Malicious PDF — malware analysis report

Static analysis result for SHA-256 c0e539582e7ece12…

MALICIOUS

PDF

44.0 KB Created: 2018-11-23 20:55:22 +03:00 Authoring application: Adobe PageMaker 6.52 (via Acrobat Distiller 3.01 for Windows)
MD5: a14cfa104ae1ccb190a9ad6ca564aae0 SHA-1: 8407470aa64061283eea0403abaa000e36e95a71 SHA-256: c0e539582e7ece12b16a869c08c089c5e6c0e3641dda5dc42f676cd3b7854637
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded URLs pointing to other PDF files on the same domain, a technique commonly used for SEO manipulation or to distribute further malicious content. The ML classifier also flagged this PDF as malicious with a high score. No scripts were extracted, and the document body was unreadable.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8224

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/rosa-parks-and-the-montgomery-bus-boycott-lucent-library-of.pdf
    • http://www.gorillawalker.com/carrier-grade-voice-over-ip-mcgraw-hill-networking-professional-carrier.pdf
    • http://www.gorillawalker.com/obstructive-sleep-apnea-in-adults-advances-in-cardiology-kindle-edition.pdf
    • http://www.gorillawalker.com/drafting-legal-documents-principles-and-practices-american-casebook.pdf
    • http://www.gorillawalker.com/star-wars-art-sleeves-return-of-the-jedi.pdf
    • http://www.gorillawalker.com/are-you-allergic-a-guide-to-normal-living-for-allergic.pdf
    • http://www.gorillawalker.com/rites-of-the-dragon-vampire-the-requiem.pdf
    • http://www.gorillawalker.com/chaos-and-order-in-the-world-of-the-psyche-psychology.pdf
    • http://www.gorillawalker.com/transgender-feet-true-life-stories-of-tranny-alhena-adams-having.pdf
    • http://www.gorillawalker.com/a-cameron-never-can-yield-a-prisoner-of-war-s.pdf
    • http://www.gorillawalker.com/the-boats-of-men-of-war-chatham-shipshape.pdf
    • http://www.gorillawalker.com/the-white-man-in-nigeria.pdf
    • http://www.gorillawalker.com/the-oil-cringe-of-the-west-the-collected-essays-and.pdf
    • http://www.gorillawalker.com/reclaiming-god-s-original-purpose-for-your-life-god-s.pdf
    • http://www.gorillawalker.com/the-pencil-artist-s-handbook-hardcover.pdf
    • http://www.gorillawalker.com/honolulu-hawaii.pdf
    • http://www.gorillawalker.com/the-english-ritual-a-companion-to-the-english-missal.pdf
    • http://www.gorillawalker.com/reason-after-its-eclipse-on-late-critical-theory-george-l.pdf
    • http://www.gorillawalker.com/hucow-diaries-my-billionaire-boss.pdf
    • http://www.gorillawalker.com/pocket-atlas-of-dermatology-thieme-flexibook.pdf
    • http://www.gorillawalker.com/betty-crocker-indian-home-cooking-betty-crocker-cooking.pdf
    • http://www.gorillawalker.com/hiking-trails-of-the-joyce-kilmer-slickrock-and-citco-creek.pdf
    • http://www.gorillawalker.com/us-commodity-futures-trading-handbook-volume-1-strategic-information-and.pdf
    • http://www.gorillawalker.com/on-the-rim-of-the-caribbean-colonial-georgia-and-the.pdf
    • http://www.gorillawalker.com/magnetismo-personal-hipnotismo-mesmerismo-y-fascinaci-n-spanish-edition.pdf
    • http://www.gorillawalker.com/the-giants-of-patagonia-captain-bourne-s-account-of-his.pdf
    • http://www.gorillawalker.com/no-spark-of-malice-the-murder-of-martin-begnaud.pdf
    • http://www.gorillawalker.com/armageddon-rules-a-grimm-agency-novel.pdf
    • http://www.gorillawalker.com/cal-98-mickey-garden-16-month.pdf
    • http://www.gorillawalker.com/biostatistics-experimental-design-and-statistical-inference.pdf
    • http://www.gorillawalker.com/the-new-horizon-ladder-dictionary-of-the-english-language.pdf
    • http://www.gorillawalker.com/quality-assurance-problem-solving-and-training-strategies-for-success-in.pdf
    • http://www.gorillawalker.com/financial-mortgage-payment-table-publication-no-593-revised.pdf
    • http://www.gorillawalker.com/dream-of-the-rarebit-fiend-definitive-volume.pdf
    • http://www.gorillawalker.com/the-questions-of-king-milinda-the-milinda-panha.pdf
    • http://www.gorillawalker.com/jane-brody-s-allergy-fighter-relieve-the-misery-of-nasal.pdf
    • http://www.gorillawalker.com/concrete-formwork.pdf
    • http://www.gorillawalker.com/selling-today-12th-edition.pdf
    • http://www.gorillawalker.com/thomas-jefferson-rookie-biographies.pdf
    • http://www.gorillawalker.com/a-coaching-alphabet.pdf
    • http://www.gorillawalker.com/drafting-legal
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.