Malicious PDF — malware analysis report

Static analysis result for SHA-256 dbb4d9e944149ed8…

MALICIOUS

PDF

45.1 KB Created: 2018-11-14 08:20:58 +03:00 Authoring application: Adobe Acrobat 8.0 Combine Files (via Adobe Acrobat 8.0)
MD5: af3d66eb14ffd5dd66d9fdc77c3c087f SHA-1: b355dee5bc7e6c364f922d98aed1f5ff8f9b406a SHA-256: dbb4d9e944149ed826db5d11e1fecdedac0a8210ca5bdd9a9608b6c9abb98644
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded URLs pointing to external websites, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged the document as malicious. The primary attack pattern appears to be a link farm designed to manipulate search engine results or redirect users to potentially malicious content hosted on the linked domains. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8634

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/courage-winning-lifes-tough-battles-ed-cole-classic.pdf
    • http://www.gorillawalker.com/missing-microbes-how-the-overuse-of-antibiotics-is-fueling-our.pdf
    • http://www.gorillawalker.com/the-courage-to-be.pdf
    • http://www.gorillawalker.com/vietnam-the-necessary-war-a-reinterpretation-of-america-s-most.pdf
    • http://www.gorillawalker.com/gerard-the-influence-of-jack-kerouac-s-brother-on-his.pdf
    • http://www.gorillawalker.com/god-is-fabulous.pdf
    • http://www.gorillawalker.com/frommer-s-easyguide-to-vancouver-and-victoria-easy-guides.pdf
    • http://www.gorillawalker.com/google-for-business-second-edition-how-google-s-social-network.pdf
    • http://www.gorillawalker.com/plantas-medicinales-del-siglo-xxi-spanish-edition.pdf
    • http://www.gorillawalker.com/black-white-photography-for-35mm-a-guide-to-photography-and.pdf
    • http://www.gorillawalker.com/the-message-of-the-qur-an.pdf
    • http://www.gorillawalker.com/minrs.pdf
    • http://www.gorillawalker.com/semiconductors-bonds-and-bands-iop-expanding-physics.pdf
    • http://www.gorillawalker.com/tiffany-the-tease-vol-2-kindle-edition.pdf
    • http://www.gorillawalker.com/stamitz-six-duets-op-19-for-violin-and-cello-published.pdf
    • http://www.gorillawalker.com/deep-foundations-2002-an-international-perspective-on-theory-design-construction.pdf
    • http://www.gorillawalker.com/the-cult-of-tara-magic-and-ritual-in-tibet.pdf
    • http://www.gorillawalker.com/android-fragments.pdf
    • http://www.gorillawalker.com/preventing-residential-burglary-toward-more-effective-community-programs-institute-publications.pdf
    • http://www.gorillawalker.com/luther-katholizit-t-und-reform-wurzel-wege-wirkungen-german-edition.pdf
    • http://www.gorillawalker.com/hot-pink-lightning-brodil-s-honda-330r-zips-past-competitors.pdf
    • http://www.gorillawalker.com/moral-emotions-reclaiming-the-evidence-of-the-heart-studies-in.pdf
    • http://www.gorillawalker.com/an-introduction-to-the-philosophy-of-animate-nature-editiones-scholasticae.pdf
    • http://www.gorillawalker.com/child-labor-a-world-history-companion-world-history-companions.pdf
    • http://www.gorillawalker.com/aldus-his-dream-book-an-illustrated-essay-paperback-common.pdf
    • http://www.gorillawalker.com/shrimp-raceway-aquaculture-technology-for-india.pdf
    • http://www.gorillawalker.com/the-berenstain-bears-and-the-school-scandal-sheet.pdf
    • http://www.gorillawalker.com/hollywood-bound.pdf
    • http://www.gorillawalker.com/the-origin-of-the-concept-of-nuclear-forces.pdf
    • http://www.gorillawalker.com/the-sacred-canopy-elements-of-a-sociological-theory-of-religion.pdf
    • http://www.gorillawalker.com/racing-to-justice-transforming-our-conceptions-of-self-and-other.pdf
    • http://www.gorillawalker.com/the-hedgehog-and-the-fox.pdf
    • http://www.gorillawalker.com/three-pigs-one-wolf-seven-magic-shapes-level-3-scholastic.pdf
    • http://www.gorillawalker.com/bhishma-son-of-ganga-j-a-joshi-s-mahabharat-book.pdf
    • http://www.gorillawalker.com/my-motion-offense-at-16.pdf
    • http://www.gorillawalker.com/modern-sporting-guns.pdf
    • http://www.gorillawalker.com/die-rechtsstellung-von-ausl-ndern-nach-staatlichem-recht-und-v.pdf
    • http://www.gorillawalker.com/kids-travel-journal-my-trip-to-gambia.pdf
    • http://www.gorillawalker.com/cafes-the-best-english-and-spanish-edition.pdf
    • http://www.gorillawalker.com/la-mec-nica-cu-ntica-el-universo-y-la-vida.pdf
    • http://www.gori
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.