Malicious PDF — malware analysis report

Static analysis result for SHA-256 def3a49ea8182034…

MALICIOUS

PDF

44.5 KB Created: 2018-11-23 21:03:33 +03:00 Authoring application: dvips(k) 5.99 Copyright 2010 Radical Eye Software (via Acrobat Distiller 9.4.5 (Windows))
MD5: cb7ebddf97d8d6d68863ff25f8599cf8 SHA-1: e26ab8b952e8e9c7afeb126633c6414d8d070b5a SHA-256: def3a49ea8182034b6a96b1c1118f5f23cc47a1700828896fcabcbd3bf3922d8
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF was flagged by a machine learning classifier as malicious. A critical heuristic identified a large number of external links within the document, suggesting a link farm or redirection strategy. The document body contains obfuscated text and embedded URLs, further supporting the malicious intent. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9007

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/progres-pour-les-enfants-mortalite-maternelle-bilan-statistique-french-edition.pdf
    • http://www.gorillawalker.com/countdown-to-death-the-silencer-book-1-kindle-edition.pdf
    • http://www.gorillawalker.com/bak-met-josh-afrikaans-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/the-mask-limited-edition-box-set.pdf
    • http://www.gorillawalker.com/do-it-now-break-the-procrastination-habit.pdf
    • http://www.gorillawalker.com/management-a-focus-on-leaders-preliminary-edition-instructor-copy.pdf
    • http://www.gorillawalker.com/engaging-performance-theatre-as-call-and-response.pdf
    • http://www.gorillawalker.com/sever-chemical-garden.pdf
    • http://www.gorillawalker.com/by-hector-berlioz-les-nuits-d-t-complete-song-cycle.pdf
    • http://www.gorillawalker.com/pillow.pdf
    • http://www.gorillawalker.com/liberty-and-the-news.pdf
    • http://www.gorillawalker.com/arkansas-classic-christmas-trivia.pdf
    • http://www.gorillawalker.com/chinese-english-dictionary-of-the-500-most-frequently-used-words.pdf
    • http://www.gorillawalker.com/the-elephant-the-tiger-and-the-cellphone-india-the-emerging.pdf
    • http://www.gorillawalker.com/the-language-rich-classroom-a-research-based-framework-for-teaching.pdf
    • http://www.gorillawalker.com/to-conquer-is-to-live-the-life-of-captain-john.pdf
    • http://www.gorillawalker.com/riches-poverty-and-the-faithful-perspectives-on-wealth-in-the.pdf
    • http://www.gorillawalker.com/creating-motion-graphics-with-after-effects-essential-and-advanced-techniques.pdf
    • http://www.gorillawalker.com/the-children-s-everyday-bible-365-bible-stories-for-children.pdf
    • http://www.gorillawalker.com/how-to-draw-buildings-and-other-structures-a-step-by.pdf
    • http://www.gorillawalker.com/funny-girl-a-novel.pdf
    • http://www.gorillawalker.com/poison-ivy-a-martha-s-vineyard-mystery.pdf
    • http://www.gorillawalker.com/eat-clean-wok-yourself-to-health-digital.pdf
    • http://www.gorillawalker.com/seductora-verdad-serie-agencia-demon-a-2-spanish-edition.pdf
    • http://www.gorillawalker.com/neurologic-clinics-tourette-syndrome.pdf
    • http://www.gorillawalker.com/by-love-possessed-silhouette-shadows.pdf
    • http://www.gorillawalker.com/the-mythology-of-work-how-capitalism-persists-despite-itself.pdf
    • http://www.gorillawalker.com/border-radio-quacks-yodelers-pitchmen-psychics-and-other-amazing-broadcasters.pdf
    • http://www.gorillawalker.com/structured-products-volume-1-exotic-options-interest-rates-and-currency.pdf
    • http://www.gorillawalker.com/physiological-plant-ecology.pdf
    • http://www.gorillawalker.com/lonely-planet-vietnam-country-travel-guide-by-iain-stewart-peter.pdf
    • http://www.gorillawalker.com/mesoamerica-olmecas-mayas-aztecas-art-book-spanish-edition.pdf
    • http://www.gorillawalker.com/i-married-a-master-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/visions-of-beauty-ii-images-of-12-figure-models.pdf
    • http://www.gorillawalker.com/guerrilla-warfare-tactics-in-urban-environments-kindle-edition.pdf
    • http://www.gorillawalker.com/webtutor-tm-on-blackboard-printed-access-card-for-whitman-johnson.pdf
    • http://www.gorillawalker.com/painting-with-acrylics.pdf
    • http://www.gorillawalker.com/memoirs-of-the-late-mrs-mary-cooper-of-london-who.pdf
    • http://www.gorillawalker.com/the-comicon-and-convention-survival-guide.pdf
    • http://www.gorillawalker.com/the-method-of-no-method-the-chan-practice-of-silent.pdf
    • http://www.gorillawalker.com/sever-chemical-garden
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.