Malicious PDF — malware analysis report

Static analysis result for SHA-256 bf8cc84770190bfa…

MALICIOUS

PDF

43.8 KB Created: 2018-11-30 20:09:21 +03:00 Authoring application: UnknownApplication (via XEP 4.4 build 20050610)
MD5: b82719c26d622f8d9ea5e0b4ec02841f SHA-1: 3f34c95790dbf4ae5a96e2d923b825cd680271f5 SHA-256: bf8cc84770190bfa7212a6822e7af0ad524f73c53c4add07ab0fe451079715cc
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded external links, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged the document as malicious with high confidence. The primary attack pattern appears to be a link farm, likely intended to drive traffic or distribute further malicious content through the numerous URLs found within the document.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9016

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/simple-stunning-parties-at-home-recipes-ideas-and-inspirations-for.pdf
    • http://www.gorillawalker.com/black-and-blue-and-blue-and-gold.pdf
    • http://www.gorillawalker.com/the-biology-of-temporary-waters.pdf
    • http://www.gorillawalker.com/precalculus-a-right-triangle-approach-2nd-edition.pdf
    • http://www.gorillawalker.com/merry-christmas-baby-a-christmas-and-kwanzaa-treasury.pdf
    • http://www.gorillawalker.com/naomi-s-christmas-pleasant-valley-book-seven.pdf
    • http://www.gorillawalker.com/aerodynamic-design-of-axial-flow-compressors.pdf
    • http://www.gorillawalker.com/kendig-and-chernick-s-disorders-of-the-respiratory-tract-in.pdf
    • http://www.gorillawalker.com/textbook-of-astronomy-and-astrophysics-with-elements-of-cosmology.pdf
    • http://www.gorillawalker.com/platform-for-change-a-message-from-stafford-beer.pdf
    • http://www.gorillawalker.com/the-wit-and-wisdom-of-joss-whedon.pdf
    • http://www.gorillawalker.com/dermatology-quick-glance.pdf
    • http://www.gorillawalker.com/ausgew-hlte-reden-v-4-5-german-edition.pdf
    • http://www.gorillawalker.com/athletic-horse-principles-and-practice-of-equine-sports-medicine.pdf
    • http://www.gorillawalker.com/muscle-management-for-musicians.pdf
    • http://www.gorillawalker.com/the-art-of-body-piercing-everything-you-need-to-know.pdf
    • http://www.gorillawalker.com/language-disorders-from-infancy-through-adolescence-assessment-and-intervention-3e.pdf
    • http://www.gorillawalker.com/thumbelina-hans-christian-andersen-illustrated-fairytales.pdf
    • http://www.gorillawalker.com/run-the-mind-body-method-of-running-by-feel.pdf
    • http://www.gorillawalker.com/t-ang-dynasty-poems.pdf
    • http://www.gorillawalker.com/the-q-guide-to-designing-women.pdf
    • http://www.gorillawalker.com/cleisthenes-founder-of-athenian-democracy-leaders-of-ancient-greece.pdf
    • http://www.gorillawalker.com/discurso-de-la-amante-spanish-edition.pdf
    • http://www.gorillawalker.com/rogue-elements.pdf
    • http://www.gorillawalker.com/the-song-in-the-silence-surviving-abuse-and-madness.pdf
    • http://www.gorillawalker.com/song-of-the-trail-kindle-edition.pdf
    • http://www.gorillawalker.com/back-stories-u-s-news-production-and-palestinian-politics.pdf
    • http://www.gorillawalker.com/the-roman-missal-1962-english-and-latin-edition.pdf
    • http://www.gorillawalker.com/101-textures-in-oil-acrylic-practical-techniques-for-rendering-a.pdf
    • http://www.gorillawalker.com/eric-clapton-from-the-album-unplugged-guitar-play-along-volume.pdf
    • http://www.gorillawalker.com/gay-men-straight-jobs.pdf
    • http://www.gorillawalker.com/peer-polity-interaction-and-socio-political-change-new-directions-in.pdf
    • http://www.gorillawalker.com/how-to-maximize-the-afterburn-effect-for-weight-loss-kindle.pdf
    • http://www.gorillawalker.com/data-back-benefits-of-early-glucose-control-news-an-article.pdf
    • http://www.gorillawalker.com/the-lion-kings-novel-a-bbw-werelion-menage-romance.pdf
    • http://www.gorillawalker.com/colapso-y-reforma-collapse-and-reform-la-integracion-del-sistema.pdf
    • http://www.gorillawalker.com/birth-of-an-age-book-two-of-the-christ-clone.pdf
    • http://www.gorillawalker.com/alan-clark-the-diaries-1972-1999.pdf
    • http://www.gorillawalker.com/seashore-adventures-in-the-natural-world-collins-watch-guides.pdf
    • http://www.gorillawalker.com/blunder-why-smart-people-make-bad-decisions.pdf
    • http://www.gorillawalker.com/mer
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.