Malicious PDF — malware analysis report

Static analysis result for SHA-256 c086fa86bfb9b045…

MALICIOUS

PDF

42.4 KB Created: 2018-12-28 08:08:50 +03:00 Authoring application: - (via Acrobat Distiller 10.1.10 (Windows))
MD5: 546214062745cb80421a6ef252035df0 SHA-1: b8a65517c95d519d3e55f2653de85e3395486b92 SHA-256: c086fa86bfb9b0456c054355255f8edbdf1b158f057e1b0e0a3d9b82a06a3c52
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF document was flagged by a critical heuristic for containing a large number of external links, suggesting a link farm or redirection mechanism. The ML classifier also indicated a high probability of maliciousness. While no scripts were extracted, the sheer volume of links points towards a social engineering attack, likely phishing or malware distribution, using the linked content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8872

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-bloomsbury-group-memoir-club.pdf
    • http://www.gorillawalker.com/progeny.pdf
    • http://www.gorillawalker.com/essentials-of-wisc-iv-assessment.pdf
    • http://www.gorillawalker.com/the-chamberlain-calendar-of-american-cooking.pdf
    • http://www.gorillawalker.com/the-e-sourcing-handbook-a-modern-guide-to-supply-and.pdf
    • http://www.gorillawalker.com/dinosaurs-a-to-z-dinosaur-train-padded-board-book.pdf
    • http://www.gorillawalker.com/saint-s-progress.pdf
    • http://www.gorillawalker.com/railways-and-trains-beginner-s-knowledge-series.pdf
    • http://www.gorillawalker.com/vroom-journal.pdf
    • http://www.gorillawalker.com/the-history-of-problem-gambling-temperance-substance-abuse-medicine-and.pdf
    • http://www.gorillawalker.com/picture-book-of-pennsylvania.pdf
    • http://www.gorillawalker.com/it-s-not-just-pr-public-relations-in-society.pdf
    • http://www.gorillawalker.com/ghost-woods-the-catalyst-3-kindle-edition.pdf
    • http://www.gorillawalker.com/clinical-social-work-supervision-practice-and-process-advancing-core-competencies.pdf
    • http://www.gorillawalker.com/forensic-science-advanced-investigations.pdf
    • http://www.gorillawalker.com/washashore.pdf
    • http://www.gorillawalker.com/fundamentals-of-biochemistry-student-companion-life-at-the-molecular-level.pdf
    • http://www.gorillawalker.com/aphrodite-ix-the-complete-series.pdf
    • http://www.gorillawalker.com/address-delivered-at-the-dedication-of-monument-of-the-14th.pdf
    • http://www.gorillawalker.com/the-age-of-the-infovore-succeeding-in-the-information-economy.pdf
    • http://www.gorillawalker.com/the-usaf-in-the-persian-gulf-war-lucrative-targets-the.pdf
    • http://www.gorillawalker.com/threepenny-opera-3-penny.pdf
    • http://www.gorillawalker.com/gourmet-cooking-for-two.pdf
    • http://www.gorillawalker.com/goya-el-ocaso-de-los-sue-os-spanish-edition.pdf
    • http://www.gorillawalker.com/charlie-moves-to-arizona-charlie-s-great-adventure.pdf
    • http://www.gorillawalker.com/playing-and-reality-revisited-a-new-look-at-winnicott-s.pdf
    • http://www.gorillawalker.com/never-misspell-that-word-again-the-21st-centruy-misspellers-dictionary.pdf
    • http://www.gorillawalker.com/women-beware-women-a-critical-guide-arden-renaissance-drama.pdf
    • http://www.gorillawalker.com/organic-reaction-mechanisms-2004-organic-reaction-mechanisms-series.pdf
    • http://www.gorillawalker.com/pausanias-description-of-greece-v-maps-plans-ilustrations-and-general.pdf
    • http://www.gorillawalker.com/viaje-a-trav-s-de-la-historia-de-la-danza.pdf
    • http://www.gorillawalker.com/christopher-marlowe-four-plays-tamburlaine-parts-one-and-two-the.pdf
    • http://www.gorillawalker.com/no-surrender-my-thirty-year-war-bluejacket-books-kindle-edition.pdf
    • http://www.gorillawalker.com/the-healthy-exchanges-diabetic-desserts-cookbook.pdf
    • http://www.gorillawalker.com/wilde-salome-plays-in-production.pdf
    • http://www.gorillawalker.com/why-it-s-hard-to-be-good.pdf
    • http://www.gorillawalker.com/how-to-reverse-arthritis-naturally.pdf
    • http://www.gorillawalker.com/mother-forest-the-unfinished-story-of-c-k-janu.pdf
    • http://www.gorillawalker.com/nutmeg-and-barley-a-budding-friendship.pdf
    • http://www.gorillawalker.com/chronicles-of-wasted-time.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.