Malicious PDF — malware analysis report

Static analysis result for SHA-256 cf22620be7e25b91…

MALICIOUS

PDF

42.8 KB Created: 2018-11-14 08:18:30 +03:00 Authoring application: Adobe InDesign CC (Macintosh) (via Adobe PDF Library 11.0)
MD5: ab0c4b685e36be0d19b6f6083c2e6f31 SHA-1: 69524efe24cbf2dd6fbb98fa8052b1c2925f165f SHA-256: cf22620be7e25b915dc1b51c741cad1ea735b7b4d10aba24c2f26bb12abe07ca
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious File

The PDF contains a large number of embedded external URLs, identified by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged this PDF as malicious. While no scripts were extracted, the sheer volume of links suggests a malicious intent, possibly for SEO manipulation or to distribute further malware. The document body was heavily obfuscated and unreadable.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8872

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/from-nursing-assistant-to-clinical-care-associate.pdf
    • http://www.gorillawalker.com/don-t-kill-him-the-story-of-my-life-with.pdf
    • http://www.gorillawalker.com/by-david-hanes-fax-modem-and-text-for-ip-telephony.pdf
    • http://www.gorillawalker.com/renaissance-talk-ordinary-language-and-the-mystique-of-critical-problems.pdf
    • http://www.gorillawalker.com/realms-of-the-dead-a-forgotten-realms-anthology-the-haunted.pdf
    • http://www.gorillawalker.com/free-travel-my-20-years-travel-in-taiwan-chinese-edition.pdf
    • http://www.gorillawalker.com/the-thousand-correct-actions-of-the-upright-soldier.pdf
    • http://www.gorillawalker.com/south-african-special-forces-elite.pdf
    • http://www.gorillawalker.com/niosh-health-hazard-evaluation-report-heta-2005-0290-2992-united.pdf
    • http://www.gorillawalker.com/children-in-painting.pdf
    • http://www.gorillawalker.com/the-history-of-italy-from-the-fall-of-the-western.pdf
    • http://www.gorillawalker.com/super-safari-level-2-posters-10.pdf
    • http://www.gorillawalker.com/hidden-passion-the-hidden-series-book-3.pdf
    • http://www.gorillawalker.com/the-american-salad-book-1900.pdf
    • http://www.gorillawalker.com/emily-the-strange-las-dulces-pesadillas-emily-the-strange-emily.pdf
    • http://www.gorillawalker.com/clowns-on-the-bus.pdf
    • http://www.gorillawalker.com/patate-use-of-potatoes-in-french-family-cooking-18-recipes.pdf
    • http://www.gorillawalker.com/la-traviata-act-i-scena-ed-aria-ah-fors-e.pdf
    • http://www.gorillawalker.com/bangladesh-sudoc-prex-3-10-4-b-22-2.pdf
    • http://www.gorillawalker.com/humble-the-bumblebee.pdf
    • http://www.gorillawalker.com/childbirth-without-fear-the-principles-and-practice-of-natural-childbirth.pdf
    • http://www.gorillawalker.com/kekkaishi-vol-20-kindle-edition.pdf
    • http://www.gorillawalker.com/solutions-manual.pdf
    • http://www.gorillawalker.com/the-happily-ever-after-mating-agency-presents-the-lion-s.pdf
    • http://www.gorillawalker.com/from-russia-with-love-james-bond-series.pdf
    • http://www.gorillawalker.com/gravitational-solitons-cambridge-monographs-on-mathematical-physics.pdf
    • http://www.gorillawalker.com/orange-alert-executioner.pdf
    • http://www.gorillawalker.com/job-to-malachi-sermon-outlines-new-sermon-outlines.pdf
    • http://www.gorillawalker.com/ancient-greece-the-famous-monuments-past-and-present.pdf
    • http://www.gorillawalker.com/the-politics-of-cultural-differences-social-change-and-voter-mobilization.pdf
    • http://www.gorillawalker.com/the-gentleman-bastard-series-3-book-bundle-the-lies-of.pdf
    • http://www.gorillawalker.com/twenty-count-secret-mathematical-system-of-the-aztec-maya.pdf
    • http://www.gorillawalker.com/playing-for-change-music-and-musicians-in-the-service-of.pdf
    • http://www.gorillawalker.com/judd-s-methods-in-immunohematology.pdf
    • http://www.gorillawalker.com/a-history-of-theatre-in-spain-spanish-edition.pdf
    • http://www.gorillawalker.com/once-on-this-island.pdf
    • http://www.gorillawalker.com/tom-dixon-dixonary.pdf
    • http://www.gorillawalker.com/luxembourg-bradt-travel-guide-peruvian-wildlife.pdf
    • http://www.gorillawalker.com/altered-board-book-basics-and-beyond-for-creative-scrapbooks-altered.pdf
    • http://www.gorillawalker.com/focus-groups-a-practical-guide-for-applied-research.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.