Malicious PDF — malware analysis report

Static analysis result for SHA-256 dd0d0586569a8c0d…

MALICIOUS

PDF

44.0 KB Created: 2018-11-14 08:38:57 +03:00 Authoring application: QuarkXPress(R) 9.0
MD5: a73a2e100288e2e12a3c92cc3752e044 SHA-1: 898ca73c357bc6ee64f0d567083441d27c780e84 SHA-256: dd0d0586569a8c0d462818bab6bfa47652c8074dc591a9cd240cb6b9671cc85c
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF contains a large number of embedded URLs pointing to external PDF files, indicative of a link farm for SEO manipulation or to distribute malicious content. The ML classifier also flagged this PDF as malicious. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9007

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/nicknames-past-and-present.pdf
    • http://www.gorillawalker.com/kaplan-usmle-step-1-intenseprep-review-pharmacology-2000-edition.pdf
    • http://www.gorillawalker.com/interpretation-of-ms-ms-mass-spectra-drugs-and-pesticides-wiley.pdf
    • http://www.gorillawalker.com/the-nuclear-fuel-cycle-from-ore-to-waste-oxford-science.pdf
    • http://www.gorillawalker.com/goode-s-world-atlas-21st-edition.pdf
    • http://www.gorillawalker.com/berlitz-japanese-for-your-trip-berlitz-for-your-trip.pdf
    • http://www.gorillawalker.com/opium-fiend-a-21st-century-slave-to-a-19th-century.pdf
    • http://www.gorillawalker.com/wine-making-101-the-ultimate-gide-to-making-delicious-wine.pdf
    • http://www.gorillawalker.com/cinderella-and-other-tales-by-the-brothers-grimm-book-and.pdf
    • http://www.gorillawalker.com/the-black-pit-and-beyond.pdf
    • http://www.gorillawalker.com/morgan-malvern-motoring.pdf
    • http://www.gorillawalker.com/a-guide-for-fathers-when-a-baby-dies.pdf
    • http://www.gorillawalker.com/herbs-for-children-s-health-how-to-make-and-use.pdf
    • http://www.gorillawalker.com/agriculture-at-a-crossroads-volume-ii-east-and-south-asia.pdf
    • http://www.gorillawalker.com/managing-school-attendance-successful-intervention-strategies-for-reducing-truancy.pdf
    • http://www.gorillawalker.com/chinese-medicine-practitioners-physician-assistant-practicing-simulated-papers-2009-national.pdf
    • http://www.gorillawalker.com/tenants-rights-in-california-legal-survival-guides.pdf
    • http://www.gorillawalker.com/thermal-stress-and-strain-in-microelectronics-packaging.pdf
    • http://www.gorillawalker.com/born-fearless-commando-para-mercenary-sas-pirate-hunter-by-big.pdf
    • http://www.gorillawalker.com/exam-questions-and-explanations-for-law-schoola-law-school-e.pdf
    • http://www.gorillawalker.com/head-lice-disgusting-creatures.pdf
    • http://www.gorillawalker.com/astronomy-the-universe-at-a-glance-plus-masteringastronomy-with-etext.pdf
    • http://www.gorillawalker.com/children-at-risk-safety-as-a-social-value.pdf
    • http://www.gorillawalker.com/letters-to-his-son-on-the-art-of-becoming-a.pdf
    • http://www.gorillawalker.com/time-in-history-views-of-time-from-prehistory-to-the.pdf
    • http://www.gorillawalker.com/yukon-madness-action-adventure-short-stories-collectio.pdf
    • http://www.gorillawalker.com/what-you-don-t-know-about-retirement.pdf
    • http://www.gorillawalker.com/transistors-c-i-l.pdf
    • http://www.gorillawalker.com/portraits-of-war.pdf
    • http://www.gorillawalker.com/cochlear-nucleus-advances-in-speech-hearing-and-language-processing.pdf
    • http://www.gorillawalker.com/the-person-of-the-holy-spirit-study-guide.pdf
    • http://www.gorillawalker.com/incest-a-new-perspective.pdf
    • http://www.gorillawalker.com/ccrn-certification-for-adult-critical-care-nurses-kaplan-ccrn.pdf
    • http://www.gorillawalker.com/sec-telephone-interpretations-manual.pdf
    • http://www.gorillawalker.com/the-natural-history-of-stupidity.pdf
    • http://www.gorillawalker.com/thyroid-diet-thyroid-solution-diet-natural-treatment-book-for-thyroid.pdf
    • http://www.gorillawalker.com/die-vielen-leben-des-harry-august-roman-german-edition.pdf
    • http://www.gorillawalker.com/flight-111-a-year-in-the-life-of-a-tragedy.pdf
    • http://www.gorillawalker.com/book-of-secrets.pdf
    • http://www.gorillawalker.com/health-economics-of-japan.pdf
    • http://www.gorillawalker.com/cinderel
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.