Malicious PDF — malware analysis report

Static analysis result for SHA-256 bed153ead7df5158…

MALICIOUS

PDF

42.1 KB Created: 2018-12-28 08:08:48 +03:00 Authoring application: Adobe InDesign CC 2017 (Windows) (via Adobe PDF Library 15.0)
MD5: b6efea56dd78bd401ca7d0e37d1aebe8 SHA-1: 74c5479b4c7d91556603ff5b9ebda28be5ea0442 SHA-256: bed153ead7df5158fbbcac1a8772c3039de37a1fc26e72c0d0bce2fa73a956d8
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious File

The PDF file was flagged by a machine learning classifier as malicious. A critical heuristic identified a large number of embedded external links, suggesting a link farm or distribution mechanism. The document body was heavily obfuscated and unreadable, providing no further context. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9027

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/asia-s-next-giant-south-korea-and-late-industrialization.pdf
    • http://www.gorillawalker.com/reussir-le-delf-edition-livre-a2-cd-audio-french-edition.pdf
    • http://www.gorillawalker.com/using-internet-primary-sources-to-teach-critical-thinking-skills-in.pdf
    • http://www.gorillawalker.com/pesticides-a-love-story-america-s-enduring-embrace-of-dangerous.pdf
    • http://www.gorillawalker.com/language-culture-and-identity-in-the-early-years.pdf
    • http://www.gorillawalker.com/the-embroidered-home.pdf
    • http://www.gorillawalker.com/psion-cat.pdf
    • http://www.gorillawalker.com/r-made-simple-r-basics-statistical-analysis-software.pdf
    • http://www.gorillawalker.com/comprehensive-manual-therapy-for-the-lower-extremity-on-dvd.pdf
    • http://www.gorillawalker.com/the-13th-floor.pdf
    • http://www.gorillawalker.com/silicate-glasses-and-melts-volume-10-properties-and-structure-developments.pdf
    • http://www.gorillawalker.com/annual-review-of-fluid-mechanics-v-42-2010.pdf
    • http://www.gorillawalker.com/the-jamestown-colony-colonial-america.pdf
    • http://www.gorillawalker.com/huanghe-gu-shi-ci-huanghe-cong-shu-mandarin-chinese-edition.pdf
    • http://www.gorillawalker.com/la-historia-en-la-literatura-iberoamericana-memorias-del-xxvi-congreso.pdf
    • http://www.gorillawalker.com/coral-in-space-time-the-biography-evolution-of-the-scleractinia.pdf
    • http://www.gorillawalker.com/the-resisting-muse-popular-music-and-social-protest-ashgate-popular.pdf
    • http://www.gorillawalker.com/preparing-for-tomorrow-s-careers.pdf
    • http://www.gorillawalker.com/the-course-of-life-volume-iii-middle-and-late-childhood.pdf
    • http://www.gorillawalker.com/propellant-profiles-revised-and-expanded.pdf
    • http://www.gorillawalker.com/pastor-a-day-and-a-week-in-the-life-of.pdf
    • http://www.gorillawalker.com/the-bernese-alps-a-walking-guide-international-series.pdf
    • http://www.gorillawalker.com/pollution-in-a-promised-land-an-environmental-history-of-israel.pdf
    • http://www.gorillawalker.com/investigating-white-collar-crime.pdf
    • http://www.gorillawalker.com/with-the-thirty-second-in-the-peninsular-and-other-campaigns.pdf
    • http://www.gorillawalker.com/a-miracle-of-hope-the-amish-wonders-series.pdf
    • http://www.gorillawalker.com/the-unintentional-vegan-chicken-kindle-edition.pdf
    • http://www.gorillawalker.com/a-bibliographic-guide-to-mishpat-ivri-books-and-articles-in.pdf
    • http://www.gorillawalker.com/the-cambridge-companion-to-feminism-in-philosophy-cambridge-companions-to.pdf
    • http://www.gorillawalker.com/herbs-that-cure-ent-disorders-kindle-edition.pdf
    • http://www.gorillawalker.com/chocolate-crazy.pdf
    • http://www.gorillawalker.com/home-study-course-for-optometric-assisting-with-self-assessment-examination.pdf
    • http://www.gorillawalker.com/joseph-how-god-builds-character-lifeguide-bible-studies.pdf
    • http://www.gorillawalker.com/malcolm-x-by-any-means-necessary.pdf
    • http://www.gorillawalker.com/language-assessment-principles-and-classroom-practices-2nd-edition.pdf
    • http://www.gorillawalker.com/manchester-united-100-greatest-players.pdf
    • http://www.gorillawalker.com/cold-wars-the-fine-line-between-risk-and-reality.pdf
    • http://www.gorillawalker.com/cuckold-diaries-bulls-do-it-better-fertile-interracial-cuckold-mmmf.pdf
    • http://www.gorillawalker.com/it-s-the-neurons-stupid-or-is-it-book-review.pdf
    • http://www.gorillawalker.com/irish-magic.pdf
    • http://www.gorillawalker.com/psi
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.