Malicious PDF — malware analysis report

Static analysis result for SHA-256 e5d8f38cb36ef22e…

MALICIOUS

PDF

40.7 KB Created: 2018-12-15 20:10:00 +03:00 Authoring application: Adobe InDesign CS (3.0) (via Adobe PDF Library 6.0)
MD5: 06e62c8eb6ef6cd02858373ccc84e41f SHA-1: b91edf22c0a9b5d0da14bf3548157ddd73b41c34 SHA-256: e5d8f38cb36ef22eef323d5f79a579111c4145531a353491ab3621b49fdc71c8
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF was flagged by an ML classifier and contains a significant number of embedded external links, a technique often used for SEO spam or to distribute further malicious content. The heuristic 'PDF_SEO_LINK_FARM' specifically identifies this behavior, indicating the document's primary purpose is to host a large collection of links. No scripts were extracted, and the document body was heavily obfuscated, limiting further analysis of the specific lure.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9027

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/12-duets-from-anna-magdalena-bach-notebook-trumpet-piano-bach.pdf
    • http://www.gorillawalker.com/koren-talmud-bavli-v-28-bava-batra-part-2-english.pdf
    • http://www.gorillawalker.com/chambers-card-games-for-one-the-perfect-partner-for-playing.pdf
    • http://www.gorillawalker.com/creature-teacher.pdf
    • http://www.gorillawalker.com/system-center-2012-configuration-manager-sccm-unleashed.pdf
    • http://www.gorillawalker.com/anyone-who-had-a-heart-my-life-and-music.pdf
    • http://www.gorillawalker.com/simon-boccanegra-libretto.pdf
    • http://www.gorillawalker.com/the-little-chinese-cookbook-the-little-cookbook-series.pdf
    • http://www.gorillawalker.com/tis-so-sweet-to-trust-in-jesus.pdf
    • http://www.gorillawalker.com/who-s-who-in-venture-capital.pdf
    • http://www.gorillawalker.com/lineages-and-histories-of-zoo-herpetologists-in-the-united-states.pdf
    • http://www.gorillawalker.com/chemistry-in-context-laboratory-manual.pdf
    • http://www.gorillawalker.com/la-cruz-piramidal-claves-gran-obra-de-amarina-monteblanco-volume.pdf
    • http://www.gorillawalker.com/communities-in-contact-essays-in-archaeology-ethnohistory-and-ethnography-of.pdf
    • http://www.gorillawalker.com/computer-aided-design-in-power-engineering-application-of-software-tools.pdf
    • http://www.gorillawalker.com/seimaden-vol-05.pdf
    • http://www.gorillawalker.com/the-skin-i-m-in-a-first-look-at-racism.pdf
    • http://www.gorillawalker.com/5000-f-cil-scramblex-enigmas-para-aumentar-o-seu-qi.pdf
    • http://www.gorillawalker.com/handbook-of-modern-ferromagnetic-materials-the-springer-international-series-in.pdf
    • http://www.gorillawalker.com/the-mishap-lineage-transforming-confusion-into-wisdom.pdf
    • http://www.gorillawalker.com/taliban.pdf
    • http://www.gorillawalker.com/the-gift-to-be-simple.pdf
    • http://www.gorillawalker.com/gace-special-education-mathematics-and-science-secrets-study-guide-gace.pdf
    • http://www.gorillawalker.com/advanced-low-cost-medical-technology-chinese-edition.pdf
    • http://www.gorillawalker.com/now-that-you-know-what-every-parent-should-know-about.pdf
    • http://www.gorillawalker.com/find-your-happy.pdf
    • http://www.gorillawalker.com/from-the-footsteps-of-lewis-and-clark-to-the-lands.pdf
    • http://www.gorillawalker.com/creepy-creatures-goosebumps-graphix.pdf
    • http://www.gorillawalker.com/a-primer-of-applied-radiation-physics.pdf
    • http://www.gorillawalker.com/hague-yearbook-of-international-law-volume-15-2002-hague-yearbook.pdf
    • http://www.gorillawalker.com/hush-hush-1-volume-1.pdf
    • http://www.gorillawalker.com/the-girl-in-the-portrait.pdf
    • http://www.gorillawalker.com/the-diet-cure-the-8-step-program-to-rebalance-your.pdf
    • http://www.gorillawalker.com/the-egg-and-the-flame.pdf
    • http://www.gorillawalker.com/the-screwtape-letters-special-illustrated-edition.pdf
    • http://www.gorillawalker.com/henry-ford-the-people-s-carmaker-what-s-their-story.pdf
    • http://www.gorillawalker.com/organic-reactions-organic-reactions-volume-69.pdf
    • http://www.gorillawalker.com/dragons-monsters-and-mythical-creatures.pdf
    • http://www.gorillawalker.com/business-cyberbullies-and-how-to-fight-back-self-counsel-business.pdf
    • http://www.gorillawalker.com/mapeasy-s-guidemap-to-napa-sonoma.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.