Malicious PDF — malware analysis report

Static analysis result for SHA-256 d7816b682a2e2360…

MALICIOUS

PDF

41.9 KB Created: 2018-12-14 10:24:02 +03:00 Authoring application: Acrobat PDFMaker 7.0 for Excel (via Acrobat Distiller 7.0 (Windows))
MD5: 7a70cc04428976edee59591ed1eb92f2 SHA-1: 45bbf48afb0913846ae5c284c677a7733aa94053 SHA-256: d7816b682a2e23606222b84db4649e0b2c1ae8a9004aee0399ed3ebcf8b3920f
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF was flagged by a machine learning classifier and contains a large number of embedded links to external PDF files. The heuristic 'PDF_SEO_LINK_FARM' indicates a mass external PDF link farm, with the first URL being http://www.gorillawalker.com/geology-geography-and-climate-of-north-dakota-study-students-today.pdf. This suggests a social engineering tactic to direct users to a large collection of potentially malicious or spam content. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9027

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/geology-geography-and-climate-of-north-dakota-study-students-today.pdf
    • http://www.gorillawalker.com/learn-vba-fast-vol-i-excel-function-design-course-with.pdf
    • http://www.gorillawalker.com/nuclear-electronics.pdf
    • http://www.gorillawalker.com/impressionism-in-canada-a-journey-of-rediscovery.pdf
    • http://www.gorillawalker.com/the-great-british-bake-off-big-book-of-baking.pdf
    • http://www.gorillawalker.com/moon-spotlight-victoria-vancouver-island-kindle-edition.pdf
    • http://www.gorillawalker.com/l-amour-rock-capital-of-brooklyn.pdf
    • http://www.gorillawalker.com/save-your-bones-high-calcium-low-calorie-recipes-for-the.pdf
    • http://www.gorillawalker.com/the-united-nations-and-changing-world-politics-kindle-edition.pdf
    • http://www.gorillawalker.com/the-kabbalistic-system-of-the-ari-the-hidden-meaning-symbolism.pdf
    • http://www.gorillawalker.com/there-is-a-flower-at-the-tip-of-my-nose.pdf
    • http://www.gorillawalker.com/tuscany-1235.pdf
    • http://www.gorillawalker.com/concerto-for-2-flutes-in-c-major-rv-533-keyboard.pdf
    • http://www.gorillawalker.com/2016-musky-hunter-wall-calendar.pdf
    • http://www.gorillawalker.com/intelligent-data-analysis.pdf
    • http://www.gorillawalker.com/yahweh-s-warrior-dahveed.pdf
    • http://www.gorillawalker.com/cinepoetry-imaginary-cinemas-in-french-poetry-verbal-arts-studies-in.pdf
    • http://www.gorillawalker.com/pierre-turtleback-school-library-binding-edition-the-nutshell-library.pdf
    • http://www.gorillawalker.com/real-raw-food-dessert-and-dinner-cookbook-raw-diet-cookbook.pdf
    • http://www.gorillawalker.com/a-little-irish-cookbook-little-books.pdf
    • http://www.gorillawalker.com/the-ark-the-reed-and-the-fire-cloud-the-amazing.pdf
    • http://www.gorillawalker.com/clair-de-lune-from-suite-bergamasque-piano-music.pdf
    • http://www.gorillawalker.com/healthy-immune-system-audio-cd-2009-author-belleruth-naparstek.pdf
    • http://www.gorillawalker.com/sweating-the-metal-flying-under-fire.pdf
    • http://www.gorillawalker.com/novel-unit-for-woods-runner.pdf
    • http://www.gorillawalker.com/a-murmuration-of-starlings-the-collective-nouns-of-animals-and.pdf
    • http://www.gorillawalker.com/instant-immersion-french-crash-course-instant-immersion-french-edition.pdf
    • http://www.gorillawalker.com/hiking-the-wichitas-now-you-can-find-it.pdf
    • http://www.gorillawalker.com/if-i-die-in-the-combat-zone.pdf
    • http://www.gorillawalker.com/la-compuerta-spanish-edition.pdf
    • http://www.gorillawalker.com/living-wisdom-for-every-day.pdf
    • http://www.gorillawalker.com/clear-the-clutter-find-happiness-one-minute-tips-for-decluttering.pdf
    • http://www.gorillawalker.com/hope-for-the-wife-of-the-alcoholic-a-guide-for.pdf
    • http://www.gorillawalker.com/cal-99-horse-country.pdf
    • http://www.gorillawalker.com/the-changing-range-of-light-portraits-of-the-sierra-nevada.pdf
    • http://www.gorillawalker.com/blair-and-the-emoboy-the-emoboy-series-book-1-kindle.pdf
    • http://www.gorillawalker.com/lost-boy-found-in-whole-foods.pdf
    • http://www.gorillawalker.com/guess-the-covered-word-for-first-grade.pdf
    • http://www.gorillawalker.com/drama-a-pocket-anthology-5th-edition.pdf
    • http://www.gorillawalker.com/slavery-in-mauritania-and-sudan-joint-hearing-before-the-subcommitteess.pdf
    • http://www.gorillawalker.com/save-your-bo
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.