Malicious PDF — malware analysis report

Static analysis result for SHA-256 da42812998aad938…

MALICIOUS

PDF

45.2 KB Created: 2018-12-15 20:01:34 +03:00 Authoring application: Writer (via LibreOffice 4.2)
MD5: 022a0c351a9cdb33b0ee003a1ab728ac SHA-1: aab4252afeac38d979051e2e21c6863d8e6e6c37 SHA-256: da42812998aad938efeb446bea7e0c9d74004df62cf4e8b80d092b1d995e6ffd
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious File

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged this PDF as malicious with a high score. The document body is heavily obfuscated and does not provide clear textual lures, but the sheer volume of links suggests a malicious intent, possibly for SEO manipulation or to distribute further malware. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8974

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/race-women-and-revolution-black-female-militancy-and-the-praxis.pdf
    • http://www.gorillawalker.com/foot-ankle-manual.pdf
    • http://www.gorillawalker.com/gunks-guide-regional-rock-climbing-series-paperback-2004-author-todd.pdf
    • http://www.gorillawalker.com/the-magnificent-lizzie-brown-and-the-ghost-ship.pdf
    • http://www.gorillawalker.com/great-shipwrecks-and-castaways-authentic-accounts-of-disasters-at-sea.pdf
    • http://www.gorillawalker.com/the-romaunt-of-the-rose-variorum-chaucer-series.pdf
    • http://www.gorillawalker.com/saint-brendan-and-the-voyage-before-columbus.pdf
    • http://www.gorillawalker.com/elf-saga-doomsday-part-4-trials-of-the-kitsune.pdf
    • http://www.gorillawalker.com/anarchism-and-workers-self-management-in-revolutionary-spain.pdf
    • http://www.gorillawalker.com/white-water-kayaking-the-new-school-of-modern-white-water.pdf
    • http://www.gorillawalker.com/reflections-of-his-grace-experiencing-god-s-undeserved-favor.pdf
    • http://www.gorillawalker.com/ma-vie-mes-r-ves-et-lui-4-french-edition.pdf
    • http://www.gorillawalker.com/around-the-world-cooky-book.pdf
    • http://www.gorillawalker.com/the-chimp-paradox-the-mind-management-program-to-help-you.pdf
    • http://www.gorillawalker.com/osteoporosis-ii.pdf
    • http://www.gorillawalker.com/who-is-casey-anthony-understanding-the-motherly-motivation-to-murder.pdf
    • http://www.gorillawalker.com/a-child-s-history-of-england.pdf
    • http://www.gorillawalker.com/good-morning-brew-a-parody-for-coffee-people.pdf
    • http://www.gorillawalker.com/the-country-mouse-a-cookbook-for-cheese-lovers-quail-ridge.pdf
    • http://www.gorillawalker.com/lyndon-b-johnson-thirty-sixth-president-1963-1969-getting-to.pdf
    • http://www.gorillawalker.com/advanced-dynamics-of-mechanical-systems.pdf
    • http://www.gorillawalker.com/40-questions-about-christians-and-biblical-law-40-questions-answers.pdf
    • http://www.gorillawalker.com/treatise-or-a-catechism-written-on-natural-and-voluntary-society.pdf
    • http://www.gorillawalker.com/depression-in-the-church-is-it-spiritual-or-is-it.pdf
    • http://www.gorillawalker.com/relentless-thirty-years-of-sepultura.pdf
    • http://www.gorillawalker.com/jordan-journal-history-of-the-george-and-arthur-jordan-families.pdf
    • http://www.gorillawalker.com/the-education-of-brother-thaddius-and-other-tales-of-demonwars.pdf
    • http://www.gorillawalker.com/street-graphics-egypt.pdf
    • http://www.gorillawalker.com/little-golden-books-2016-wall-calendar.pdf
    • http://www.gorillawalker.com/the-drama-of-the-scharnhorst-wordsworth-military-library.pdf
    • http://www.gorillawalker.com/being-dead-is-no-excuse-the-official-southern-ladies-guide.pdf
    • http://www.gorillawalker.com/smart-power-climate-change-the-smart-grid-and-the-future.pdf
    • http://www.gorillawalker.com/das-vespa-schrauberhandbuch-reparieren-und-optimieren-leicht-gemacht-smallframe-modelle.pdf
    • http://www.gorillawalker.com/clover-fields-a-second-chance.pdf
    • http://www.gorillawalker.com/newton-s-telecom-dictionary-the-official-dictionary-of-telecommunications-computer.pdf
    • http://www.gorillawalker.com/myths-of-harmony-race-and-republicanism-during-the-age-of.pdf
    • http://www.gorillawalker.com/southern-living-vegetables-cookbook1975.pdf
    • http://www.gorillawalker.com/the-new-york-book-highlights-of-a-fascinating-city.pdf
    • http://www.gorillawalker.com/milan-extra-falk-plan-italian-edition.pdf
    • http://www.gorillawalker.com/fatale-book-1-death-chases-me.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.