Malicious PDF — malware analysis report

Static analysis result for SHA-256 dda7320b5eaf27cf…

MALICIOUS

PDF

41.7 KB Created: 2018-12-15 08:52:40 +03:00 Authoring application: Arbortext 5.4 (via PDFlib+PDI 7.0.4 (Win32))
MD5: 42d4200f0c1b844293e11d9e9099bdbf SHA-1: 62ead19777816c4a82ddb39e7a6c8ed18f0ece76 SHA-256: dda7320b5eaf27cf107d2ef4bc265e4a335dbe3bfbcf3152f3a9f072ed5c58c6
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded external links, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged this PDF as malicious with high confidence. While no scripts were extracted, the sheer volume of links suggests a malicious intent, possibly for SEO manipulation or to distribute further malicious content. The document body was unreadable, providing no additional context.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/conduit.pdf
    • http://www.gorillawalker.com/william-lawrence-baillieu-the-story-of-melbourne-s-money-king.pdf
    • http://www.gorillawalker.com/the-problem-solving-memory-jogger-for-food-safety.pdf
    • http://www.gorillawalker.com/montreal-up-close-a-pedestrian-s-guide-to-the-city.pdf
    • http://www.gorillawalker.com/pocket-guide-to-color-with-digital-applications.pdf
    • http://www.gorillawalker.com/principles-and-applications-of-modified-atmosphere-packaging-of-foods.pdf
    • http://www.gorillawalker.com/seeds-of-fiction-graham-greene-s-adventures-in-haiti-and.pdf
    • http://www.gorillawalker.com/nuclear-medicine-annual-2003.pdf
    • http://www.gorillawalker.com/mastering-german-with-15-compact-discs-mastering-series-level-1.pdf
    • http://www.gorillawalker.com/finra-series-7-exam-mastering-options-250-options-practice-exam.pdf
    • http://www.gorillawalker.com/life-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/the-distinguishing-traits-of-christian-character-kindle-edition.pdf
    • http://www.gorillawalker.com/handbook-of-environmental-management-and-technology-2nd-edition.pdf
    • http://www.gorillawalker.com/wastewater-treatment-plants-planning-design-and-operation-second-edition.pdf
    • http://www.gorillawalker.com/the-conflict-how-modern-motherhood-undermines-the-status-of-women.pdf
    • http://www.gorillawalker.com/submission-a-novel.pdf
    • http://www.gorillawalker.com/handbook-of-self-knowledge.pdf
    • http://www.gorillawalker.com/wind-in-your-sails-vital-strategies-that-accelerate-your-entrepreneurial.pdf
    • http://www.gorillawalker.com/circuits-interconnections-and-packaging-for-vlsi-addison-wesley-vlsi-systems.pdf
    • http://www.gorillawalker.com/job-escape-plan-the-7-steps-to-build-a-home.pdf
    • http://www.gorillawalker.com/california-geometry-concepts-skills-and-problem-solving.pdf
    • http://www.gorillawalker.com/protecting-indigenous-knowledge-and-heritage-a-global-challenge-purich-s.pdf
    • http://www.gorillawalker.com/one-tempting-proposal-accidental-heirs.pdf
    • http://www.gorillawalker.com/greek-mythology-world-of-mythology-abdo.pdf
    • http://www.gorillawalker.com/fundamentals-of-general-organic-and-biological-chemistry.pdf
    • http://www.gorillawalker.com/winter-blues-seasonal-affective-disorder-what-it-is-and-how.pdf
    • http://www.gorillawalker.com/nutritional-biochemistry-kindle-edition.pdf
    • http://www.gorillawalker.com/sweet-desire-tales-of-dystopian-decadence-book-2.pdf
    • http://www.gorillawalker.com/burgundy-a-comprehensive-guide-to-the-producers-appellations-and-wines.pdf
    • http://www.gorillawalker.com/ireland-places-and-history-places-and-history-series.pdf
    • http://www.gorillawalker.com/organizational-learning-from-performance-feedback-a-behavioral-perspective-on-innovation.pdf
    • http://www.gorillawalker.com/jock-sturges-fanny.pdf
    • http://www.gorillawalker.com/little-book-of-lettering.pdf
    • http://www.gorillawalker.com/contabilidad-financiera-spanish-edition.pdf
    • http://www.gorillawalker.com/a-voice-from-the-fire-the-authority-of-experience.pdf
    • http://www.gorillawalker.com/prosodic-typology-ii-the-phonology-of-intonation-and-phrasing.pdf
    • http://www.gorillawalker.com/deep-i.pdf
    • http://www.gorillawalker.com/maring-hunters-and-traders-production-and-exchange-in-the-papua.pdf
    • http://www.gorillawalker.com/holes-focus-on-reading-saddleback-s-focus-on-reading-study.pdf
    • http://www.gorillawalker.com/italy-with-kids-second-edition.pdf
    • http://www.gorilla
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.