Malicious PDF — malware analysis report

Static analysis result for SHA-256 ccdead6f906afce3…

MALICIOUS

PDF

38.1 KB Created: 2018-11-30 20:31:32 +03:00 Authoring application: Acrobat PDFMaker 10.1 for Word (via Adobe PDF Library 10.0)
MD5: 3938e8386b61bf8916e1341ae6ee494a SHA-1: 0963d57ce2952c0bc80e4b8c6364520b0d77200d SHA-256: ccdead6f906afce3061c41624a12b60870da13ea43810ac5c9f9bef3de920455
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Phishing: Spearphishing Attachment T1204.002 Malicious File: Malicious Link

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged the document as malicious. The primary attack pattern appears to be the creation of a link farm, likely to manipulate search engine results or to distribute a large volume of potentially malicious documents from a single domain.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8591

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/vampirates-empire-of-night.pdf
    • http://www.gorillawalker.com/georgia-immigration-laws-and-regulations-handbook-strategic-information-and-basic.pdf
    • http://www.gorillawalker.com/kenneth-clarke.pdf
    • http://www.gorillawalker.com/gulliver-s-travels-young-reading-2.pdf
    • http://www.gorillawalker.com/katy-steding-pro-basketball-pioneer-lerner-sports-achievers.pdf
    • http://www.gorillawalker.com/schwarz-and-lathrope-s-fundamentals-of-partnership-taxation-9th-university.pdf
    • http://www.gorillawalker.com/cambridge-checkpoints-vce-physics-2-2000.pdf
    • http://www.gorillawalker.com/handbook-of-thermoplastic-elastomers.pdf
    • http://www.gorillawalker.com/br-jula-para-el-ministerio-evang-lico-la.pdf
    • http://www.gorillawalker.com/6-romances-op-6-none-but-the-lonely-heart-no.pdf
    • http://www.gorillawalker.com/chloe-gn.pdf
    • http://www.gorillawalker.com/disciplines-of-a-godly-young-man.pdf
    • http://www.gorillawalker.com/dowsing-with-maps.pdf
    • http://www.gorillawalker.com/a-painless-detox-no-more-excuses.pdf
    • http://www.gorillawalker.com/spaced-out-moon-base-alpha.pdf
    • http://www.gorillawalker.com/medical-pocket-reference-drugs-2001.pdf
    • http://www.gorillawalker.com/danish-eyewitness-travel-packs.pdf
    • http://www.gorillawalker.com/dragon-ball-daizenshu-dragon-ball-daijiten.pdf
    • http://www.gorillawalker.com/recorder-styles-20-duos-schott-popular-music-soprano-et-fl.pdf
    • http://www.gorillawalker.com/the-aviation-history-of-tennessee.pdf
    • http://www.gorillawalker.com/travels-on-the-dance-floor.pdf
    • http://www.gorillawalker.com/solos-for-young-violists-viola-part-and-piano-acc-volume.pdf
    • http://www.gorillawalker.com/receiving-the-marrow-teachings-on-dogen-by-soto-zen-women.pdf
    • http://www.gorillawalker.com/radiation-and-matter-volume-1-kleczek-josip-space-sciences-dictionary.pdf
    • http://www.gorillawalker.com/releasing-the-seer-s-gift-in-you-unabridged-audible-audio.pdf
    • http://www.gorillawalker.com/not-her-kindle-edition.pdf
    • http://www.gorillawalker.com/the-art-of-war-enhanced-e-book-edition-illustrated-includes.pdf
    • http://www.gorillawalker.com/development-co-operation-2003-report-development-co-operation-report-efforts.pdf
    • http://www.gorillawalker.com/the-fragrant-heavens-paperback.pdf
    • http://www.gorillawalker.com/legitimacy-and-drones-investigating-the-legality-morality-and-efficacy-of.pdf
    • http://www.gorillawalker.com/historia-del-mundo-contada-para-esc-pticos-spanish-edition.pdf
    • http://www.gorillawalker.com/great-asian-brands-tiger-beer.pdf
    • http://www.gorillawalker.com/deafening-a-novel.pdf
    • http://www.gorillawalker.com/space-science-cover-ups-the-truth-about-the-moon-mars.pdf
    • http://www.gorillawalker.com/divorce-and-family-mediation-models-techniques-and-applications.pdf
    • http://www.gorillawalker.com/draping-basics.pdf
    • http://www.gorillawalker.com/kirk-othmer-encyclopedia-of-chemical-technology-sugar-to-thin-films.pdf
    • http://www.gorillawalker.com/the-works-of-john-wesley-volume-18-journal-and-diaries.pdf
    • http://www.gorillawalker.com/blender-foundations-the-essential-guide-to-learning-blender-2-6.pdf
    • http://www.gorillawalker.com/schroder-a-novel.pdf
    • http://www.gorillawalker.com/schwarz-a
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.