Malicious PDF — malware analysis report

Static analysis result for SHA-256 dcf88209c2f30a79…

MALICIOUS

PDF

44.1 KB Created: 2019-03-17 11:22:07 +03:00 Authoring application: Adobe Acrobat 8.13 (via Adobe Acrobat 8.13 Image Conversion Plug-in)
MD5: 2d7364440a742d4bea28644c9831fd3f SHA-1: 78f7e129193c8f10f2f86a39064cc1b734cc4b7d SHA-256: dcf88209c2f30a79889410efac4368d94d06df1632a35211d361edbe77118cd0
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious File

The PDF contains a large number of external links, identified by the PDF_SEO_LINK_FARM heuristic. The ML_NYX_PDF_MALICIOUS classifier also flagged the document as malicious. The embedded URLs point to a domain that appears to be used for hosting numerous PDF files, suggesting a link farm or SEO manipulation tactic. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8224

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/arte-en-el-cuerpo-spanish-edition.pdf
    • http://www.gorillawalker.com/oskar-fischinger-1900-1967-experiments-in-cinematic-abstraction.pdf
    • http://www.gorillawalker.com/the-boss-s-survival-guide-2e-workplace-911-for-the.pdf
    • http://www.gorillawalker.com/romans-dress-eat-write-and-play-just-like-the-romans.pdf
    • http://www.gorillawalker.com/erotica-jetsetter-a-seduction-in-3-parts-erotica-jetsetter-secret.pdf
    • http://www.gorillawalker.com/the-balanced-body-instructor-s-resource-cd-rom.pdf
    • http://www.gorillawalker.com/the-best-of-chet-atkins-a-step-by-step-breakdown.pdf
    • http://www.gorillawalker.com/billy-and-the-big-new-school-anholt-family-favourites.pdf
    • http://www.gorillawalker.com/by-jennifer-recio-lebedev-vocabulary-power-1-practicing-essential-words.pdf
    • http://www.gorillawalker.com/the-light-railways-of-britain-and-ireland.pdf
    • http://www.gorillawalker.com/journey-of-life-selected-poems-of-daisaku-ikeda.pdf
    • http://www.gorillawalker.com/democracy-in-modern-iran-islam-culture-and-political-change.pdf
    • http://www.gorillawalker.com/renter-s-insurance-how-to-get-the-best-coverage-for.pdf
    • http://www.gorillawalker.com/berlitz-spanish-phrase-book-cd-english-and-spanish-edition.pdf
    • http://www.gorillawalker.com/the-everything-wedding-organizer-3rd-edition-checklists-charts-and-worksheets.pdf
    • http://www.gorillawalker.com/the-writing-of-the-disaster.pdf
    • http://www.gorillawalker.com/the-rockabilly-legends-they-called-it-rockabilly-long-before-they.pdf
    • http://www.gorillawalker.com/a-collection-of-old-english-plays-volume-2-kindle-edition.pdf
    • http://www.gorillawalker.com/radin-rothchild-reese-and-silverman-s-internet-commerce-the-emerging.pdf
    • http://www.gorillawalker.com/the-sewing-machine-master-guide-from-basic-to-expert.pdf
    • http://www.gorillawalker.com/smite-the-enemy-and-he-will-flee.pdf
    • http://www.gorillawalker.com/medical-saints-cosmas-and-damian-in-a-postmodern-world.pdf
    • http://www.gorillawalker.com/hannah-montana-fun-pack.pdf
    • http://www.gorillawalker.com/church-state-and-society-1760-1850-british-history-in-perspective.pdf
    • http://www.gorillawalker.com/quality-assurance-in-seafood-processing-a-practical-guide.pdf
    • http://www.gorillawalker.com/woodcarving-an-introduction-hobby-craft.pdf
    • http://www.gorillawalker.com/the-arterial-pulse.pdf
    • http://www.gorillawalker.com/an-interview-with-judith-rodriguez-australian-poet-interview-an-article.pdf
    • http://www.gorillawalker.com/poem-a-day-a-365-devotional-readings-based-on-classic.pdf
    • http://www.gorillawalker.com/deadly-misfortune-book-two-in-the-quintspinner-series-kindle-edition.pdf
    • http://www.gorillawalker.com/elk-hunting-101-a-pocketbook-guide-to-elk-hunting.pdf
    • http://www.gorillawalker.com/rescuing-dewey-essays-in-pragmatic-naturalism-studies-in-ethics-and.pdf
    • http://www.gorillawalker.com/the-glorious-quran-word-for-word-translation-to-facilitate-learning.pdf
    • http://www.gorillawalker.com/vergeten-door-het-vaderland-dutch-edition.pdf
    • http://www.gorillawalker.com/how-to-get-in-football-shape-with-dvd.pdf
    • http://www.gorillawalker.com/out-with-the-in-crowd-the-reinvention-of-skylar-hoyt.pdf
    • http://www.gorillawalker.com/lob-trees-in-the-wilderness.pdf
    • http://www.gorillawalker.com/bullying-straight-talk-about.pdf
    • http://www.gorillawalker.com/das-volk-steht-auf-europas-befreiungskampf-gegen-napoleon-german-edition.pdf
    • http://www.gorillawalker.com/population-viability-analysis.pdf
    • http://www.gorillawalker.co
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.