

PDF

46.1 KB Created: 2018-12-14 20:00:54 +03:00 Authoring application: Adobe InDesign CS3 (5.0.2) (via Adobe PDF Library 8.0)
MD5: ed960a28b803a13e1b4c82cfe5b5e2d1 SHA-1: 4fac300e611601d5b740d019db7dd149ea17c595 SHA-256: bcfd0be9e7834b7f06365c082fc5b1e5fcd98848f1df81eba70b8cacf9ab3138
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious File

The PDF contains a large number of embedded URLs pointing to other PDF files on the same domain, as indicated by the PDF_SEO_LINK_FARM heuristic. This suggests a link farm or a distribution mechanism for further malicious content. The ML_NYX_PDF_MALICIOUS heuristic also flagged the document as malicious. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8173

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/watercolor-realistic-painting-how-to-draw-paint.pdf
    • http://www.gorillawalker.com/biggest-baddest-book-of-storms-biggest-baddest-books-set-2.pdf
    • http://www.gorillawalker.com/gunsmith-cats-burst-volume-5.pdf
    • http://www.gorillawalker.com/probabilistic-safety-assessment-and-management-6th-international-conference-on-probabilistic.pdf
    • http://www.gorillawalker.com/senegal-spanish-edition.pdf
    • http://www.gorillawalker.com/in-pain-self-help-guide-for-chronic-pain-sufferers.pdf
    • http://www.gorillawalker.com/the-sand-bucket-list-366-things-to-do-with-your.pdf
    • http://www.gorillawalker.com/the-islands.pdf
    • http://www.gorillawalker.com/the-funambulist-pamphlets-vol-8-arakawa-madeline-gins-volume-8.pdf
    • http://www.gorillawalker.com/buso-renkin-vol-4-v-4.pdf
    • http://www.gorillawalker.com/understanding-child-abuse-and-neglect-9th-edition.pdf
    • http://www.gorillawalker.com/anova-for-the-behavioral-sciences-researcher.pdf
    • http://www.gorillawalker.com/automated-reasoning-and-the-discovery-of-missing-and-elegant-proofs.pdf
    • http://www.gorillawalker.com/everything-you-need-to-know-about-living-with-a-single.pdf
    • http://www.gorillawalker.com/the-musical-legacy-of-the-beatles-beatle-musings-in-pursuit.pdf
    • http://www.gorillawalker.com/phenolic-resins-a-century-of-progress.pdf
    • http://www.gorillawalker.com/the-athenian-citizen-democracy-in-the-athenian-agora-agora-picture.pdf
    • http://www.gorillawalker.com/coste-efecto-como-usar-el-abc-el-abm-y-el.pdf
    • http://www.gorillawalker.com/tax-aspects-of-buying-and-selling-companies-thorogood-reports.pdf
    • http://www.gorillawalker.com/coptic-in-20-lessons-introduction-to-sahidic-coptic-with-exercises.pdf
    • http://www.gorillawalker.com/as-night-falls-wheeler-large-print-book-series.pdf
    • http://www.gorillawalker.com/emotional-wisdom-daily-tools-for-transforming-anger-depression-and-fear.pdf
    • http://www.gorillawalker.com/the-master-swing-trader-toolkit-the-market-survival-guide.pdf
    • http://www.gorillawalker.com/aging-brain-physiological-and-pathophysiological-aspects-experimental-brain-research-series.pdf
    • http://www.gorillawalker.com/the-abdl-anthology.pdf
    • http://www.gorillawalker.com/basic-electrical-installation-work.pdf
    • http://www.gorillawalker.com/dreams-of-the-queen-book-one-of-the-brajj-science.pdf
    • http://www.gorillawalker.com/the-case-for-baha-u-llah-a-journalist-examines-the.pdf
    • http://www.gorillawalker.com/master-the-ged-social-studies-2nd-edition.pdf
    • http://www.gorillawalker.com/higurashi-when-they-cry-cotton-drifting-arc-vol-2-v.pdf
    • http://www.gorillawalker.com/force-three-season-one-undercover-angels-force-three-book-1.pdf
    • http://www.gorillawalker.com/the-theory-of-inductive-prospecting-methods-in-geochemistry-and-geophysics.pdf
    • http://www.gorillawalker.com/job-hunting-for-the-so-called-handicapped-or-people-who.pdf
    • http://www.gorillawalker.com/a-consumer-s-guide-to-estate-planning.pdf
    • http://www.gorillawalker.com/charley-skedaddle.pdf
    • http://www.gorillawalker.com/re-print-liverpool-school-of-tropical-medicine-historical-record-1898.pdf
    • http://www.gorillawalker.com/chase-s-calendar-of-events-2016-the-ultimate-go-to.pdf
    • http://www.gorillawalker.com/creativity-and-affect-creativity-research.pdf
    • http://www.gorillawalker.com/appletons-annual-cyclopaedia-and-register-of-important-events-embracing-political.pdf
    • http://www.gorillawalker.com/standardization-of-moringa-oleifera-lam-leaves-pharmacognostic-and-phytochemical-evaluation.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.