Malicious PDF — malware analysis report

Static analysis result for SHA-256 c7d050b27b1e529a…

MALICIOUS

PDF

41.5 KB Created: 2018-11-14 08:15:31 +03:00 Authoring application: FineReader (via -)
MD5: 370d421a372f85d66e29044bafdcdd9d SHA-1: 26793718a1bde6f7a344319787e3f03fccd970b6 SHA-256: c7d050b27b1e529adf66c6ad1a87720b6e6add62d3439141d8ed1339c0acb78e
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded URLs pointing to external resources, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged this PDF as malicious. While no scripts were extracted, the sheer volume of links suggests a malicious intent, possibly to redirect users to phishing sites or to distribute further malware. The document body was heavily obfuscated and unreadable.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/international-economics-a-policy-approach-2nd-edition.pdf
    • http://www.gorillawalker.com/3-rhapsodies-op-7-rapsodie-bretonne-op-7bis-nos-1.pdf
    • http://www.gorillawalker.com/flowers-in-acrylics-ready-to-paint.pdf
    • http://www.gorillawalker.com/holt-komm-mit-student-edition-level-1-2000.pdf
    • http://www.gorillawalker.com/live-sound-reinforcement-mix-pro-audio-series.pdf
    • http://www.gorillawalker.com/realistic-model-railroad-operation-layout-design-and-planning.pdf
    • http://www.gorillawalker.com/time-winds-international-translation-series-book.pdf
    • http://www.gorillawalker.com/human-toxicology-of-chemical-mixtures-second-edition.pdf
    • http://www.gorillawalker.com/principles-of-contractual-interpretation.pdf
    • http://www.gorillawalker.com/kirchenasyl-zeitgeschichtliche-und-rechtliche-aspekte-europaeische-hochschulschriften-european-university-studie.pdf
    • http://www.gorillawalker.com/quakers-in-the-american-colonies-the.pdf
    • http://www.gorillawalker.com/sweden-and-the-swedes.pdf
    • http://www.gorillawalker.com/juliana-and-the-wolf.pdf
    • http://www.gorillawalker.com/diary-of-a-disbarred-lawyer-an-autobiography.pdf
    • http://www.gorillawalker.com/chef-maurice-and-the-wrath-of-grapes-chef-maurice-mysteries.pdf
    • http://www.gorillawalker.com/decongestion-seven-steps-for-mayors-and-other-city-leaders-to.pdf
    • http://www.gorillawalker.com/the-new-leadership-challenge-creating-the-future-of-nursing-3th.pdf
    • http://www.gorillawalker.com/the-comedy-of-errors-oxford-shakespeare.pdf
    • http://www.gorillawalker.com/pile-design-and-construction-practice-fifth-edition.pdf
    • http://www.gorillawalker.com/paper-bots-papermade.pdf
    • http://www.gorillawalker.com/martin-luther-king-jr-a-profile-american-century.pdf
    • http://www.gorillawalker.com/reconstructing-illness-studies-in-pathography.pdf
    • http://www.gorillawalker.com/create-success-unlocking-the-potential-of-urban-students.pdf
    • http://www.gorillawalker.com/ccg-outcomes-indicator-set-september-2015-release-digital.pdf
    • http://www.gorillawalker.com/the-proceedings-of-the-governor-and-assembly-of-jamaica-in.pdf
    • http://www.gorillawalker.com/colloquial-swedish.pdf
    • http://www.gorillawalker.com/used-by-daddy-in-the-adult-toy-store-taboo-seduced.pdf
    • http://www.gorillawalker.com/opere-di-scipione-maffei-italian-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/mcgraw-hill-s-taxation-of-individuals-2015-edition.pdf
    • http://www.gorillawalker.com/susquehanna-river-of-dreams.pdf
    • http://www.gorillawalker.com/seven-nights-in-a-rogue-s-bed-sons-of-sin.pdf
    • http://www.gorillawalker.com/english-phonetics-and-phonology-a-practical-course.pdf
    • http://www.gorillawalker.com/diabetes-epidemic-you.pdf
    • http://www.gorillawalker.com/authoritarian-brazil-origins-policies-and-future.pdf
    • http://www.gorillawalker.com/ancient-greek-portrait-sculpture-contexts-subjects-and-styles.pdf
    • http://www.gorillawalker.com/stake-your-claim-how-to-find-gold-and-stake-a.pdf
    • http://www.gorillawalker.com/the-butt-ry-shelf-cookbook.pdf
    • http://www.gorillawalker.com/school-of-chess-excellence-2-tactical-play.pdf
    • http://www.gorillawalker.com/morning-hacks-7-steps-to-maximize-your-day-kindle-edition.pdf
    • http://www.gorillawalker.com/busy-lawyer-s-guide-to-online-resources-law-office-series.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.