Malicious PDF — malware analysis report

Static analysis result for SHA-256 d1e6a6a34491c575…

MALICIOUS

PDF

41.8 KB Created: 2018-11-30 20:02:37 +03:00 Authoring application: Adobe Acrobat Pro 11.0.18 (via Adobe PDF Library 11.0)
MD5: c8ec7448013e1abc7f26006955cc2bfd SHA-1: 76d0a201fa332a9de16e56b69de80818d2723781 SHA-256: d1e6a6a34491c575e2e9e897bcf79f8e4a57c417dcdabb6963918d9dd6b43095
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML_NYX_PDF_MALICIOUS classifier also flagged this document with high confidence. The embedded URLs point to a single domain, suggesting a coordinated effort to distribute content or manipulate search engine results. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/improving-your-soil-a-practical-guide-to-soil-management-for.pdf
    • http://www.gorillawalker.com/singularity-hypotheses.pdf
    • http://www.gorillawalker.com/national-museum-of-scotland-the-highlights.pdf
    • http://www.gorillawalker.com/organizational-justice-the-search-for-fairness-in-the-workplace-issues.pdf
    • http://www.gorillawalker.com/macdonald-s-party-labour-identities-and-crisis-1922-1931.pdf
    • http://www.gorillawalker.com/jazz-in-print-1856-1929-an-anthology-of-selected-early.pdf
    • http://www.gorillawalker.com/implementing-lean-six-sigma-in-30-days.pdf
    • http://www.gorillawalker.com/god-can-do-it-again.pdf
    • http://www.gorillawalker.com/introduction-to-electron-microscopy-second-edition.pdf
    • http://www.gorillawalker.com/half-life.pdf
    • http://www.gorillawalker.com/the-crime-writer-s-guide-to-police-practice-and-procedure.pdf
    • http://www.gorillawalker.com/the-north-carolina-continentals.pdf
    • http://www.gorillawalker.com/biology-of-the-ubiquitous-house-sparrow-from-genes-to-populations.pdf
    • http://www.gorillawalker.com/collection-analysis-for-the-school-library-media-center-a-practical.pdf
    • http://www.gorillawalker.com/mad-king-a-biography-of-ludwig-ii-of-bav.pdf
    • http://www.gorillawalker.com/rafi-and-rosi-carnival-i-can-read.pdf
    • http://www.gorillawalker.com/housing-the-workers-1850-1914-a-comparative-perspective.pdf
    • http://www.gorillawalker.com/ultimate-play-along-for-bass-level-1-book-cassette-ultimate.pdf
    • http://www.gorillawalker.com/not-the-little-sister.pdf
    • http://www.gorillawalker.com/the-dalai-lama-s-book-of-love-and-compassion.pdf
    • http://www.gorillawalker.com/yell-and-shout-cry-and-pout-a-kid-s-guide.pdf
    • http://www.gorillawalker.com/introduction-to-international-economics.pdf
    • http://www.gorillawalker.com/incubus-ballantine-reader-s-circle.pdf
    • http://www.gorillawalker.com/revision-notes-for-the-final-frcr.pdf
    • http://www.gorillawalker.com/stedman-s-ophthalmology-words-stedman-s-word-books.pdf
    • http://www.gorillawalker.com/the-beatles-essential-elements-for-band-correlated-collections-tenor-saxophone.pdf
    • http://www.gorillawalker.com/perfectly-trained-slut-wife.pdf
    • http://www.gorillawalker.com/half-a-king-shattered-sea-book-1-kindle-edition.pdf
    • http://www.gorillawalker.com/the-heart-wants-what-it-wants-selena-gomez-piano-vocal.pdf
    • http://www.gorillawalker.com/american-military-history-volume-i-the-united-states-army-and.pdf
    • http://www.gorillawalker.com/at-the-crossroads-an-article-from-soccer-digest-html-digital.pdf
    • http://www.gorillawalker.com/stewart-islanders.pdf
    • http://www.gorillawalker.com/mastering-autodesk-inventor-2015-and-autodesk-inventor-lt-2015-autodesk.pdf
    • http://www.gorillawalker.com/devotions-for-little-boys-and-girls-new-testament.pdf
    • http://www.gorillawalker.com/toward-a-more-perfect-union-writings-of-herbert-j-storing.pdf
    • http://www.gorillawalker.com/space-vengeance-a-scrapyard-ship-novel-volume-3.pdf
    • http://www.gorillawalker.com/the-right-frequency-the-story-of-the-talk-giants-who.pdf
    • http://www.gorillawalker.com/literate-lives-in-the-information-age-narratives-of-literacy-from.pdf
    • http://www.gorillawalker.com/blackbirds-miriam-black-book-1.pdf
    • http://www.gorillawalker.com/encounters-with-silence.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.