Malicious PDF — malware analysis report

Static analysis result for SHA-256 bddc6e9a9b75fa2f…

MALICIOUS

PDF

40.2 KB Created: 2018-12-28 08:09:09 +03:00 Authoring application: Adobe InDesign CC 2015 (Windows) (via Adobe PDF Library 15.0)
MD5: 192cd6cc887fb81e5a0365d0136ca944 SHA-1: 56d917293a0b03a3f434a40200de01ef7e7fb8b9 SHA-256: bddc6e9a9b75fa2fc9c65b554d2ba51ba830239b07e61c1330cdbbc3708e014f
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML_NYX_PDF_MALICIOUS classifier also flagged the document with high confidence. The embedded URLs all point to the same domain, suggesting a link farm or a method to distribute potentially malicious content disguised as legitimate documents.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8872

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/kate-moss-by-mario-testino.pdf
    • http://www.gorillawalker.com/sugarplum-dead-death-on-demand-mysteries-no-12.pdf
    • http://www.gorillawalker.com/by-larry-clapp-ph-d-prostate-health-in-90-days.pdf
    • http://www.gorillawalker.com/eyes-of-an-innocent.pdf
    • http://www.gorillawalker.com/burmese-cats-2011-square-12x12-wall-calendar-multilingual-edition.pdf
    • http://www.gorillawalker.com/slaves-on-horses-the-evolution-of-the-islamic-polity.pdf
    • http://www.gorillawalker.com/the-atlantic-and-danville-railway-company-the-railroad-of-southside.pdf
    • http://www.gorillawalker.com/gas-happens-what-to-do-when-it-happens-to-you.pdf
    • http://www.gorillawalker.com/virtual-tibet-searching-for-shangri-la-from-the-himalayas-to.pdf
    • http://www.gorillawalker.com/mathematical-modeling-with-excel.pdf
    • http://www.gorillawalker.com/a-second-chance-amish-romance-amish-romance-secrets-book-5.pdf
    • http://www.gorillawalker.com/clinical-cases-in-kidney-disease.pdf
    • http://www.gorillawalker.com/antitrust-law-policy-and-practice.pdf
    • http://www.gorillawalker.com/my-first-book-of-japanese-words-an-abc-rhyming-book.pdf
    • http://www.gorillawalker.com/a-reporter-at-large-dateline-pyramid-lake-nevada.pdf
    • http://www.gorillawalker.com/free-and-easy.pdf
    • http://www.gorillawalker.com/senegal-taxi-camino-del-sol.pdf
    • http://www.gorillawalker.com/animals-and-nudes.pdf
    • http://www.gorillawalker.com/i-vetri-del-museo-archeologico-di-tripoli-archaeopress-roman-archaoelogy.pdf
    • http://www.gorillawalker.com/for-all-white-collar-workers-the-possibilities-of-radicalism-in.pdf
    • http://www.gorillawalker.com/crime-scene-forensics-a-scientific-method-approach.pdf
    • http://www.gorillawalker.com/the-10-greatest-hoop-heroes-10-franklin-watts.pdf
    • http://www.gorillawalker.com/relativity-and-gravitation.pdf
    • http://www.gorillawalker.com/dazzling-duet-barbie-in-rock-n-royals-deluxe-paint-box.pdf
    • http://www.gorillawalker.com/american-map-greater-cincinnati-ohio-street-atlas.pdf
    • http://www.gorillawalker.com/a-novel-approach-to-life.pdf
    • http://www.gorillawalker.com/the-vocal-athlete.pdf
    • http://www.gorillawalker.com/applied-professional-harmony-101.pdf
    • http://www.gorillawalker.com/locke-political-writings-hackett-classics.pdf
    • http://www.gorillawalker.com/europa-and-the-bull-an-erotic-retelling-kindle-edition.pdf
    • http://www.gorillawalker.com/borges-selected-non-fictions.pdf
    • http://www.gorillawalker.com/a-manual-of-maritime-law-being-a-digest-of-the.pdf
    • http://www.gorillawalker.com/sing-along-read-with-dr-jean-resource-guide-sing-along.pdf
    • http://www.gorillawalker.com/liebmans-neuroanatomy-made-easy-and-understandable-6th-edition.pdf
    • http://www.gorillawalker.com/azumanga-daioh.pdf
    • http://www.gorillawalker.com/ifla-77-basic-serial-management-handbook-ifla-publications.pdf
    • http://www.gorillawalker.com/knightforce-la-patron-s-knightforce-book-1.pdf
    • http://www.gorillawalker.com/blackwell-s-five-minute-veterinary-consult-canine-and-feline.pdf
    • http://www.gorillawalker.com/the-contract-of-mutual-indifference-political-philosophy-after-the-holocaust.pdf
    • http://www.gorillawalker.com/the-tempest-and-its-travels-critical-views.pdf
    • http://www.gorillawalker.com/a-second-chance-amish-romance-am
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.