Malicious PDF — malware analysis report

Static analysis result for SHA-256 beaf4c7625937945…

MALICIOUS

PDF

31.6 KB Created: 2019-07-13 04:34:22 +03:00 Authoring application: Acrobat PDFMaker 5.0 for Word (via Acrobat Distiller 5.0 (Windows))
MD5: 3aae54d156939dabe476e4fae0edc540 SHA-1: 0e7727f01f04f4c188490074684e088624bd3ae2 SHA-256: beaf4c7625937945e87555c5bddf6fef3295f2943ea2e6d304e9d7340ae74349
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a heuristic firing for a large number of external PDF links, suggesting a link farm. The ML classifier also flagged the document as malicious. The embedded URLs point to a single domain, indicating a coordinated effort to redirect users. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8447

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/joy-the-happiness-that-comes-from-within-osho-insights-for.pdf
    • http://www.gorillawalker.com/algebra-trigonometry.pdf
    • http://www.gorillawalker.com/romance-at-rainbow-s-end-california-brides-thorndike-press-large.pdf
    • http://www.gorillawalker.com/cooking-vacations-issue-gourmet-the-magazine-of-good-living-may.pdf
    • http://www.gorillawalker.com/the-soles-of-my-shoes-hitch-hiking-london-to-ben.pdf
    • http://www.gorillawalker.com/the-physiological-basis-of-osteopathic-medicine.pdf
    • http://www.gorillawalker.com/munich-city-plan-map.pdf
    • http://www.gorillawalker.com/interior-point-polynomial-algorithms-in-convex-programming-studies-in-applied.pdf
    • http://www.gorillawalker.com/king-arthur-and-the-round-table-books-of-wonder.pdf
    • http://www.gorillawalker.com/driving-holidays-in-the-himalayas-bhutan.pdf
    • http://www.gorillawalker.com/men-in-erotic-art.pdf
    • http://www.gorillawalker.com/a-siting-handbook-for-small-wind-energy-conversion-systmems.pdf
    • http://www.gorillawalker.com/i-ll-be-you-and-you-be-me.pdf
    • http://www.gorillawalker.com/un-inesperado-amor-decisiones-n-2-spanish-edition.pdf
    • http://www.gorillawalker.com/national-geographic-magazine-volume-lxix-number-6-june-1936.pdf
    • http://www.gorillawalker.com/cuneiform-texts-from-various-collections-yale-oriental-series-babylonian-texts.pdf
    • http://www.gorillawalker.com/spring-forest-qigong-level-2.pdf
    • http://www.gorillawalker.com/true-for-the-cause-of-liberty-the-second-spartan-regiment.pdf
    • http://www.gorillawalker.com/nelson-thornes-framework-english-access-skills-in-fiction-1.pdf
    • http://www.gorillawalker.com/betty-crocker-s-breads.pdf
    • http://www.gorillawalker.com/19th-century-short-stories-of-passion-and-mystery-new-longman.pdf
    • http://www.gorillawalker.com/brain-benders-think-outside-the-box.pdf
    • http://www.gorillawalker.com/i-ll-teach-you-everything-vol-1-tl-manga-a.pdf
    • http://www.gorillawalker.com/the-eye-of-the-mirror-arab-women-writers.pdf
    • http://www.gorillawalker.com/the-way-of-humility-corruption-and-sin-on-self-accusation.pdf
    • http://www.gorillawalker.com/don-t-call-me-doctor-one-physician-assistants-unique-experience.pdf
    • http://www.gorillawalker.com/alfred-s-drum-method-bk-1-the-most-comprehensive-beginning.pdf
    • http://www.gorillawalker.com/music-minus-one-guitar-vivaldi-two-concerti-for-guitar-lute.pdf
    • http://www.gorillawalker.com/100-vital-irish-session-tunes-mally-presents.pdf
    • http://www.gorillawalker.com/saubon-le-petit-canard-french-edition.pdf
    • http://www.gorillawalker.com/cynthia-ann-parker-the-story-of-her-capture-at-the.pdf
    • http://www.gorillawalker.com/untied-there-s-just-something-about-up-against-a-wall.pdf
    • http://www.gorillawalker.com/jews-visigoths-and-muslims-in-medieval-spain-cooperation-and-conflict.pdf
    • http://www.gorillawalker.com/lo-esencial-en-sistema-musculoesquel-tico-y-piel-2e-curso.pdf
    • http://www.gorillawalker.com/the-book-of-acts-in-its-first-century-setting-vol.pdf
    • http://www.gorillawalker.com/janice-vancleave-s-a-projects-in-physics-winning-experiments-for.pdf
    • http://www.gorillawalker.com/promise-to-defend-stony-man.pdf
    • http://www.gorillawalker.com/world-pandemic.pdf
    • http://www.gorillawalker.com/bartender-s-black-book-7th-edition-2-700-new-and.pdf
    • http://www.gorillawalker.com/education-children-s-rights.pdf
    • http://www.gorillawalker.com/the-physiological-basis-of-osteopathic-medicine.p
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.