Malicious PDF — malware analysis report

Static analysis result for SHA-256 db5fa16ae450152d…

MALICIOUS

PDF

43.9 KB Created: 2018-11-23 08:00:22 +03:00 Authoring application: Adobe InDesign CS3 (5.0.4) (via Adobe PDF Library 8.0)
MD5: a20b4314154fcc8220c4cc06a9083124 SHA-1: 6bcc108bede47c2a3dcb145b7879f1e1b3482c03 SHA-256: db5fa16ae450152d8c191fafc23380d81cae549cded1aebf9f07fbefdfa812d1
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious File

The PDF contains a large number of embedded URLs pointing to external PDF files on the same domain, as detected by the PDF_SEO_LINK_FARM heuristic. This suggests a tactic to manipulate search engine results or to distribute a large volume of content, potentially malicious. The ML classifier also flagged the document as malicious. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8452

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/gift-and-giver-the-holy-spirit-for-today.pdf
    • http://www.gorillawalker.com/stockholm-sweden-1-10-000-pocket-map-laminated-freytag-2011.pdf
    • http://www.gorillawalker.com/slavery-in-the-courtroom-an-annotated-bibliography-of-american-cases.pdf
    • http://www.gorillawalker.com/speaking-in-the-shower-presentation-skills-exposed.pdf
    • http://www.gorillawalker.com/our-common-insects-a-popular-account-of-the-insects-of.pdf
    • http://www.gorillawalker.com/fox-and-the-goat-tilki-ve-ke.pdf
    • http://www.gorillawalker.com/moran-of-the-lady-letty-a-story-of-adventure-off.pdf
    • http://www.gorillawalker.com/the-boy-who-lived-with-ghosts-a-memoir.pdf
    • http://www.gorillawalker.com/the-same-the-world-over-when-done-right-basic-salesmanship.pdf
    • http://www.gorillawalker.com/advanced-building-technologies-for-sustainability.pdf
    • http://www.gorillawalker.com/the-children-s-great-texts-of-the-bible-acts-to.pdf
    • http://www.gorillawalker.com/litecoin-the-ultimate-beginner-s-guide-for-understanding-litecoins-and.pdf
    • http://www.gorillawalker.com/metaethics-palgrave-philosophy-today.pdf
    • http://www.gorillawalker.com/n-a-r-t-a-concise-history-of-the-north.pdf
    • http://www.gorillawalker.com/el-presagio-el-misterio-ancestral-que-guarda-el-secreto-del.pdf
    • http://www.gorillawalker.com/the-book-of-hoaxes.pdf
    • http://www.gorillawalker.com/traditional-irish-cookbook-full-plenty-2-fish-meat.pdf
    • http://www.gorillawalker.com/errors-of-reasoning-naturalizing-the-logic-of-inference-studies-in.pdf
    • http://www.gorillawalker.com/cabeza-de-vaca-s-adventures-in-the-unknown-interior-of.pdf
    • http://www.gorillawalker.com/dinosaur-world-plant-eaters-encyclopedias-32.pdf
    • http://www.gorillawalker.com/bruegel.pdf
    • http://www.gorillawalker.com/fashioning-value-undressing-ornament-omp.pdf
    • http://www.gorillawalker.com/janis-janis-joplin.pdf
    • http://www.gorillawalker.com/moving-into-english-student-edition-practice-book-grade-4.pdf
    • http://www.gorillawalker.com/naruto-anime-profiles-episodes-1-37.pdf
    • http://www.gorillawalker.com/a-narrative-of-the-expedition-to-algiers-in-the-year.pdf
    • http://www.gorillawalker.com/annual-editions-education-41-e.pdf
    • http://www.gorillawalker.com/thermodynamics-english-si-version-3rd-edition.pdf
    • http://www.gorillawalker.com/recent-advances-in-calcium-channels-and-calcium-antagonists-proceedings-of.pdf
    • http://www.gorillawalker.com/chronic-kidney-disease-a-quiet-revolution-in-nephrology-six-case.pdf
    • http://www.gorillawalker.com/the-expatriate-s-guide-to-handling-money-and-taxes-kindle.pdf
    • http://www.gorillawalker.com/theological-dictionary-of-the-new-testament-volume-ix.pdf
    • http://www.gorillawalker.com/cuda-handbook-a-comprehensive-guide-to-gpu-programming-the.pdf
    • http://www.gorillawalker.com/symphony-no-7-in-c-major-miniature-score-miniature-score.pdf
    • http://www.gorillawalker.com/conversion-of-phase-ii-unsteady-aerodynamics-experiment-data-to-common.pdf
    • http://www.gorillawalker.com/healing-our-planet-healing-our-selves-the-power-of-change.pdf
    • http://www.gorillawalker.com/camping-cookbook-30-great-outdoor-camping-recipes-campfire-cooking.pdf
    • http://www.gorillawalker.com/cookie-baking-box.pdf
    • http://www.gorillawalker.com/ivf-a-patient-s-guide-by-rebecca-matthews-feb-7.pdf
    • http://www.gorillawalker.com/morocco-berlitz-pocket-travel-guides.pdf
    • http://www.gorillawalker.com/our-common-insects-a-popular-account-of-the-ins
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.