Malicious PDF — malware analysis report

Static analysis result for SHA-256 c8853494b71d0ff0…

MALICIOUS

PDF

43.5 KB Created: 2018-12-15 20:00:50 +03:00 Authoring application: Adobe InDesign CS6 (Macintosh) (via 3-Heights(TM) PDF Optimization Shell 4.6.23.0 (http://www.pdf-tools.com))
MD5: d901b3598802dd747c9e28964a5fb2b4 SHA-1: 11ede4f2f545e54b2418906f1d11b375ab2d33b8 SHA-256: c8853494b71d0ff00598a51a1c10e0e6802a61288a2461c3efee7e6878e56e32
98 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of external links, identified by the PDF_SEO_LINK_FARM heuristic, suggesting a link farm or redirection scheme. The ML_NYX_PDF_MALICIOUS heuristic also flagged the document with high confidence. While no scripts were extracted, the presence of numerous links and the ML classification strongly indicate a malicious intent to redirect users to potentially harmful content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9016

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
    Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/males-with-eating-disorders-brunner-mazel-eating-disorders-monograph-series.pdf
    • http://www.gorillawalker.com/australian-big-cats-an-unnatural-history-of-panthers.pdf
    • http://www.gorillawalker.com/core-curriculum-for-holistic-nursing.pdf
    • http://www.gorillawalker.com/the-art-of-robert-mccall-a-celebration-of-our-future.pdf
    • http://www.gorillawalker.com/the-cambridge-introduction-to-comedy-cambridge-introductions-to-literature.pdf
    • http://www.gorillawalker.com/the-intelligence-men-makers-of-the-i-q-controversy.pdf
    • http://www.gorillawalker.com/organic-mechanisms-reactions-methodology-and-biological-applications.pdf
    • http://www.gorillawalker.com/management-of-network-security.pdf
    • http://www.gorillawalker.com/tutorial-guide-to-autocad-2012-2d.pdf
    • http://www.gorillawalker.com/independence-day-holidays-festivals-celebrations.pdf
    • http://www.gorillawalker.com/word-of-honor.pdf
    • http://www.gorillawalker.com/julius-caesar-the-graphic-novel-campfire-classics.pdf
    • http://www.gorillawalker.com/land-of-10-000-loves-a-history-of-queer-minnesota.pdf
    • http://www.gorillawalker.com/old-time-tools-toys-of-needlework.pdf
    • http://www.gorillawalker.com/hardcore-redemption-in-law-commercial-freedom-release.pdf
    • http://www.gorillawalker.com/my-baby-sister-humber-and-plum-book-2.pdf
    • http://www.gorillawalker.com/the-most-unbelievable-first-day-of-school-a-storytime-book.pdf
    • http://www.gorillawalker.com/the-original-olympics.pdf
    • http://www.gorillawalker.com/the-complete-book-of-running-the-definitive-handbook-for-runners.pdf
    • http://www.gorillawalker.com/mythological-atlas-of-greece.pdf
    • http://www.gorillawalker.com/the-art-of-flying-general-aviation-reading-series.pdf
    • http://www.gorillawalker.com/bodybuilding-basics.pdf
    • http://www.gorillawalker.com/the-joke-s-over-bruised-memories-gonzo-hunter-s-thompson.pdf
    • http://www.gorillawalker.com/i-survived-11-i-survived-the-great-chicago-fire-1871.pdf
    • http://www.gorillawalker.com/humbler-than-dust-a-retired-couple-visits-the-real-india.pdf
    • http://www.gorillawalker.com/the-church-as-hermeneutical-community-and-the-place-of-embodied.pdf
    • http://www.gorillawalker.com/there-will-be-wonderful-surprises.pdf
    • http://www.gorillawalker.com/eating-out-guide-edinburgh-glasgow-lothian-and-borders.pdf
    • http://www.gorillawalker.com/from-turbulence-to-climate-numerical-investigations-of-the-atmosphere-with.pdf
    • http://www.gorillawalker.com/the-chronicles-of-master-li-and-number-ten-ox-kindle.pdf
    • http://www.gorillawalker.com/all-aboard-the-canadian-rockies-by-train.pdf
    • http://www.gorillawalker.com/the-matthew-effect-how-advantage-begets-further-advantage.pdf
    • http://www.gorillawalker.com/ash-a-destined-novel.pdf
    • http://www.gorillawalker.com/pull-your-pants-up-finally-a-bmx-guide-for-the.pdf
    • http://www.gorillawalker.com/watercolor-step-by-step.pdf
    • http://www.gorillawalker.com/cornell-seminars-in-nephrology-perspectives-in-nephrology-and-hypertension-v.pdf
    • http://www.gorillawalker.com/ultimate-sticker-book-diggers-and-dumpers-ultimate-sticker-books.pdf
    • http://www.gorillawalker.com/the-choreography-of-object-relations-advances-in-dance-movement-therapy.pdf
    • http://www.gorillawalker.com/combinatorial-group-theory-presentations-of-groups-in-terms-of-generators.pdf
    • http://www.gorillawalker.com/seed-to-seed-seed-saving-and-growing-techniques-for-vegetable.pdf
    • http://www.gorillawalker.com/the-cambridge-introduction-to-comedy
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://www.pdf-tools.com
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    +1 more URL(s)

Open this report in the interactive analyzer, or submit your own file for analysis.