Malicious PDF — malware analysis report

Static analysis result for SHA-256 d701ad42e463997a…

MALICIOUS

PDF

46.0 KB Created: 2018-11-23 08:04:45 +03:00 Authoring application: Acrobat PDFMaker 11 for Word (via Adobe PDF Library 11.0)
MD5: 7d6c88194d3f06248ebadab97eb24fd5 SHA-1: 993da13e14d5150dca4875e82d58d008e1e59b74 SHA-256: d701ad42e463997a0faa32ad8f63bb85136e9eb113cc833da0bdacee4a425e1e
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML_NYX_PDF_MALICIOUS heuristic also flagged the document with high confidence. The embedded URLs point to a single domain, suggesting a coordinated effort to manipulate search engine results or distribute content from a central location. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8974

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/florence-art-architecture.pdf
    • http://www.gorillawalker.com/james-may-s-man-lab-the-book-of-usefulness.pdf
    • http://www.gorillawalker.com/stupid-simple-photoshop-a-noobie-s-guide-to-using-photoshop.pdf
    • http://www.gorillawalker.com/chemistry-and-therapy-of-peptic-ulcer-american-lecture-series-publication.pdf
    • http://www.gorillawalker.com/muy-bendecida-para-estar-estresada-inspiraci-n-para-superar-el.pdf
    • http://www.gorillawalker.com/the-great-theft-wrestling-islam-from-the-extremists.pdf
    • http://www.gorillawalker.com/applied-mathematical-programming.pdf
    • http://www.gorillawalker.com/guide-to-the-small-and-historic-lodgings-of-florida.pdf
    • http://www.gorillawalker.com/the-commercial-policy-of-the-moguls.pdf
    • http://www.gorillawalker.com/building-blocks-to-full-blown-advocacy-the-victors-les-composantes.pdf
    • http://www.gorillawalker.com/public-collectors.pdf
    • http://www.gorillawalker.com/body-language-learn-how-to-quickly-read-people-and-unlock.pdf
    • http://www.gorillawalker.com/compendium-of-regional-diagnosis-in-lesions-of-the-brain-and.pdf
    • http://www.gorillawalker.com/buddhist-and-protestant-korean-immigrants-religious-beliefs-and-socioeconomic-aspects.pdf
    • http://www.gorillawalker.com/the-oxford-illustrated-history-of-opera-oxford-illustrated-histories.pdf
    • http://www.gorillawalker.com/after-the-isolation-ward-40-poems-kindle-edition.pdf
    • http://www.gorillawalker.com/forbidden-forest-enchanted-castle-arthurian-spaces-in-the-harry-potter.pdf
    • http://www.gorillawalker.com/paul-mccartney-s-liverpool-oratorio-vocal-score.pdf
    • http://www.gorillawalker.com/angelina-s-silly-little-sister-angelina-ballerina.pdf
    • http://www.gorillawalker.com/hyper-narrative-interactive-cinema-problems-and-solutions-consciousness-literature-and.pdf
    • http://www.gorillawalker.com/failing-forward-abridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/fundamentos-de-fisiopatologia-spanish-edition.pdf
    • http://www.gorillawalker.com/symmetric-functions-schubert-polynomials-and-degeneracy-loci-smf-ams-texts.pdf
    • http://www.gorillawalker.com/the-record-shelf-guide-to-classical-cds-and-audiocassettes-fifth.pdf
    • http://www.gorillawalker.com/our-emotional-makeup.pdf
    • http://www.gorillawalker.com/coyote-and-the-grasshoppers-a-pomo-legend-native-american-legends.pdf
    • http://www.gorillawalker.com/economics-of-sustainable-energy-in-agriculture-economy-environment-volume-24.pdf
    • http://www.gorillawalker.com/fundamentals-of-surveying-sample-examination-third-edition.pdf
    • http://www.gorillawalker.com/epilepsy-infantile-spasms-and-developmental-encephalopathy-volume-49-international-review.pdf
    • http://www.gorillawalker.com/carnal-couples-2.pdf
    • http://www.gorillawalker.com/ho-ho-ho-from-the-ridiculous-to-the-sublime-the.pdf
    • http://www.gorillawalker.com/women-in-german-yearbook-volume-09-no-9.pdf
    • http://www.gorillawalker.com/windturbines-fundamentals-technologies-application-economics.pdf
    • http://www.gorillawalker.com/study-guide-to-accompany-principles-of-corp-finance.pdf
    • http://www.gorillawalker.com/en-kayak-entre-los-hielos-esquimales-de-alaska-nunivaks-noataks.pdf
    • http://www.gorillawalker.com/when-china-ruled-the-seas-the-treasure-fleet-of-the.pdf
    • http://www.gorillawalker.com/evolution-of-the-earth.pdf
    • http://www.gorillawalker.com/the-law-of-trusts-and-equitable-obligations.pdf
    • http://www.gorillawalker.com/student-study-guide-for-potts-mandleco-s-pediatric-nursing-caring.pdf
    • http://www.gorillawalker.com/make-your-money-last-a-lifetime.pdf
    • http://www.gorillawalker.com/the-great-theft-wrestlin
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.