Malicious PDF — malware analysis report

Static analysis result for SHA-256 da45f217100157ab…

MALICIOUS

PDF

43.9 KB Created: 2018-12-15 08:11:21 +03:00 Authoring application: Adobe Acrobat 8.3 Combine Files (via Adobe Acrobat 8.31 Paper Capture Plug-in)
MD5: c41c487840701d7b481d535675d80f35 SHA-1: c06f926e73ab9cbdc2a0c1cff26a601f144919c8 SHA-256: da45f217100157ab084a94198baf92936030ad61cecc4d50db88f219fdaab085
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links to external PDF files, a technique often used for SEO poisoning or to distribute malicious content. The ML classifier also flagged this PDF as malicious. The document body was heavily obfuscated and unreadable, preventing a more detailed analysis of its specific lure.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9171

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/first-time-with-a-babysitter-first-experiences.pdf
    • http://www.gorillawalker.com/13th-united-nations-regional-cartographic-conference-for-asia-and-the.pdf
    • http://www.gorillawalker.com/racing-the-antelope-what-animals-can-teach-us-about-running.pdf
    • http://www.gorillawalker.com/the-banjo-s-back-in-town-sa-t-b.pdf
    • http://www.gorillawalker.com/pope-awesome-and-other-stories.pdf
    • http://www.gorillawalker.com/success-in-science-key-stage-2-national-tests-bk-1.pdf
    • http://www.gorillawalker.com/madrid-y-alrededores-michelin-zoom-maps.pdf
    • http://www.gorillawalker.com/typography-and-architecture-amsterdam-in-letters-hardcover.pdf
    • http://www.gorillawalker.com/holiness-is-always-in-season.pdf
    • http://www.gorillawalker.com/i-call-myself-a-feminist-the-view-from-twenty-five.pdf
    • http://www.gorillawalker.com/prisoner-of-zion-muslims-mormons-and-other-misadventures.pdf
    • http://www.gorillawalker.com/finding-walter.pdf
    • http://www.gorillawalker.com/effects-of-increased-loudness-on-tongue-movements-during-speech-in.pdf
    • http://www.gorillawalker.com/aromatherapy-basic-mechanisms-and-evidence-based-clinical-use-clinical-pharmacognosy.pdf
    • http://www.gorillawalker.com/gooseberry-patch-christmas.pdf
    • http://www.gorillawalker.com/pocket-guides-aircraft.pdf
    • http://www.gorillawalker.com/vocabulary-flash-cards-for-the-new-naturalization-test-2009.pdf
    • http://www.gorillawalker.com/hand-reef-and-steer.pdf
    • http://www.gorillawalker.com/insurance-law-2007-top-lawyers-on-trends-and-key-strategies.pdf
    • http://www.gorillawalker.com/low-carb-slow-cooker-recipes-better-homes-gardens.pdf
    • http://www.gorillawalker.com/como-aplicar-gimnasia-para-el-cerebro-tecnicas-de-autoayuda-para.pdf
    • http://www.gorillawalker.com/pischna-technical-studies-alfred-masterwork-edition.pdf
    • http://www.gorillawalker.com/how-lawyers-screw-their-clients-and-what-you-can-do.pdf
    • http://www.gorillawalker.com/como-conejos-like-rabbits-spanish-edition.pdf
    • http://www.gorillawalker.com/choppers-horsepower.pdf
    • http://www.gorillawalker.com/the-vessel-of-scion.pdf
    • http://www.gorillawalker.com/project-girl.pdf
    • http://www.gorillawalker.com/shape-your-butt-and-thighs-weight-loss-body-sculpting-exercises.pdf
    • http://www.gorillawalker.com/100-000-miles-around-sweden.pdf
    • http://www.gorillawalker.com/polish-phrase-book-berlitz-phrase-books-paperback.pdf
    • http://www.gorillawalker.com/right-recovery-for-you.pdf
    • http://www.gorillawalker.com/refugees-and-gender-law-and-process.pdf
    • http://www.gorillawalker.com/the-art-of-living-vipassana-meditation-as-taught-by-s.pdf
    • http://www.gorillawalker.com/quantification-illustrations-from-the-creator-of-secrets-in-plain-sight.pdf
    • http://www.gorillawalker.com/acting-in-prime-time.pdf
    • http://www.gorillawalker.com/fibromyalgia-stop-a-comprehensive-guide-on-fibromyalgia-causes-symptoms-treatments.pdf
    • http://www.gorillawalker.com/the-gospel-of-winter.pdf
    • http://www.gorillawalker.com/varney-s-midwifery.pdf
    • http://www.gorillawalker.com/flatbreads-flavors-a-baker-s-atlas.pdf
    • http://www.gorillawalker.com/fixing-frege-princeton-monographs-in-philosophy.pdf
    • http://www.gorillawalker.com/
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.