Malicious PDF — malware analysis report

Static analysis result for SHA-256 c50f7088efadc0ff…

MALICIOUS

PDF

42.7 KB Created: 2018-12-07 18:27:26 +03:00 Authoring application: FrameMaker 11.0 (via Acrobat Distiller 11.0 (Windows))
MD5: bdbbd17fe1912971e8aec69b8accbdd6 SHA-1: 7b0b1c1ba9d887118c5c2a81782a4651ef0f7565 SHA-256: c50f7088efadc0fffc6da95c202cc40f0bba0c9bb58ebd335a752dfceca1b532
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF file was flagged by a machine learning classifier as malicious. It contains a large number of embedded URLs, identified as a 'PDF_SEO_LINK_FARM' heuristic, suggesting a phishing or redirection attempt. The document body is heavily obfuscated and does not provide clear textual lures, but the sheer volume of links points to a malicious intent to drive traffic to external sites.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8469

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/us-foreign-policy-and-the-iranian-revolution-the-cold-war.pdf
    • http://www.gorillawalker.com/le-banquet.pdf
    • http://www.gorillawalker.com/bound-to-you-volume-1-millionaire-s-row-kindle-edition.pdf
    • http://www.gorillawalker.com/running-with-the-demon-the-word-and-the-void-trilogy.pdf
    • http://www.gorillawalker.com/soil-physics-selected-topics-developments-in-geotechnical-engineering.pdf
    • http://www.gorillawalker.com/god-and-the-end-of-satan-dieu-and-la-fin.pdf
    • http://www.gorillawalker.com/pajanimals-squacky-and-the-gift-of-christmas.pdf
    • http://www.gorillawalker.com/arabic-behind-enemy-lines-saved-by-a-secret-weapon-arabic.pdf
    • http://www.gorillawalker.com/chester-county-pennsylvania-usa-city-maps-pennsylvania.pdf
    • http://www.gorillawalker.com/reptiles-and-amphibians-of-minnesota.pdf
    • http://www.gorillawalker.com/the-encyclopedia-of-supreme-court-quotations.pdf
    • http://www.gorillawalker.com/one-brave-cowboy.pdf
    • http://www.gorillawalker.com/the-vinland-sagas-penguin-classics.pdf
    • http://www.gorillawalker.com/finding-passion-in-the-nursing-home-how-to-love-your.pdf
    • http://www.gorillawalker.com/wanderings-chaim-potok-s-history-of-the-jews.pdf
    • http://www.gorillawalker.com/the-storm-whale.pdf
    • http://www.gorillawalker.com/the-art-of-the-conductor-the-definitive-guide-to-music.pdf
    • http://www.gorillawalker.com/worst-tattoos-ever-kindle-edition.pdf
    • http://www.gorillawalker.com/identity-theft-and-other-stories.pdf
    • http://www.gorillawalker.com/blank-cookbook-my-favorite-recipes-create-your-own-cookbook-keep.pdf
    • http://www.gorillawalker.com/vagen.pdf
    • http://www.gorillawalker.com/power-of-vitamin-d-a-vitamin-d-book-that-contains.pdf
    • http://www.gorillawalker.com/united-states-authors-series-gloria-naylor-twayne-s-united-states.pdf
    • http://www.gorillawalker.com/christianity-and-barthianism-paperback.pdf
    • http://www.gorillawalker.com/smarter-charts-k-2-optimizing-an-instructional-staple-to-create.pdf
    • http://www.gorillawalker.com/ibibio-pioneers-in-modern-nigerian-history.pdf
    • http://www.gorillawalker.com/pro-single-page-application-development-using-backbone-js-and-asp.pdf
    • http://www.gorillawalker.com/repairing-eden-humility-mysticism-and-the-existential-problem-of-religious.pdf
    • http://www.gorillawalker.com/tattoo-beautiful.pdf
    • http://www.gorillawalker.com/inhomogeneous-cosmological-models.pdf
    • http://www.gorillawalker.com/shadow-yoga-chaya-yoga-the-principles-of-hatha-yoga.pdf
    • http://www.gorillawalker.com/serious-fun-with-flexagons-a-compendium-and-guide-solid-mechanics.pdf
    • http://www.gorillawalker.com/russia-s-rome-imperial-visions-messianic-dreams-1890-150-1940.pdf
    • http://www.gorillawalker.com/blue-lights-in-the-night.pdf
    • http://www.gorillawalker.com/europaisches-medienrecht-fernsehen-und-seine-gemeinschaftsrechtliche-regelung-european-media-law.pdf
    • http://www.gorillawalker.com/stone-horse-mustang-mountain.pdf
    • http://www.gorillawalker.com/forgetting-to-remember-religious-remembrance-and-the-literary-response-to.pdf
    • http://www.gorillawalker.com/ancient-athens.pdf
    • http://www.gorillawalker.com/buyways-billboards-automobiles-and-the-american-landscape-cultural-spaces.pdf
    • http://www.gorillawalker.com/the-battle-of-hussainiwala-and-qaiser-i-hind-the-1971.pdf
    • http://www.gorillawalker.c
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.