Malicious PDF — malware analysis report

Static analysis result for SHA-256 daf1a325891e8dfe…

MALICIOUS

PDF

41.8 KB Created: 2018-11-30 20:56:48 +03:00 Authoring application: Acrobat PDFMaker 5.0 for Word (via Acrobat Distiller 5.0.5 (Windows))
MD5: 6e32e476659c2b60db2588b695f7e6c2 SHA-1: c66a318f1cfe8ab0ec814f3291aa5b9aae801832 SHA-256: daf1a325891e8dfe8ab2ddf268b0251628fa47461e162e7bc3ecc2937d65b5b9
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded URLs pointing to other PDF files on the same domain, as indicated by the PDF_SEO_LINK_FARM heuristic. This suggests a tactic to manipulate search engine results or to serve as a distribution point for multiple malicious documents. The ML_NYX_PDF_MALICIOUS heuristic further supports the malicious nature of the file. No scripts were extracted, and the document body was unreadable, limiting further analysis of specific user-facing lures.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/just-for-now-escape-to-new-zealand-book-3-kindle.pdf
    • http://www.gorillawalker.com/mining-for-heavenly-gold-on-earth-how-to-center-yourself.pdf
    • http://www.gorillawalker.com/diet-health-fitness-dieting-natural-foods-budget-healthy-snacks-collection.pdf
    • http://www.gorillawalker.com/dependent-origination-kindle-edition.pdf
    • http://www.gorillawalker.com/hawaii-the-pacific-state-the-pacific-state.pdf
    • http://www.gorillawalker.com/south-africa-chic-2ed-chic-collection.pdf
    • http://www.gorillawalker.com/school-sucks.pdf
    • http://www.gorillawalker.com/they-dream-not-of-angels-but-of-men-homoeroticism-gender.pdf
    • http://www.gorillawalker.com/cases-in-management-science-business-statistics.pdf
    • http://www.gorillawalker.com/trade-promotion-strategies-business-and-government-united-the-international-business.pdf
    • http://www.gorillawalker.com/455-pistol-revolver-no-1-mk-vi-small-arms-identification.pdf
    • http://www.gorillawalker.com/prevention-and-control-of-sewer-system-overflows-3e-mop-fd.pdf
    • http://www.gorillawalker.com/introductory-topology.pdf
    • http://www.gorillawalker.com/induction-heat-treatment-of-steel.pdf
    • http://www.gorillawalker.com/working-together-organizational-transactional-analysis-and-business-performance.pdf
    • http://www.gorillawalker.com/judas-pig.pdf
    • http://www.gorillawalker.com/practical-research-planning-and-design-10th-edition.pdf
    • http://www.gorillawalker.com/stranger-music-selected-poems-and-songs.pdf
    • http://www.gorillawalker.com/the-international-design-yearbook.pdf
    • http://www.gorillawalker.com/konzert-in-h-op-104-f-r-violoncello-und-orchester.pdf
    • http://www.gorillawalker.com/mishnah-berurah-vol-3-hebrew-and-english-edition.pdf
    • http://www.gorillawalker.com/chasing-sofia-nights-in-madrid-volume-3.pdf
    • http://www.gorillawalker.com/modern-genetic-analysis-integrating-genes-and-genomes.pdf
    • http://www.gorillawalker.com/clinical-rheumatology-a-problem-oriented-approach-to-diagnosis-and-management.pdf
    • http://www.gorillawalker.com/transportation-planner-cool-stem-careers.pdf
    • http://www.gorillawalker.com/the-kundalini-yoga-experience-bringing-body-mind-and-spirit-together.pdf
    • http://www.gorillawalker.com/weapons-of-mass-destruction-illicit-trade-and-trafficking-the-library.pdf
    • http://www.gorillawalker.com/a-pilgrimage-of-trust-faith-in-action.pdf
    • http://www.gorillawalker.com/biogas-production-pretreatment-methods-in-anaerobic-digestion.pdf
    • http://www.gorillawalker.com/arlington-treasured-recipes.pdf
    • http://www.gorillawalker.com/the-hot-conflicts-cold-war.pdf
    • http://www.gorillawalker.com/owls-let-s-learn-about.pdf
    • http://www.gorillawalker.com/rigged-the-true-story-of-an-ivy-league-kid-who.pdf
    • http://www.gorillawalker.com/the-candidate.pdf
    • http://www.gorillawalker.com/suddenly-supernatural-school-spirit.pdf
    • http://www.gorillawalker.com/predictive-corrosion-and-failure-control-in-process-operations-as-applied.pdf
    • http://www.gorillawalker.com/jazz-visions-lennie-tristano-and-his-legacy-popular-music-history.pdf
    • http://www.gorillawalker.com/catacombs-a-tale-of-the-barque-cats-a-tale-of.pdf
    • http://www.gorillawalker.com/how-to-write-a-70-murder-essay-in-law-school.pdf
    • http://www.gorillawalker.com/lectures-on-the-origin-and-growth-of-religion-as-illustrated.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.