Malicious PDF — malware analysis report

Static analysis result for SHA-256 cdb77858e140bf5b…

MALICIOUS

PDF

42.0 KB Created: 2018-11-15 18:32:31 +03:00 Authoring application: - (via Acrobat PDFWriter 3.02 for Windows NT)
MD5: 639da71cb18682665c2fd3abd275c1fb SHA-1: b833f6c0bd90ae4fece09cc5a5ed0739a97a87f4 SHA-256: cdb77858e140bf5b38bb680b877d235f0c56a71a9eac837cc6719645f4758baf
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links pointing to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML_NYX_PDF_MALICIOUS heuristic also flagged the document as malicious. The embedded URLs suggest a link farm or distribution mechanism, likely intended to manipulate search engine results or lead users to malicious content. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9027

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/natural-selling-concepts-the-best-way-to-sell.pdf
    • http://www.gorillawalker.com/strategic-planning-workbook-for-nonprofit-organizations-revised-and-updated.pdf
    • http://www.gorillawalker.com/2009-holt-elements-of-language-think-as-a-writer-course.pdf
    • http://www.gorillawalker.com/lalanne-s.pdf
    • http://www.gorillawalker.com/quaestiones-super-libros-metaphysicorum-aristotelis-books-vi-ix-works-john.pdf
    • http://www.gorillawalker.com/lives-cut-short-lives-cut-short-set-2.pdf
    • http://www.gorillawalker.com/the-water-of-life-a-treatise-on-urine-therapy.pdf
    • http://www.gorillawalker.com/world-futsal-magazine-plus-vol45-fc-barcelona-alusport-affiliation-lin.pdf
    • http://www.gorillawalker.com/how-black-was-our-sabbath-an-unauthorized-view-from-the.pdf
    • http://www.gorillawalker.com/chris-hemsworth-calendar-2015-wall-calendars-celebrity-calendars-monthly-wall.pdf
    • http://www.gorillawalker.com/2014-duck-dynasty-si-chology-wall-calendar.pdf
    • http://www.gorillawalker.com/bauxite-deposits-of-northwest-georgia-geological-survey-bulletin.pdf
    • http://www.gorillawalker.com/history-of-zionism.pdf
    • http://www.gorillawalker.com/united-nations-and-the-indonesian-takeover-of-west-papua-1962.pdf
    • http://www.gorillawalker.com/teaching-playskills-to-children-with-autistic-spectrum-disorder-a-practical.pdf
    • http://www.gorillawalker.com/the-beast-s-breeding-chamber-the-overlord-s-depraved-tales.pdf
    • http://www.gorillawalker.com/the-abcs-of-the-ucc.pdf
    • http://www.gorillawalker.com/modeling-groundwater-flow-and-pollution-theory-and-applications-of-transport.pdf
    • http://www.gorillawalker.com/the-critical-perspective-mid-victorian-chelsea-house-library-of-literary.pdf
    • http://www.gorillawalker.com/brenda-starr-the-complete-pre-code-comic-books-volume-2.pdf
    • http://www.gorillawalker.com/red-carpet-fashions-of-the-1990s-dover-paper-dolls.pdf
    • http://www.gorillawalker.com/national-geographic-february-1973-vol-143-no-2.pdf
    • http://www.gorillawalker.com/the-assassination-of-president-kennedy-dates-with-history.pdf
    • http://www.gorillawalker.com/general-investigations-of-curved-surfaces-of-1827-and-1825.pdf
    • http://www.gorillawalker.com/where-ancestors-cry.pdf
    • http://www.gorillawalker.com/handbook-of-nuclear-engineering-5-vol-set.pdf
    • http://www.gorillawalker.com/joseph-in-egypt.pdf
    • http://www.gorillawalker.com/math-puzzles-superstar-kindle-edition.pdf
    • http://www.gorillawalker.com/kittens-2016-calendar.pdf
    • http://www.gorillawalker.com/the-baccarat-case-gordon-cumming-v-wilson-and-others.pdf
    • http://www.gorillawalker.com/criminal-evidence-an-introduction-2nd-second-edition-by-worrall-john.pdf
    • http://www.gorillawalker.com/closer-to-god-each-day-devotional.pdf
    • http://www.gorillawalker.com/african-gods-contemporary-rituals-and-beliefs.pdf
    • http://www.gorillawalker.com/the-road-to-stalingrad-the-third-reich.pdf
    • http://www.gorillawalker.com/if-i-could-ask-you-anything-kindle-edition.pdf
    • http://www.gorillawalker.com/bali-the-emerald-isle-passport-s-regional-guides-of-indonesia.pdf
    • http://www.gorillawalker.com/seasonal-european-dishes.pdf
    • http://www.gorillawalker.com/top25-best-sale-higher-price-in-auction-february-2013-pedal.pdf
    • http://www.gorillawalker.com/italy-countries-around-the-world.pdf
    • http://www.gorillawalker.com/the-arrangement-16-the-ferro-family-volume-16.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.