Malicious PDF — malware analysis report

Static analysis result for SHA-256 ce34d8d0a06841f5…

MALICIOUS

PDF

45.2 KB Created: 2018-12-07 18:28:22 +03:00 Authoring application: Adobe InDesign CC 2017 (Windows) (via Adobe PDF Library 15.0)
MD5: 86aacc6b06b5edeab48fe2010202ff43 SHA-1: f3cd98e35de0dbb8ad22669263a48f95cadce0a7 SHA-256: ce34d8d0a06841f529812dcb5bf64737cb2b17a508527cfe50f23a56521eb5b2
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of external links, identified by the PDF_SEO_LINK_FARM heuristic. These links point to various PDF documents hosted on the same domain, suggesting a link farm or a distribution point for malicious content. The ML_NYX_PDF_MALICIOUS heuristic also flagged the document with high confidence. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8634

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/standard-of-excellence-enhanced-band-method-for-bass-clarinet-two.pdf
    • http://www.gorillawalker.com/the-neighborhood-mint-dahlonega-in-the-age-of-jackson.pdf
    • http://www.gorillawalker.com/reading-comprehension-series-student-edition-grade-2-claws-and-paws.pdf
    • http://www.gorillawalker.com/funding-of-political-parties-and-election-campaigns.pdf
    • http://www.gorillawalker.com/colombian-navigator-or-sailing-directory-for-the-american-coasts-and.pdf
    • http://www.gorillawalker.com/the-cult-of-the-virgin-mary.pdf
    • http://www.gorillawalker.com/hidden-probabilities-hard-core-research-for-x-rated-horseplayers.pdf
    • http://www.gorillawalker.com/family-maps-of-page-county-iowa.pdf
    • http://www.gorillawalker.com/birthday-jewelry-book.pdf
    • http://www.gorillawalker.com/twenty-four-italian-songs-and-arias-of-the-seventeenth-and.pdf
    • http://www.gorillawalker.com/special-education-contemporary-perspectives-for-school-professionals-video-enhanced-pearson.pdf
    • http://www.gorillawalker.com/the-fabulous-book-of-me-a-journal-that-s-all.pdf
    • http://www.gorillawalker.com/a-history-of-the-israeli-palestinian-conflict-indiana-series-in.pdf
    • http://www.gorillawalker.com/heroin-drug-dangers.pdf
    • http://www.gorillawalker.com/mind-the-gap-the-cracks-in-the-american-retirement-system.pdf
    • http://www.gorillawalker.com/hip-hop-fashion-health.pdf
    • http://www.gorillawalker.com/ama-handbook-for-customer-satisfaction.pdf
    • http://www.gorillawalker.com/how-to-turn-garbage-into-gold-101-plush-toys-you.pdf
    • http://www.gorillawalker.com/contraception-a-history.pdf
    • http://www.gorillawalker.com/block-city-incredible-minecraft-worlds-how-to-build-like-a.pdf
    • http://www.gorillawalker.com/nascar-in-the-driver-s-seat-the-science-of-nascar.pdf
    • http://www.gorillawalker.com/the-making-of-game-s-the-r-e-d-album.pdf
    • http://www.gorillawalker.com/black-s-law-dictionary-deluxe-ninth-edition-black-s-law.pdf
    • http://www.gorillawalker.com/say-no-to-diabetes-10-secrets-to-preventing-and-reversing.pdf
    • http://www.gorillawalker.com/hacking-the-earthship-in-search-of-an-earth-shelter-that.pdf
    • http://www.gorillawalker.com/seasons-of-misery-catastrophe-and-colonial-settlement-in-early-america.pdf
    • http://www.gorillawalker.com/acme-s-house-of-humor-it-ll-hurt-doctor-jokes.pdf
    • http://www.gorillawalker.com/i-classici-della-musica-italiana-volume-23-italian-edition.pdf
    • http://www.gorillawalker.com/hungry-lightning-notes-of-a-woman-anthropologist-in-venezuela.pdf
    • http://www.gorillawalker.com/how-to-create-and-deliver-winning-advertising-presentations.pdf
    • http://www.gorillawalker.com/primary-low-vision-care.pdf
    • http://www.gorillawalker.com/taken-by-the-alien-tentacles.pdf
    • http://www.gorillawalker.com/particle-accelerators-international-series-in-pure-and-applied-physics.pdf
    • http://www.gorillawalker.com/the-perilous-sea-elemental-trilogy-book-2-the-elemental-trilogy.pdf
    • http://www.gorillawalker.com/handbook-of-handicap-go-analysis-of-nine-through-three-stone.pdf
    • http://www.gorillawalker.com/mary-emma-company-the-little-britches-series-unabridged.pdf
    • http://www.gorillawalker.com/total-intimacy-a-guide-to-loving-by-color.pdf
    • http://www.gorillawalker.com/scream-a-screenplay.pdf
    • http://www.gorillawalker.com/woodsworking-women.pdf
    • http://www.gorillawalker.com/andrea-robinson-s-2011-wine-buying-guide-for-everyone-andrea.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.