Malicious PDF — malware analysis report

Static analysis result for SHA-256 d8211299e2acb2b1…

MALICIOUS

PDF

32.9 KB Created: 2020-02-12 00:21:47 +03:00 Authoring application: Writer (via OpenOffice.org 2.0)
MD5: 81e43a93e09431cd4573ee553398d4af SHA-1: dfa800789b97168790f2e5a9cd8d50844e67fdf9 SHA-256: d8211299e2acb2b12b55ffc81a1c5c414260404e7f9624620c212e670fb0e8dd
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded URLs pointing to various PDF files on the same domain, as indicated by the PDF_SEO_LINK_FARM heuristic. This suggests a link farm or SEO manipulation tactic. The ML_NYX_PDF_MALICIOUS heuristic also flagged the document as malicious. No scripts were extracted from this sample, and the document body was heavily obfuscated and truncated, preventing a deeper analysis of its specific intent beyond the link farm.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8529

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/airbrushing-basics.pdf
    • http://www.gorillawalker.com/better-homes-and-gardens-365-vegetarian-meals.pdf
    • http://www.gorillawalker.com/mastering-autodesk-revit-architecture-2011.pdf
    • http://www.gorillawalker.com/urban-ecology-an-international-perspective-on-the-interaction-between-humans.pdf
    • http://www.gorillawalker.com/eliza-visits-martha-s-vineyard.pdf
    • http://www.gorillawalker.com/the-elements-of-expression-putting-thoughts-into-words-revised-and.pdf
    • http://www.gorillawalker.com/the-anytime-bible.pdf
    • http://www.gorillawalker.com/global-pseudo-differential-calculus-on-euclidean-spaces-pseudo-differential-operators.pdf
    • http://www.gorillawalker.com/code-of-federal-regulations-title-12-parts-600-899-bank.pdf
    • http://www.gorillawalker.com/psychiatric-medication-issues-for-social-workers-counselors-and-psychologists.pdf
    • http://www.gorillawalker.com/simple-and-easy-japanese-cooking.pdf
    • http://www.gorillawalker.com/my-kind-of-crazy-living-in-a-bipolar-world-kindle.pdf
    • http://www.gorillawalker.com/how-to-get-a-job-on-cruise-ships-its-easy.pdf
    • http://www.gorillawalker.com/the-perfect-formula-diet-how-to-lose-weight-and-get.pdf
    • http://www.gorillawalker.com/endangered-species-korean-edition.pdf
    • http://www.gorillawalker.com/myth-religion-and-society.pdf
    • http://www.gorillawalker.com/fossils-a-guide-to-prehistoric-life.pdf
    • http://www.gorillawalker.com/concepts-of-disability-income-insurance-kindle-edition.pdf
    • http://www.gorillawalker.com/from-the-last-supper-through-the-resurrection-the-saviors-final.pdf
    • http://www.gorillawalker.com/what-a-catch-northwest-territories-pike-wolf-of-the-north.pdf
    • http://www.gorillawalker.com/habits-of-sin.pdf
    • http://www.gorillawalker.com/50-rules-kids-won-t-learn-in-school-real-world.pdf
    • http://www.gorillawalker.com/cal-98-it-s-the-life-in-hell-13-month.pdf
    • http://www.gorillawalker.com/critical-aesthetics-and-postmodernism.pdf
    • http://www.gorillawalker.com/asymmetric-sailing.pdf
    • http://www.gorillawalker.com/chemical-tank-lines-inc-v-holstine-edward-u-s-supreme.pdf
    • http://www.gorillawalker.com/technical-manual-test-set-aviator-s-night-vision-imaging-system.pdf
    • http://www.gorillawalker.com/cuentos-latinoamericanos-spanish-edition.pdf
    • http://www.gorillawalker.com/effective-home-birth-preparation-self-hypnosis.pdf
    • http://www.gorillawalker.com/the-river-bank-and-other-stories-from-the-wind-in.pdf
    • http://www.gorillawalker.com/microprocessor-architecture-programming-and-applications-with-the-8085-5th-edition.pdf
    • http://www.gorillawalker.com/a-hacker-never-has-a-bad-lie-true-golf-stories.pdf
    • http://www.gorillawalker.com/poolside-sudoku.pdf
    • http://www.gorillawalker.com/encyclopedia-of-freemasonry-m-z.pdf
    • http://www.gorillawalker.com/football-traumatology-new-trends.pdf
    • http://www.gorillawalker.com/the-play-s-the-thing-strategic-creativity-series.pdf
    • http://www.gorillawalker.com/african-swine-fever-virus-virology-monographs.pdf
    • http://www.gorillawalker.com/golden-filly-collection-1.pdf
    • http://www.gorillawalker.com/alquimia-fria-dry-martini-historias-leyendas-y-recetas-originales-spanish.pdf
    • http://www.gorillawalker.com/physiology-an-illustrated-review-thieme-s-illustrated-review-series.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.