Malicious PDF — malware analysis report

Static analysis result for SHA-256 e56acdd4e0dbb034…

MALICIOUS

PDF

44.9 KB Created: 2019-01-06 08:29:48 +03:00 Authoring application: C2 v4.2.0220 build 670 - c2_rendition_config : Techlit_Active (via Acrobat Distiller 10.0.0 (Windows); modified using iText 2.1.7 by 1T3XT)
MD5: ed403c66ab663dc42d0c58740dac9125 SHA-1: 1eb0d1757fb8f5a69bbe413ec903733e6a63dcc6 SHA-256: e56acdd4e0dbb03417678ccb5efd1f4f43ed7e05bffe3ae159f34a534c14bcd5
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious File

The PDF was flagged by a machine learning classifier as malicious. Static analysis revealed a large number of embedded links to external PDF files, indicating a link farm or a distribution mechanism. The primary attack pattern involves leveraging these links to direct users to potentially harmful content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9005

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/methods-for-neural-ensemble-recordings-second-edition-frontiers-in-neuroscience.pdf
    • http://www.gorillawalker.com/metaskills-five-talents-for-the-robotic-age.pdf
    • http://www.gorillawalker.com/heart-of-the-artichoke-and-other-kitchen-journeys.pdf
    • http://www.gorillawalker.com/control-of-complex-systems.pdf
    • http://www.gorillawalker.com/code-of-federal-regulations-title-49-transportation-pt-200-299.pdf
    • http://www.gorillawalker.com/los-rollos-del-mar-muerto-y-las-ra-ces-secretas.pdf
    • http://www.gorillawalker.com/brand-new-the-shape-of-brands-to-come.pdf
    • http://www.gorillawalker.com/etchings.pdf
    • http://www.gorillawalker.com/stedman-s-alternative-complementary-medicine-words-second-edition-on-cd.pdf
    • http://www.gorillawalker.com/broken-in-soft-places-bold-strokes-victory-editions.pdf
    • http://www.gorillawalker.com/me-myself-and-lies-what-to-say-when-you-talk.pdf
    • http://www.gorillawalker.com/real-the-letters-of-mina-harker-and-sam-d-allesandro.pdf
    • http://www.gorillawalker.com/sun-yat-sen-his-life-and-its-meaning-a-critical.pdf
    • http://www.gorillawalker.com/razzle-dazzle-doodle-art-creative-play-for-you-and-your.pdf
    • http://www.gorillawalker.com/the-created-advanced-dungeons-dragons-rm2-2nd-edition-ravenloff-official.pdf
    • http://www.gorillawalker.com/the-complete-guide-to-renovating-older-homes-how-to-make.pdf
    • http://www.gorillawalker.com/the-earth-s-ionosphere-plasma-physics-and-electrodynamics.pdf
    • http://www.gorillawalker.com/modern-physical-geology.pdf
    • http://www.gorillawalker.com/disobedient-cowboys-lone-wolves-of-shay-falls-4-siren-publishing.pdf
    • http://www.gorillawalker.com/ispy-surveillance-and-power-in-the-interactive-era-culture-america.pdf
    • http://www.gorillawalker.com/tracking-dinosaurs-in-the-gobi-single-titles-grade-level-5.pdf
    • http://www.gorillawalker.com/ghost-sex-the-violation.pdf
    • http://www.gorillawalker.com/silent-hill-past-life.pdf
    • http://www.gorillawalker.com/oxford-handbook-of-tropical-medicine-oxford-medical-handbooks.pdf
    • http://www.gorillawalker.com/american-wasteland-how-america-throws-away-nearly-half-of-its.pdf
    • http://www.gorillawalker.com/emergency-management-mobile-command-response-vehicles-a-photographic-review-of.pdf
    • http://www.gorillawalker.com/welsh-calvinistic-methodism.pdf
    • http://www.gorillawalker.com/texas-plants-and-animals-state-studies-texas.pdf
    • http://www.gorillawalker.com/reinforced-concrete.pdf
    • http://www.gorillawalker.com/natural-gain-in-the-grazing-lands-of-southern-australia.pdf
    • http://www.gorillawalker.com/young-strings-in-action-volume-ii-student-book-viola.pdf
    • http://www.gorillawalker.com/virat-kohli-reliable-rebel-kindle-edition.pdf
    • http://www.gorillawalker.com/global-scleroderma-database-predicts-organ-risk-clinical-rounds-an-article.pdf
    • http://www.gorillawalker.com/invasion-of-the-body-snatchers-bfi-film-classics.pdf
    • http://www.gorillawalker.com/the-diwan-of-hassan-ibn-thabit-arabic-edition.pdf
    • http://www.gorillawalker.com/attitudes-and-consequences-in-the-restoration-movement.pdf
    • http://www.gorillawalker.com/how-to-sketch-plants-tips-and-techniques-for-fast-fresh.pdf
    • http://www.gorillawalker.com/synthetic-polymeric-membranes-characterization-by-atomic-force-microscopy-springer-laboratory.pdf
    • http://www.gorillawalker.com/theory-of-cost-and-production-functions-princeton-studies-in-mathematical.pdf
    • http://www.gorillawalker.com/anesthesiology-examination-and-board-review-7-e-mcgraw-hill-specialty.pdf
    • http://www.gorillawalker.com/code-of-feder
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.