Malicious PDF — malware analysis report

Static analysis result for SHA-256 c8953cf6bf3b95b9…

MALICIOUS

PDF

46.3 KB Created: 2018-11-23 08:08:09 +03:00 Authoring application: Word (via Mac OS X 10.10.5 Quartz PDFContext)
MD5: 6bbf8c53bc43d96c913a28bb299b8d40 SHA-1: 0343a7e5729751681e0491818d23bcb8cc1da58d SHA-256: c8953cf6bf3b95b9c0daa9670691f8a9c530dd6540ed46b7a265b1e6557742dc
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF file contains a large number of embedded URLs, identified by the PDF_SEO_LINK_FARM heuristic, which suggests a link farm or redirection tactic. The ML classifier also flagged the document as malicious. No scripts were extracted from this sample. The primary attack pattern involves directing users to a multitude of external PDF documents hosted on the same domain.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8480

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/nystce-last-liberal-arts-and-science-test-001-teacher-certification.pdf
    • http://www.gorillawalker.com/transcending-traditions-thurayya-al-baqsami-a-creative-compilation-poetry-prose.pdf
    • http://www.gorillawalker.com/2011-cat-fancy-box-calendar.pdf
    • http://www.gorillawalker.com/an-ill-fated-fort-the-true-story-of-young-colonist.pdf
    • http://www.gorillawalker.com/divine-guidance-oracle-cards.pdf
    • http://www.gorillawalker.com/a-dictionary-of-american-and-english-law-with-definitions-of.pdf
    • http://www.gorillawalker.com/the-complete-works-of-mark-twain-the-novels-short-stories.pdf
    • http://www.gorillawalker.com/a-study-of-pediatric-emergency-room-utilization-and-implications-at.pdf
    • http://www.gorillawalker.com/combinatorial-pattern-matching.pdf
    • http://www.gorillawalker.com/sweet-dreams-lust-of-an-incubus-gay-tentacle-erotica.pdf
    • http://www.gorillawalker.com/principles-of-physical-geology-dantes-dsst-test-study-guide-pass.pdf
    • http://www.gorillawalker.com/the-southern-belle-s-handbook-sissy-leblanc-s-rules-to.pdf
    • http://www.gorillawalker.com/telemorphosis-theory-in-the-era-of-climate-change-volume-1.pdf
    • http://www.gorillawalker.com/automotive-excellence-student-edition-volume-1.pdf
    • http://www.gorillawalker.com/born-to-run-the-brittany-young-story-touchdown-edition-future.pdf
    • http://www.gorillawalker.com/blue-island-s-raceway-park-images-of-america.pdf
    • http://www.gorillawalker.com/abacus-mind-math-level-1-workbook-1-of-2-excel.pdf
    • http://www.gorillawalker.com/hungry-waters.pdf
    • http://www.gorillawalker.com/queer-theory-law-culture-empire.pdf
    • http://www.gorillawalker.com/be-my-guest.pdf
    • http://www.gorillawalker.com/a-letter-from-frank-the-second-world-war-through-the.pdf
    • http://www.gorillawalker.com/eight-habits-of-the-heart-embracing-the-values-that-build.pdf
    • http://www.gorillawalker.com/cowboy-romp-cowboy-sex-story-short-and-sweet-sky-ashton.pdf
    • http://www.gorillawalker.com/noah-and-the-ark-and-david-and-goliath.pdf
    • http://www.gorillawalker.com/venables-england-the-making-of-the-team.pdf
    • http://www.gorillawalker.com/creative-training-idea-book-the-inspired-tips-and-techniques-for.pdf
    • http://www.gorillawalker.com/lll-a-christmas-story-iii-a-christmas-story.pdf
    • http://www.gorillawalker.com/y-tu-que-sabes-what-the-bleep-do-you-we.pdf
    • http://www.gorillawalker.com/my-life-as-a-furry-red-monster-what-being-elmo.pdf
    • http://www.gorillawalker.com/xenology-notes-and-research-from-the-alien-bestiary-of-biegel.pdf
    • http://www.gorillawalker.com/craquez-pour-les-tartes-tatins-crumbles-meringu-es-sal-es.pdf
    • http://www.gorillawalker.com/railroad-picture-book-american-antiquarian-society.pdf
    • http://www.gorillawalker.com/sharepoint-2010-for-project-management.pdf
    • http://www.gorillawalker.com/the-complete-dusty-springfield.pdf
    • http://www.gorillawalker.com/producing-hit-records.pdf
    • http://www.gorillawalker.com/modern-world-history-patterns-of-interaction-california-edition.pdf
    • http://www.gorillawalker.com/imago-hominis-studies-in-the-language-of-art.pdf
    • http://www.gorillawalker.com/beginning-apologetics-9-how-to-answer-muslims.pdf
    • http://www.gorillawalker.com/play-therapy-interventions-to-enhance-resilience-creative-arts-and-play.pdf
    • http://www.gorillawalker.com/inner-yearnings-16-tales-of-sensual-suspense.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.