Malicious PDF — malware analysis report

Static analysis result for SHA-256 cf47eba19a6c3d00…

MALICIOUS

PDF

33.4 KB Created: 2020-03-26 17:12:26 +03:00 Authoring application: FrameMaker 6.0 (via Acrobat Distiller 6.0.1 for Macintosh)
MD5: cc4ca257a10b38f751475f74ee1d1947 SHA-1: e84080da2ed2d0254b89f5478f7e7b773d436e86 SHA-256: cf47eba19a6c3d0009c1f5185af71336377e4172fd7cac8f9e025b7c8f02084a
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML_NYX_PDF_MALICIOUS heuristic also flagged the document as malicious. The primary attack pattern appears to be a link farm designed to manipulate search engine results or to distribute a large volume of content, potentially malicious, from a single domain. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8529

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/menopause-self-therapy.pdf
    • http://www.gorillawalker.com/no-one-is-illegal-fighting-racism-and-state-violence-on.pdf
    • http://www.gorillawalker.com/etruscan-dress.pdf
    • http://www.gorillawalker.com/the-shimmering-world-living-meditation.pdf
    • http://www.gorillawalker.com/gelato-italian-ice-creams-sorbetti-and-granite.pdf
    • http://www.gorillawalker.com/domainer-s-magazine-issue-8.pdf
    • http://www.gorillawalker.com/interpretacion-y-aplicacion-del-derecho-spanish-edition.pdf
    • http://www.gorillawalker.com/how-to-play-bass-guitar-acorn-basic-lessons.pdf
    • http://www.gorillawalker.com/the-curriculum-in-nursing-education.pdf
    • http://www.gorillawalker.com/returning-to-nothing-the-meaning-of-lost-places.pdf
    • http://www.gorillawalker.com/paul-gilbert-s-terrifying-guitar-trip.pdf
    • http://www.gorillawalker.com/como-sentimos-spanish-edition.pdf
    • http://www.gorillawalker.com/maintaining-your-trust-accounts-using-quickbooks.pdf
    • http://www.gorillawalker.com/zibo-the-last-great-zen-master-of-china.pdf
    • http://www.gorillawalker.com/tudors-and-stuarts-usborne-history-of-britain.pdf
    • http://www.gorillawalker.com/lord-kelvin-and-the-age-of-the-earth.pdf
    • http://www.gorillawalker.com/healing-traumatized-children-navigating-recovery-for-children-with-turbulent-pasts.pdf
    • http://www.gorillawalker.com/single-talk-volume-1-kindle-edition.pdf
    • http://www.gorillawalker.com/my-war-diary-a-lady-s-experience-of-the-great.pdf
    • http://www.gorillawalker.com/genealogical-evidence-a-guide-to-the-standard-of-proof-relating.pdf
    • http://www.gorillawalker.com/assessment-instruction-of-reading-and-writing-difficulties-an-interactive-approach.pdf
    • http://www.gorillawalker.com/elizabeth-r-a-photographic-celebration-of-40-years.pdf
    • http://www.gorillawalker.com/the-eye-of-all-power-vardo-book-2.pdf
    • http://www.gorillawalker.com/american-hometown-renewal.pdf
    • http://www.gorillawalker.com/colossians-philemon-jensen-bible-self-study-guide-jensen-bible-self.pdf
    • http://www.gorillawalker.com/i-capuleti-e-i-montecchi-act-i-duetto-soprano-mezzo.pdf
    • http://www.gorillawalker.com/i-love-you-rituals-by-becky-bailey-nov-16-2000.pdf
    • http://www.gorillawalker.com/asking-around-background-to-the-david-hare-trilogy.pdf
    • http://www.gorillawalker.com/the-little-book-of-quitting-cannabis-freedom-from-marijuana-kindle.pdf
    • http://www.gorillawalker.com/owl-elephant-other-side-mntn-96.pdf
    • http://www.gorillawalker.com/the-spook-who-sat-by-the-door-african-american-life.pdf
    • http://www.gorillawalker.com/the-neuropsychology-of-asian-americans.pdf
    • http://www.gorillawalker.com/hitchhiker-s-guide-to-the-galaxy-the-filming-of-the.pdf
    • http://www.gorillawalker.com/island-the-whole-management-and-results-evaluation-that-cure-engineering.pdf
    • http://www.gorillawalker.com/analytical-chemistry-of-beryllium-academy-of-sciences-of-the-ussr.pdf
    • http://www.gorillawalker.com/dental-crown-and-bridges-design-and-preparation.pdf
    • http://www.gorillawalker.com/sounds-of-celebration-vol-2-solos-with-ensemble-arrangements-for.pdf
    • http://www.gorillawalker.com/dessert-bible.pdf
    • http://www.gorillawalker.com/confidential-diary-14-1962-romance-comic.pdf
    • http://www.gorillawalker.com/the-lost-diary-of-count-von-cosel.pdf
    • http://www.gorillawalker.com/lord-kelvin-and-t
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.