Malicious PDF — malware analysis report

Static analysis result for SHA-256 dad16ce549bedf7c…

MALICIOUS

PDF

43.2 KB Created: 2018-12-02 20:18:02 +03:00 Authoring application: UnknownApplication (via XEP 4.4 build 20050610)
MD5: 4128ccb420a619eac0287848de699c1f SHA-1: be6dfc15c813a95493ed754987a4cca2cac2aaba SHA-256: dad16ce549bedf7c2545b6c8b31e47dff56bedac6d8aba89650a4f100db73e1f
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF file was flagged by a machine learning classifier and contains a large number of embedded links to external PDF documents. This suggests a link farm or SEO poisoning tactic, aiming to drive traffic to a specific domain. No scripts were extracted, and the document body primarily consists of obfuscated content and URLs.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9016

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/narrativ-enigma-rumours-uv-hurricane.pdf
    • http://www.gorillawalker.com/dead-end-gene-pool-a-memoir.pdf
    • http://www.gorillawalker.com/romantic-sociability-social-networks-and-literary-culture-in-britain-1770.pdf
    • http://www.gorillawalker.com/history-of-the-twelfth-massachusetts-volunteers-webster-regiment.pdf
    • http://www.gorillawalker.com/wild-strawberries-and-cream.pdf
    • http://www.gorillawalker.com/an-introduction-to-modern-analysis.pdf
    • http://www.gorillawalker.com/artificial-intelligence-in-the-21st-century-computer-science.pdf
    • http://www.gorillawalker.com/calculus-and-analytic-geometry-part-one.pdf
    • http://www.gorillawalker.com/illustrated-guide-to-the-1999-national-electrical-code.pdf
    • http://www.gorillawalker.com/a-moment-s-ornament-the-poetics-of-nympholepsy-in-ancient.pdf
    • http://www.gorillawalker.com/international-law-in-archaic-rome-war-and-religion-ancient-society.pdf
    • http://www.gorillawalker.com/northern-lights-partners-onstage-and-off-bridgett-zehr-and-zdenek.pdf
    • http://www.gorillawalker.com/all-the-president-s-men-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/the-web-at-dragonfly-pond.pdf
    • http://www.gorillawalker.com/meeting-physical-and-health-needs-of-children-with-disabilities-teaching.pdf
    • http://www.gorillawalker.com/i-have-lived-a-thousand-years-growing-up-in-the.pdf
    • http://www.gorillawalker.com/literature-and-the-writing-process-backpack-edition-myliteraturelab.pdf
    • http://www.gorillawalker.com/a-cephalometric-evaluation-of-craniofacial-landmarks-and-their-relationship-to.pdf
    • http://www.gorillawalker.com/puppetry-1940-an-international-yearbook-of-puppets-and-marionettes-vol.pdf
    • http://www.gorillawalker.com/math-025-algebra-trigonometry-with-analytic-geometry-indiana-university.pdf
    • http://www.gorillawalker.com/the-big-sky.pdf
    • http://www.gorillawalker.com/piano-exam-pieces-2015-2016-grade-7-selected-from-the.pdf
    • http://www.gorillawalker.com/lion-stew-humorous-children-s-poems.pdf
    • http://www.gorillawalker.com/tell-me-about-god-simple-studies-in-the-doctrine-of.pdf
    • http://www.gorillawalker.com/beyond-medicaid-an-article-from-pediatric-news-html-digital.pdf
    • http://www.gorillawalker.com/louis-aragon-essai-de-bibliographie-i-oeuvres-tome-1-1918.pdf
    • http://www.gorillawalker.com/gravity-the-taking-kindle-edition.pdf
    • http://www.gorillawalker.com/the-flavour-of-scotland.pdf
    • http://www.gorillawalker.com/art-nouveau-second-series-dover-pictura-electronic-clip-art.pdf
    • http://www.gorillawalker.com/understanding-german-real-estate-markets-management-for-professionals.pdf
    • http://www.gorillawalker.com/hr-giger-by-taschen-portfolio.pdf
    • http://www.gorillawalker.com/how-does-earth-work-physical-geology-and-the-process-of.pdf
    • http://www.gorillawalker.com/forgiveness-and-mercy-cambridge-studies-in-philosophy-and-law.pdf
    • http://www.gorillawalker.com/talks-with-great-composers.pdf
    • http://www.gorillawalker.com/make-your-paycheck-last.pdf
    • http://www.gorillawalker.com/a-baker-s-recipe-keeper-an-organizer-for-your-favorite.pdf
    • http://www.gorillawalker.com/controlling-chronic-pain.pdf
    • http://www.gorillawalker.com/introduction-to-biological-scanning-electron-microscopy.pdf
    • http://www.gorillawalker.com/adhesion-aspects-of-polymeric-coatings-vol-2.pdf
    • http://www.gorillawalker.com/wrestling-with-destiny-the-promise-of-psychoanalysis.pdf
    • http://www.gorillawalker.com/a-moment-s-ornament-the-
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.