Malicious PDF — malware analysis report

Static analysis result for SHA-256 e3505447f6f66aff…

MALICIOUS

PDF

42.2 KB Created: 2018-11-30 20:30:16 +03:00 Authoring application: FrameMaker 7.0 (via Acrobat Distiller 5.0.5 (Windows))
MD5: 062d647d86b1509b1811023282c39679 SHA-1: 5d3d5641e37d8d3675f1e3d2a697b52f0bf78179 SHA-256: e3505447f6f66affc0f75baf77a7d1265ebc703414706bb7f6cbd85d4b9083f5
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded external links, identified by the PDF_SEO_LINK_FARM heuristic. These links point to various PDF documents hosted on the same domain, suggesting a link farm or a method to distribute malicious content indirectly. The ML classifier also flagged the document as malicious. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8469

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/independence-the-tangled-roots-of-the-american-revolution.pdf
    • http://www.gorillawalker.com/orthopaedic-nurses-certification-exam-secrets-study-guide-onc-test-review.pdf
    • http://www.gorillawalker.com/the-fate-of-the-dead-studies-on-the-jewish-and.pdf
    • http://www.gorillawalker.com/kindred-souls-the-friendship-of-eleanor-roosevelt-and-david-gurewitsch.pdf
    • http://www.gorillawalker.com/serving-people-with-food-allergies-kitchen-management-and-menu-creation.pdf
    • http://www.gorillawalker.com/trees-symbols-of-canada.pdf
    • http://www.gorillawalker.com/the-dimwit-s-dictionary.pdf
    • http://www.gorillawalker.com/the-ginkgo-light.pdf
    • http://www.gorillawalker.com/anatomy-a-complete-guide-for-artists.pdf
    • http://www.gorillawalker.com/noblesse-oblige-charity-and-cultural-philanthropy-in-chicago-1849-1929.pdf
    • http://www.gorillawalker.com/dictionary-of-synonyms-and-antonyms-gem-dictionaries.pdf
    • http://www.gorillawalker.com/by-jann-huizenga-the-heinle-picture-dictionary-monolingual-english-edition.pdf
    • http://www.gorillawalker.com/the-rabbi-of-84th-street-the-extraordinary-life-of-haskel.pdf
    • http://www.gorillawalker.com/social-welfare-and-religion-in-the-middle-east-a-lebanese.pdf
    • http://www.gorillawalker.com/audio-on-federal-income-tax-sum-and-substance.pdf
    • http://www.gorillawalker.com/the-lives-of-the-poets-volume-i-oxford-english-texts.pdf
    • http://www.gorillawalker.com/con-las-puntas-with-the-toe-tips-zapatillas-rosas-pink.pdf
    • http://www.gorillawalker.com/calculus-analytic-geometry-part-one-part-two-3rd-edition-calculus.pdf
    • http://www.gorillawalker.com/the-shadow-of-the-hummingbird.pdf
    • http://www.gorillawalker.com/american-historical-fiction-an-annotated-guide-to-novels-for-adults.pdf
    • http://www.gorillawalker.com/blues-harmonica-collection.pdf
    • http://www.gorillawalker.com/vocabulary-exercises-understanding-language.pdf
    • http://www.gorillawalker.com/back-to-heaven-selected-poems-of-ch-on-sang-pyong.pdf
    • http://www.gorillawalker.com/haiku-poetry-ancient-and-modern.pdf
    • http://www.gorillawalker.com/mama-sana-bebe-sano-healthy-mother-healthy-baby-a-spanish.pdf
    • http://www.gorillawalker.com/dk-eyewitness-travel-guide-southwest-usa-las-vegas.pdf
    • http://www.gorillawalker.com/vulnerability-of-agriculture-water-and-fisheries-to-climate-change-toward.pdf
    • http://www.gorillawalker.com/christmas-duets-for-all-holiday-songs-from-around-the-world.pdf
    • http://www.gorillawalker.com/let-dai-vol-4-v-4.pdf
    • http://www.gorillawalker.com/neurotoxicology-drug-and-chemical-toxicology.pdf
    • http://www.gorillawalker.com/hypnotized-whipped-emasculated-by-the-woman-i-love-hypno-sissy.pdf
    • http://www.gorillawalker.com/boggles-brown-my-cartoon-life-in-the-land-of-schizophrenia.pdf
    • http://www.gorillawalker.com/my-life-at-grey-gardens-13-months-and-beyond.pdf
    • http://www.gorillawalker.com/sweet-sour-honey.pdf
    • http://www.gorillawalker.com/dark-souls-ii-starter-s-guide.pdf
    • http://www.gorillawalker.com/warhammer-40-000-collector-s-edition-rulebook-warhammer-40-000.pdf
    • http://www.gorillawalker.com/lithuanian-traditional-foods.pdf
    • http://www.gorillawalker.com/bubble-in-the-bathtub-doctor-proctor-s-fart-powder.pdf
    • http://www.gorillawalker.com/signal-treatment-and-signal-analysis-in-nmr-data-handling-in.pdf
    • http://www.gorillawalker.com/jobs-online-find-and-get-hired-to-a-work-at.pdf
    • http://www.gorillaw
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.