Malicious PDF — malware analysis report

Static analysis result for SHA-256 d0914173c3e3a531…

MALICIOUS

PDF

43.2 KB Created: 2018-12-07 18:29:11 +03:00 Authoring application: Acrobat PDFMaker 15 for Word (via Adobe PDF Library 15.0)
MD5: 8ee792063c3e1e2aa367bd1678688773 SHA-1: 190da71be9ac2d1c81412a5f400517ce05f93889 SHA-256: d0914173c3e3a531a2ecd56850d5993c1e77a5ba9bd8cac447cafa0e994b5933
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged the document as malicious. The document body itself is heavily obfuscated and does not provide clear user-facing text, but the presence of numerous links suggests a lure to external content. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9171

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/ecocities-building-cities-in-balance-with-nature.pdf
    • http://www.gorillawalker.com/despatches-from-damascus-gilbert-mackereth-and-british-policy-in-the.pdf
    • http://www.gorillawalker.com/eco-exergy-as-sustainability-the-sustainable-world.pdf
    • http://www.gorillawalker.com/high-school-math-2011-algebra-1-student-edition.pdf
    • http://www.gorillawalker.com/inventing-custer-the-making-of-an-american-legend-the-american.pdf
    • http://www.gorillawalker.com/bridge-engineering-2-volumes.pdf
    • http://www.gorillawalker.com/landranger-maps-plymouth-and-launceston-area-sheet-201-os-landranger.pdf
    • http://www.gorillawalker.com/teor-a-y-realidad-de-la-semana-santa-spanish-edition.pdf
    • http://www.gorillawalker.com/valuing-children-in-litigation-family-and-individual-loss-assessment-kindle.pdf
    • http://www.gorillawalker.com/iran-country-study-guide-world-country-study-guide.pdf
    • http://www.gorillawalker.com/the-daily-book-of-classical-music-365-readings-that-teach.pdf
    • http://www.gorillawalker.com/forex-trading-secrets-little-dirty-secrets-and-unknown-but-crazy.pdf
    • http://www.gorillawalker.com/mountain-music-mallorca.pdf
    • http://www.gorillawalker.com/no-stranger-to-hard-rimes-three-studies-of-women-in.pdf
    • http://www.gorillawalker.com/dreams-and-shadows-the-future-of-the-middle-east.pdf
    • http://www.gorillawalker.com/flavors-of-the-chokolate-morel-an-edible-education.pdf
    • http://www.gorillawalker.com/caroline-of-litchfield-chawton-house-library-womens-novels.pdf
    • http://www.gorillawalker.com/a29-1-how-electric-motors-work-video.pdf
    • http://www.gorillawalker.com/after-words-suicide-and-authorship-in-twentieth-century-italy-toronto.pdf
    • http://www.gorillawalker.com/the-blurred-man-the-prometheus-saga-kindle-edition.pdf
    • http://www.gorillawalker.com/math-grade-6-lifepac.pdf
    • http://www.gorillawalker.com/lonely-planet-istanbul-lonely-planet-city-maps.pdf
    • http://www.gorillawalker.com/practical-woodcarving-and-gilding.pdf
    • http://www.gorillawalker.com/venganza-perfect-pequenas-mentirosas-pretty-little-liars-spanish-edition.pdf
    • http://www.gorillawalker.com/atsdr-s-toxicological-profiles-on-cd-rom-version-3-1.pdf
    • http://www.gorillawalker.com/rigby-on-our-way-to-english-bookroom-package-grade-3.pdf
    • http://www.gorillawalker.com/model-railway-design-manual.pdf
    • http://www.gorillawalker.com/kittery-william-billings-satb-sheet-music.pdf
    • http://www.gorillawalker.com/philosophy-of-religion-selected-readings.pdf
    • http://www.gorillawalker.com/urbanization-without-cities-the-rise-and-decline-of-citizenship.pdf
    • http://www.gorillawalker.com/freedom-not-to-speak.pdf
    • http://www.gorillawalker.com/speeches-soliloquies-and-songs-from-the-plays.pdf
    • http://www.gorillawalker.com/analytic-support-to-intelligence-in-counterinsurgencies.pdf
    • http://www.gorillawalker.com/mineral-processing-technology-an-introduction-to-the-practical-aspects-of.pdf
    • http://www.gorillawalker.com/down-in-the-depths-ice-angels-volume-1.pdf
    • http://www.gorillawalker.com/metal-gear-solid-omnibus.pdf
    • http://www.gorillawalker.com/the-johnson-county-murders-the-true-story-of-an-indiana.pdf
    • http://www.gorillawalker.com/ediscovery-introduction-to-digital-evidence-book-only.pdf
    • http://www.gorillawalker.com/meow-said-the-cow.pdf
    • http://www.gorillawalker.com/colorado-melodies-three-modern-couples-seek-love-that-will-endure.pdf
    • http://www.gorillawalker.com/landranger-maps-plymout
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.