Malicious PDF — malware analysis report

Static analysis result for SHA-256 cebe5e1fc188326d…

MALICIOUS

PDF

43.4 KB Created: 2018-11-15 18:32:33 +03:00 Authoring application: Adobe InDesign CS2 (4.0) (via Adobe PDF Library 7.0)
MD5: cb7f19874d10358277914004d9257ec4 SHA-1: e9633809b5d1e97cb65e86e9478bb1d11f4c2b70 SHA-256: cebe5e1fc188326dcfbd5455632a9e5c465b3d20d59e7d179e56dd810156d395
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF was flagged by a machine learning classifier as malicious and contains a large number of external links, indicating a link farm or distribution mechanism. The primary heuristic indicates a 'PDF_SEO_LINK_FARM' with 32 external links, the first of which is http://www.gorillawalker.com/as-i-said-visible-poets.pdf. No scripts were extracted from this sample, and the document body was heavily obfuscated.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9171

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/as-i-said-visible-poets.pdf
    • http://www.gorillawalker.com/inevitable-act-ii-kindle-edition.pdf
    • http://www.gorillawalker.com/book-of-puzzles-and-brain-teasers.pdf
    • http://www.gorillawalker.com/shielded-metal-arc-welding.pdf
    • http://www.gorillawalker.com/san-francisco-food-lover-s-guide.pdf
    • http://www.gorillawalker.com/pattadakal-monumental-legacy.pdf
    • http://www.gorillawalker.com/andy-warhol-address-book.pdf
    • http://www.gorillawalker.com/mineral-impurities-in-coal-combustion-behavior-problems-remedial-measures.pdf
    • http://www.gorillawalker.com/colorforms-abc-book.pdf
    • http://www.gorillawalker.com/a-generalized-united-atom-approach-for-the-evaluation-of-molecular.pdf
    • http://www.gorillawalker.com/asthma-care.pdf
    • http://www.gorillawalker.com/absolutely-truly-a-pumpkin-falls-mystery.pdf
    • http://www.gorillawalker.com/cast-iron-cookbook-delicious-recipes-for-cast-iron-skillet-cooking.pdf
    • http://www.gorillawalker.com/the-musical-life.pdf
    • http://www.gorillawalker.com/when-the-sun-bursts-the-enigma-of-schizophrenia.pdf
    • http://www.gorillawalker.com/fred-harvey-jewelry-1900-1955.pdf
    • http://www.gorillawalker.com/unforgiven-jason-and-the-underworld-kindle-edition.pdf
    • http://www.gorillawalker.com/a-second-defence-of-the-dissertation-upon-the-eclipse-mentioned.pdf
    • http://www.gorillawalker.com/art-kids-and-christian-education-how-to-use-art-in.pdf
    • http://www.gorillawalker.com/self-injury-psychotherapy-with-people-who-engage-in-self-inflicted.pdf
    • http://www.gorillawalker.com/adobe-creative-suite-6-design-and-web-premium-digital-classroom.pdf
    • http://www.gorillawalker.com/geometric-puzzle-design-2nd-second-edition-bycoffin.pdf
    • http://www.gorillawalker.com/connecticut-wild-scenic-2015-square-12x12.pdf
    • http://www.gorillawalker.com/digital-design-2nd-second-edition-byvahid.pdf
    • http://www.gorillawalker.com/nude-pictures-of-sexy-girls-in-the-pool-kindle-edition.pdf
    • http://www.gorillawalker.com/chemical-engineering-volume-2-unit-operations.pdf
    • http://www.gorillawalker.com/the-life-cycle-of-an-earthworm.pdf
    • http://www.gorillawalker.com/a-practical-guide-to-successful-exporting-a-premier-export-resource.pdf
    • http://www.gorillawalker.com/following-the-fugitive-an-episode-guide-and-handbook-to-the.pdf
    • http://www.gorillawalker.com/dictionary-of-horticulture-the-national-gardening-association.pdf
    • http://www.gorillawalker.com/ohio-consumer-law-2014-2015-ed-baldwin-s-ohio-handbook.pdf
    • http://www.gorillawalker.com/the-visual-dictionary-of-flight-dk-eyewitness-visual-dictionaries.pdf
    • http://www.gorillawalker.com/high-intensity-ultrasonics-theory-and-industrial-applications.pdf
    • http://www.gorillawalker.com/trial-error-in-criminal-justice-reform-learning-from-failure.pdf
    • http://www.gorillawalker.com/a-fresh-map-of-life-the-emergence-of-the-third.pdf
    • http://www.gorillawalker.com/poesia-espanola-del-siglo-xix.pdf
    • http://www.gorillawalker.com/chrome-with-a-heart-forged-in-steele-alpha-male-romance.pdf
    • http://www.gorillawalker.com/from-the-ashes-conquest-volume-1.pdf
    • http://www.gorillawalker.com/i-would-have-searched-forever.pdf
    • http://www.gorillawalker.com/the-bible-cure-for-headaches.pdf
    • http://www.gorillawalker.com/mineral-impurities-in-coal-combustion-behavior-problems-remedial-measures.p
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.