Malicious PDF — malware analysis report

Static analysis result for SHA-256 d93cb013eb4a1ff1…

MALICIOUS

PDF

40.4 KB Created: 2019-03-30 22:25:24 +03:00 Authoring application: FrameMaker 10.0.2 (via Acrobat Distiller 10.1.15 (Windows))
MD5: 0b8848017b0073d1888ff29d36e4912a SHA-1: a6a3c67882da3e6ec642a203c6f1ecb4cd9fbeb0 SHA-256: d93cb013eb4a1ff196d2808093e5ee3b95fa387df60fe97925c94618ec80272d
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged this PDF as malicious with a high probability. The document body is heavily obfuscated and does not provide clear textual lures, but the sheer volume of links suggests a malicious intent, possibly for SEO manipulation or to distribute further malware. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/healer-the-jerry-wills-story.pdf
    • http://www.gorillawalker.com/plague-land-a-novel.pdf
    • http://www.gorillawalker.com/ballpark-the-story-of-america-s-baseball-fields.pdf
    • http://www.gorillawalker.com/almanac-of-business-industrial-financial-ratios-2012-almanac-of-business.pdf
    • http://www.gorillawalker.com/the-beauty-con-game.pdf
    • http://www.gorillawalker.com/3-string-quartets-quartet-no-3-pastorale-for-orchestra-oboe.pdf
    • http://www.gorillawalker.com/mona-lisa-eyes-danny-logan-mystery-4-kindle-edition.pdf
    • http://www.gorillawalker.com/i-can-t-believe-you-said-that-classroom-ideas-for.pdf
    • http://www.gorillawalker.com/violet-lightning.pdf
    • http://www.gorillawalker.com/rockin-root-words-book-2-grades-6-8.pdf
    • http://www.gorillawalker.com/the-reaper.pdf
    • http://www.gorillawalker.com/baja-explorer.pdf
    • http://www.gorillawalker.com/robert-s-rules-of-order-in-brief-the-simple-outline.pdf
    • http://www.gorillawalker.com/ethics-and-leadership-putting-theory-into-practice.pdf
    • http://www.gorillawalker.com/my-sister-s-grave-by-robert-dugoni-summary-analysis-kindle.pdf
    • http://www.gorillawalker.com/just-thoughts.pdf
    • http://www.gorillawalker.com/brazil-the-united-states-and-the-monroe-doctrine-article-published.pdf
    • http://www.gorillawalker.com/war-and-faith-in-sudan-book-review-an-article-from.pdf
    • http://www.gorillawalker.com/ed-s-wife-and-other-creatures.pdf
    • http://www.gorillawalker.com/reverse-engineering-mechanisms-structures-systems-materials.pdf
    • http://www.gorillawalker.com/the-taoist-canon-a-historical-companion-to-the-daozang.pdf
    • http://www.gorillawalker.com/rwanda-fast-forward-social-economic-military-and-reconciliation-prospects.pdf
    • http://www.gorillawalker.com/storm-in-the-mountains-turning-creek-2-volume-1.pdf
    • http://www.gorillawalker.com/a-tale-of-highly-unusual-magic.pdf
    • http://www.gorillawalker.com/metal-mediated-template-synthesis-of-ligands.pdf
    • http://www.gorillawalker.com/belle-boyd-confederate-spy.pdf
    • http://www.gorillawalker.com/the-complete-italian-vegetarian-cookbook-350-essential-recipes-for-inspired.pdf
    • http://www.gorillawalker.com/supersymmetry-and-equivariant-de-rham-theory.pdf
    • http://www.gorillawalker.com/administrative-costs-claimed-under-part-a-of-the-health-insurance.pdf
    • http://www.gorillawalker.com/examination-of-the-council-of-trent-part-iv.pdf
    • http://www.gorillawalker.com/whales-passing.pdf
    • http://www.gorillawalker.com/adaptive-filter-theory-5th-edition.pdf
    • http://www.gorillawalker.com/the-american-heritage-abbreviations-dictionary-second-edition.pdf
    • http://www.gorillawalker.com/die-prinse-en-die-skat-afrikaans-edition.pdf
    • http://www.gorillawalker.com/fall-of-che-guevara.pdf
    • http://www.gorillawalker.com/admiral-o-the-high-seas-the-naval-combat-supplement-for.pdf
    • http://www.gorillawalker.com/plasmid-biopharmaceuticals-basics-applications-and-manufacturing.pdf
    • http://www.gorillawalker.com/el-estofado-del-lobo-buenas-noches-prebound-spanish-edition.pdf
    • http://www.gorillawalker.com/the-conquest-of-the-aztec-empire-kindle-edition.pdf
    • http://www.gorillawalker.com/genral-virology-3rd-third-edition.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.