Malicious PDF — malware analysis report

Static analysis result for SHA-256 cb812a1c755a23c5…

MALICIOUS

PDF

42.5 KB Created: 2018-11-15 19:34:13 +03:00 Authoring application: - (via Acrobat Distiller 5.0.1 for Macintosh)
MD5: f67e6ba52b1b4f1988353f6bb1c3957e SHA-1: bd8f2403f1ff8fe439d736266ec29a9e30b8ef54 SHA-256: cb812a1c755a23c5195dcd8b0786a86f6a3d24a17879a583a143a7d54c0e36cd
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious File

The PDF file was flagged by a machine learning classifier and contains a large number of embedded external links, a technique often used for SEO manipulation or to distribute further malicious content. The heuristic 'PDF_SEO_LINK_FARM' specifically indicates a mass external PDF link farm. No scripts were extracted from this sample, and the document body was heavily obfuscated, limiting further analysis of the specific lure.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8698

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/electronic-noses-sensors-for-the-detection-of-explosives-nato-science.pdf
    • http://www.gorillawalker.com/the-fascinating-world-of-the-sea-circling-the-globe-for.pdf
    • http://www.gorillawalker.com/reds-at-the-blackboard-communism-civil-rights-and-the-new.pdf
    • http://www.gorillawalker.com/how-to-draw-maps-and-charts-young-artist.pdf
    • http://www.gorillawalker.com/naruto-vol-63-world-of-dreams.pdf
    • http://www.gorillawalker.com/an-offer-we-can-t-refuse-the-mafia-in-the.pdf
    • http://www.gorillawalker.com/the-spirit-sets-us-free-confirmation-preparation-for-youth.pdf
    • http://www.gorillawalker.com/chinglish-tcg-edition.pdf
    • http://www.gorillawalker.com/made-to-order-wife-harlequin-comics.pdf
    • http://www.gorillawalker.com/you-wouldn-t-want-to-be-a-crusader-a-war.pdf
    • http://www.gorillawalker.com/in-a-queer-time-and-place-transgender-bodies-subcultural-lives.pdf
    • http://www.gorillawalker.com/meditations-in-green.pdf
    • http://www.gorillawalker.com/dna-of-the-gods-the-anunnaki-creation-of-eve-and.pdf
    • http://www.gorillawalker.com/comprehensive-curriculum-of-basic-skills-preschool.pdf
    • http://www.gorillawalker.com/cuckold-watching-my-wife-with-a-younger-man-husband-cuckolded.pdf
    • http://www.gorillawalker.com/gorse-number-three.pdf
    • http://www.gorillawalker.com/hockey-sobre-hielo-ice-hockey-deportes-action-sports-spanish-edition.pdf
    • http://www.gorillawalker.com/the-pin-up-art-of-jay-scott-pike-hardcover-ed.pdf
    • http://www.gorillawalker.com/cuba-the-land-of-miracles-a-journey-through-modern-cuba.pdf
    • http://www.gorillawalker.com/the-routledge-companion-to-translation-studies-routledge-companions.pdf
    • http://www.gorillawalker.com/labor-in-the-global-digital-economy-the-cybertariat-comes-of.pdf
    • http://www.gorillawalker.com/public-housing-myths-perception-reality-and-social-policy.pdf
    • http://www.gorillawalker.com/kaplan-8-practice-tests-for-the-new-sat-2016-kaplan.pdf
    • http://www.gorillawalker.com/genghis-khan-life-death-and-resurrection.pdf
    • http://www.gorillawalker.com/e-study-guide-for-structural-geology-of-rocks-and-regions.pdf
    • http://www.gorillawalker.com/my-life-based-on-the-book-gifted-hands.pdf
    • http://www.gorillawalker.com/introduction-to-cosmology.pdf
    • http://www.gorillawalker.com/staging-intercultural-ireland-new-plays-and-practitioner-perspectives.pdf
    • http://www.gorillawalker.com/in-fine-style-the-dancehall-art-of-wilfred-limonious.pdf
    • http://www.gorillawalker.com/chicks-and-balances-chicks-in-chainmail.pdf
    • http://www.gorillawalker.com/the-adventures-of-jane-stalwart-book-1-the-rebels-of.pdf
    • http://www.gorillawalker.com/a-father-s-memories-to-his-child.pdf
    • http://www.gorillawalker.com/the-summa-theologica-of-st-thomas-aquinas-five-volumes.pdf
    • http://www.gorillawalker.com/the-best-of-hook-bullet.pdf
    • http://www.gorillawalker.com/busted-the-rise-and-fall-of-art-schlichter.pdf
    • http://www.gorillawalker.com/a-quick-beginner-s-guide-to-institutional-effectiveness-kindle-edition.pdf
    • http://www.gorillawalker.com/the-mars-mystery-the-secret-connection-between-earth-and-the.pdf
    • http://www.gorillawalker.com/linguistic-profiles-going-from-form-to-meaning-via-statistics-cognitive.pdf
    • http://www.gorillawalker.com/if-not-for-love-kindle-edition.pdf
    • http://www.gorillawalker.com/wilder-than-the-rest-maclarens-of-fire-mountain-volume-6.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.