Malicious PDF — malware analysis report

Static analysis result for SHA-256 def9173346600637…

MALICIOUS

PDF

45.4 KB Created: 2018-11-15 19:35:55 +03:00 Authoring application: PDF CoDe 2015.5473 (c) 2002-2015 European Commission
MD5: ff6e76694cd1ab688e2549e2f9126690 SHA-1: 95c69b3b61d1badb005f6f084324781820895acf SHA-256: def9173346600637eb9bcdac2763563559050706552a5aeed973e4db0a7bc289
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML_NYX_PDF_MALICIOUS heuristic also flagged the document as malicious. The embedded URLs point to a single domain, suggesting a coordinated effort to manipulate search engine results or distribute content from a central location. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8634

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/rock-dynamics-and-geophysical-exploration.pdf
    • http://www.gorillawalker.com/rand-mcnally-stockton-california-thomas-guide-streets-of.pdf
    • http://www.gorillawalker.com/nelles-colombia-ecuador-travel-map-with-galapagos-islands-nelles-map.pdf
    • http://www.gorillawalker.com/scientific-standards-for-studies-on-modified-risk-tobacco-products.pdf
    • http://www.gorillawalker.com/bill-of-rights.pdf
    • http://www.gorillawalker.com/vertigo-nft-bfi-film-classics.pdf
    • http://www.gorillawalker.com/lecciones-de-mitologia-azteca-primary-source-edition-spanish-edition.pdf
    • http://www.gorillawalker.com/how-to-be-a-tudor-a-dawn-to-dusk-guide.pdf
    • http://www.gorillawalker.com/watercolor-the-easy-way-art-studio.pdf
    • http://www.gorillawalker.com/one-best-hike-grand-canyon-everything-you-need-to-know.pdf
    • http://www.gorillawalker.com/blue-moon-piano-duet-arrangement-sheet-music-1950-robbins-music.pdf
    • http://www.gorillawalker.com/varieties-of-fascism.pdf
    • http://www.gorillawalker.com/muscle-growth-with-hit-bodybuilding-how-to-get-a-superhero.pdf
    • http://www.gorillawalker.com/tough-straight-guys-gay-for-the-first-time.pdf
    • http://www.gorillawalker.com/the-extent-and-efficacy-of-the-life-and-work-of.pdf
    • http://www.gorillawalker.com/enlarged-prostate-bph-could-be-two-diseases-one-more-severe.pdf
    • http://www.gorillawalker.com/quotable-a-hole-2016-boxed-daily-calendar.pdf
    • http://www.gorillawalker.com/slay-the-giant-the-power-of-prevention-in-defeating-heart.pdf
    • http://www.gorillawalker.com/lucidity-the-raven-chronicles-book-2-kindle-edition.pdf
    • http://www.gorillawalker.com/architectural-lighting-design-2nd-edition.pdf
    • http://www.gorillawalker.com/vector-analysis-in-tables.pdf
    • http://www.gorillawalker.com/village-boy-poems-of-cultural-identity.pdf
    • http://www.gorillawalker.com/ultimate-taboo-volume-eleven-kindle-edition.pdf
    • http://www.gorillawalker.com/perfect-paper.pdf
    • http://www.gorillawalker.com/in-the-time-of-oil-piety-memory-and-social-life.pdf
    • http://www.gorillawalker.com/an-introduction-to-the-mechanics-of-solids-stresses-and-deformation.pdf
    • http://www.gorillawalker.com/floods-in-a-changing-climate-extreme-precipitation-international-hydrology-series.pdf
    • http://www.gorillawalker.com/45-college-recommendation-letters-that-made-a-difference.pdf
    • http://www.gorillawalker.com/dreamers-of-the-colorado-the-mojave-indians-part-ii-their.pdf
    • http://www.gorillawalker.com/terpenes-flavors-fragrances-pharmaca-pheromones.pdf
    • http://www.gorillawalker.com/the-ultimate-body-rolling-workout-the-revolutionary-way-to-tone.pdf
    • http://www.gorillawalker.com/general-organic-biological-chemistry.pdf
    • http://www.gorillawalker.com/101-platos-low-cost-101-budget-dishes-spanish-edition.pdf
    • http://www.gorillawalker.com/the-conveyancer-s-tax-primer.pdf
    • http://www.gorillawalker.com/adam-adult-busty-magazine-erotic-actress-candida-royale-gets-candid.pdf
    • http://www.gorillawalker.com/a-bibliography-of-printing-with-notes-and-illustrations-3-volumes.pdf
    • http://www.gorillawalker.com/resident-s-guide-to-clinical-psychiatry.pdf
    • http://www.gorillawalker.com/northern-travel-summer-and-winter-pictures-of-sweden-denmark-and.pdf
    • http://www.gorillawalker.com/miyazaki-s-animism-abroad-the-reception-of-japanese-religious-themes.pdf
    • http://www.gorillawalker.com/vampire-love.pdf
    • http://www.gorillawalker.com/how-to-be-a-t
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.