Malicious PDF — malware analysis report

Static analysis result for SHA-256 d76075ecbc813237…

MALICIOUS

PDF

43.0 KB Created: 2018-12-02 10:57:01 +03:00 Authoring application: - (via Foxit Phantom Printer Version 3.0.3.0804)
MD5: 0f8ac2b1c88c26fc1c9b498ea3817958 SHA-1: 6cf6660cb89015e1669f2dedf6a822fa0f0b2030 SHA-256: d76075ecbc813237484064d06eca0ab1c8db5f5c5736c0eac54b9b51ed599cbe
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF file was flagged by a machine learning classifier as malicious and contains a large number of embedded links to external PDFs. The heuristic 'PDF_SEO_LINK_FARM' indicates that the document is designed to host a mass of external links, likely as a SEO poisoning or redirection tactic. The embedded URLs are the primary indicators of compromise, suggesting a phishing or drive-by download attempt.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/coatings-tribology-volume-56-second-edition-properties-mechanisms-techniques-and.pdf
    • http://www.gorillawalker.com/primeras-lecciones-violin-book-cd.pdf
    • http://www.gorillawalker.com/latin-america-in-caricature-texas-pan-american-series.pdf
    • http://www.gorillawalker.com/insect-symbiosis-volume-3-contemporary-topics-in-entomology.pdf
    • http://www.gorillawalker.com/homeric-greek-a-book-for-beginners.pdf
    • http://www.gorillawalker.com/discussions-on-philosophy-and-literature-education-and-university-reform-from.pdf
    • http://www.gorillawalker.com/ireland-s-lost-birds.pdf
    • http://www.gorillawalker.com/the-electric-connection-its-effects-on-mind-and-body.pdf
    • http://www.gorillawalker.com/eco-and-renewable-energy-materials.pdf
    • http://www.gorillawalker.com/water-music-and-music-for-the-royal-fireworks-in-full.pdf
    • http://www.gorillawalker.com/h-g-wells-traversing-time-early-classics-of-science-fiction.pdf
    • http://www.gorillawalker.com/making-knowledge-work-the-arrival-of-web-2-0.pdf
    • http://www.gorillawalker.com/fodor-s-citypack-rome-3rd-edition-citypacks.pdf
    • http://www.gorillawalker.com/civilization-taxation-and-representation-or-man-s-social-position-fiscal.pdf
    • http://www.gorillawalker.com/rising-from-the-darkness-lustful-possession-book-4.pdf
    • http://www.gorillawalker.com/crack-in-america-demon-drugs-and-social-justice.pdf
    • http://www.gorillawalker.com/american-military-training-aircraft-fixed-and-rotary-wing-trainers-since.pdf
    • http://www.gorillawalker.com/chapter-16-pediatric-bone-histomorphometry-kindle-edition.pdf
    • http://www.gorillawalker.com/futa-teacher-surprise-queen-of-the-futa-academy-3-futa.pdf
    • http://www.gorillawalker.com/butterflies-of-australia-their-identification-biology-and-distribution.pdf
    • http://www.gorillawalker.com/gigantic-straight-golf-technique-kindle-edition.pdf
    • http://www.gorillawalker.com/flowering-plants-encyclopedia-of-psychoactive-drugs.pdf
    • http://www.gorillawalker.com/2016-metropolitan-maps-wall-calendar.pdf
    • http://www.gorillawalker.com/blood-in-our-boots.pdf
    • http://www.gorillawalker.com/al-jazeera-how-the-free-arab-news-network-scooped-the.pdf
    • http://www.gorillawalker.com/peru-its-story-people-and-religion.pdf
    • http://www.gorillawalker.com/the-art-of-adding-and-the-art-of-taking-away.pdf
    • http://www.gorillawalker.com/the-baby-s-dance-sheet-music-ssa.pdf
    • http://www.gorillawalker.com/essentials-of-accounting-for-governmental-and-not-for-profit-organizations.pdf
    • http://www.gorillawalker.com/sudoku-masterpieces-elegant-challenges-for-sudoku-lovers.pdf
    • http://www.gorillawalker.com/ep-2-the-rings-of-haven-the-frontiers-saga-kindle.pdf
    • http://www.gorillawalker.com/ancient-china-and-the-yue-perceptions-and-identities-on-the.pdf
    • http://www.gorillawalker.com/south-west-france-the-wines-and-winemakers.pdf
    • http://www.gorillawalker.com/alive-applied-virtuality-book-series.pdf
    • http://www.gorillawalker.com/how-i-made-my-first-million-26-self-made-millionaires.pdf
    • http://www.gorillawalker.com/and-party-every-day-the-inside-story-of-casablanca-records.pdf
    • http://www.gorillawalker.com/general-ultrasound-in-the-critically-ill.pdf
    • http://www.gorillawalker.com/canada-suil-mun-cuairt-scots-gaelic-edition.pdf
    • http://www.gorillawalker.com/traffic-device-maintainer-passbooks-career-examination-series-c-813.pdf
    • http://www.gorillawalker.com/66-festive-and-famous-chorales-for-band-1st-e-flat.pdf
    • http://www.gorillawalker.com/
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.