Malicious PDF — malware analysis report

Static analysis result for SHA-256 e4d5606e43b0779e…

MALICIOUS

PDF

42.4 KB Created: 2018-12-08 04:09:22 +03:00 Authoring application: FrameMaker 12.0.4 (via Acrobat Distiller 11.0 (Windows))
MD5: 5406d55cdb546ae39c4f7d9be96f905b SHA-1: 69bfafaa63b770e38b8d089ab9a7cd982ce1e7b8 SHA-256: e4d5606e43b0779e5d04dd58ec04bfc8e8d732658b9c04f1cdc0f398330f967b
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded external links, as detected by the PDF_SEO_LINK_FARM heuristic. The ML_NYX_PDF_MALICIOUS classifier also flagged the document with high confidence. The primary purpose appears to be directing users to a multitude of external PDF documents hosted on the same domain, likely for SEO manipulation or to serve as a distribution point for further malicious content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/history-of-the-british-coal-industry-volume-2-1700-1830.pdf
    • http://www.gorillawalker.com/tibet-through-china.pdf
    • http://www.gorillawalker.com/battle-of-the-ironclads-we-the-people-civil-war-era.pdf
    • http://www.gorillawalker.com/images-from-the-bible-the-new-testament-pepin-picture-collections.pdf
    • http://www.gorillawalker.com/petite-messe-solennelle-for-soli-chorus-and-orchestra-choral-score.pdf
    • http://www.gorillawalker.com/the-jipijapa-hat-and-other-stories-about-growing-up-in.pdf
    • http://www.gorillawalker.com/crowdfunding-und-crowdinvesting-als-alternative-finanzierungsformen-german-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/jamaica-plain-real-estate-analysis-1953-1965.pdf
    • http://www.gorillawalker.com/taking-chances-in-love.pdf
    • http://www.gorillawalker.com/television-technology-demystified-a-non-technical-guide.pdf
    • http://www.gorillawalker.com/samantha-indossa-una-lente-a-contatto-e-una-benda-proprio.pdf
    • http://www.gorillawalker.com/c-s-lewis-a-life-inspired-kindle-edition.pdf
    • http://www.gorillawalker.com/de-paseo-por-la-selva-spanish-edition.pdf
    • http://www.gorillawalker.com/the-paleogene-mammals-of-china-bulletin-of-carnegie-museum-of.pdf
    • http://www.gorillawalker.com/architecture-of-minneapolis-parks-images-of-america.pdf
    • http://www.gorillawalker.com/set-theory-and-topology.pdf
    • http://www.gorillawalker.com/chilton-s-repair-and-tune-up-guide-gremlin-hornet.pdf
    • http://www.gorillawalker.com/jeremy-lin-the-incredible-rise-of-the-nba-s-most.pdf
    • http://www.gorillawalker.com/leather-braiding.pdf
    • http://www.gorillawalker.com/maite-merche-spanish-edition.pdf
    • http://www.gorillawalker.com/matrix-theory-vol-1.pdf
    • http://www.gorillawalker.com/psychological-testing-and-assessment-10th-edition.pdf
    • http://www.gorillawalker.com/britain-s-algeria-france-s-ireland.pdf
    • http://www.gorillawalker.com/the-musical-life-of-joseph-martin-kraus-letters-of-an.pdf
    • http://www.gorillawalker.com/brett-mccarthy-work-in-progress.pdf
    • http://www.gorillawalker.com/a-day-without-rules.pdf
    • http://www.gorillawalker.com/autobiography-of-hector-berlioz-volume-1-member-of-the-institute.pdf
    • http://www.gorillawalker.com/continuum-mechanics-using-mathematica-fundamentals-methods-and-applications-modeling-and.pdf
    • http://www.gorillawalker.com/david-walker-s-appeal-to-the-coloured-citizens-of-the.pdf
    • http://www.gorillawalker.com/grow-it-yourself.pdf
    • http://www.gorillawalker.com/100-things-to-do-in-new-york-city-before-you.pdf
    • http://www.gorillawalker.com/songwriting-essential-guide-to-lyric-form-and-structure-tools-and.pdf
    • http://www.gorillawalker.com/young-frederick-douglass-the-slave-who-learned-to-read.pdf
    • http://www.gorillawalker.com/crystals-rocks-and-minerals.pdf
    • http://www.gorillawalker.com/the-unknown-kurt-weill-voice-and-piano.pdf
    • http://www.gorillawalker.com/epidemiology-and-control-of-nematodiasis-in-cattle-proceedings-current-topics.pdf
    • http://www.gorillawalker.com/insurgent-identities-class-community-and-protest-in-paris-from-1848.pdf
    • http://www.gorillawalker.com/how-to-incorporate-and-start-a-business-in-minnesota.pdf
    • http://www.gorillawalker.com/changing-nature-the-immortal-descendants-volume-3.pdf
    • http://www.gorillawalker.com/to-die-no-more.pdf
    • http://www.gorillawalker.com/the-jipijapa-hat-and-other
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.