Malicious PDF — malware analysis report

Static analysis result for SHA-256 e7cf5ff6e6450a5d…

MALICIOUS

PDF

45.2 KB Created: 2018-11-23 08:00:26 +03:00 Authoring application: Adobe Acrobat 8.13 (via Adobe Acrobat 8.13 Image Conversion Plug-in)
MD5: ad86e5fa4be60e26a461184ed896b0dd SHA-1: 3a2b37bf3f7b28e1bf09d65bb25f8642ac8c967e SHA-256: e7cf5ff6e6450a5de7b77bb0c888fdeeb57a5d528387b26c16926a37540055ea
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links to other PDF files on the same domain, as indicated by the PDF_SEO_LINK_FARM heuristic. This suggests a tactic to manipulate search engine results or to distribute a large volume of content, potentially malicious. The ML classifier also flagged the PDF as malicious. No scripts were extracted, and the document body was not sufficiently readable to determine a specific lure.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8600

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/viking-saga.pdf
    • http://www.gorillawalker.com/the-great-wave-a-children-s-book-inspired-by-hokusai.pdf
    • http://www.gorillawalker.com/the-everything-eating-clean-cookbook-for-vegetarians-includes-fruity-french.pdf
    • http://www.gorillawalker.com/beyblade-vol-3.pdf
    • http://www.gorillawalker.com/african-souls-afrikanische-tiere-mit-seele-tischkalender-2015.pdf
    • http://www.gorillawalker.com/moon-over-manifest-kindle-edition.pdf
    • http://www.gorillawalker.com/combos-for-youth-groups-2-6-month-long-themes-with.pdf
    • http://www.gorillawalker.com/country-living-the-little-book-of-big-decorating-ideas-287.pdf
    • http://www.gorillawalker.com/study-guide-for-foundations-of-nursing-6e.pdf
    • http://www.gorillawalker.com/blood-sex-prayer.pdf
    • http://www.gorillawalker.com/applying-earned-value-management-to-design-bid-build-projects-to.pdf
    • http://www.gorillawalker.com/france-and-flanders-then-and-now.pdf
    • http://www.gorillawalker.com/how-a-lottery-matrix-produces-jackpot-winners-in-the-pick.pdf
    • http://www.gorillawalker.com/structural-and-stress-analysis-third-edition.pdf
    • http://www.gorillawalker.com/morley-s-laws-of-business-and-fund-management.pdf
    • http://www.gorillawalker.com/wjec-eduqas-gcse-english-literature-blood-brothers.pdf
    • http://www.gorillawalker.com/spinal-surgery-written-simply-by-a-spinal-surgeon.pdf
    • http://www.gorillawalker.com/beginning-rock-keyboard-hal-leonard-keyboard-style-series.pdf
    • http://www.gorillawalker.com/canadian-natural-resources-limited-oil-gas-exploration-and-production-operations.pdf
    • http://www.gorillawalker.com/forget-me-not-2-seduced.pdf
    • http://www.gorillawalker.com/usa-today-word-finding-frenzy-200-puzzles.pdf
    • http://www.gorillawalker.com/the-steiner-tree-problem-annals-of-discrete-mathematics.pdf
    • http://www.gorillawalker.com/seville-handbook-footprint-handbooks.pdf
    • http://www.gorillawalker.com/the-unconventional-gluten-free-cookbook-50-gluten-free-grain-free.pdf
    • http://www.gorillawalker.com/paper-crafts-for-day-of-the-dead-paper-craft-fun.pdf
    • http://www.gorillawalker.com/information-as-to-mining-in-rhodesia-volumes-2-3.pdf
    • http://www.gorillawalker.com/the-cinema-of-feng-xiaogang-commercialization-and-censorship-in-chinese.pdf
    • http://www.gorillawalker.com/blood-of-elves-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/as-if-the-oral-history-of-clueless-as-told-by.pdf
    • http://www.gorillawalker.com/how-to-import-from-china-multilingual-edition.pdf
    • http://www.gorillawalker.com/il-est-gu-ri-maintenant-le-poison-french-edition.pdf
    • http://www.gorillawalker.com/one-vintage-a-year-in-the-vineyard.pdf
    • http://www.gorillawalker.com/miller-s-erotic-adventure-kindle-edition.pdf
    • http://www.gorillawalker.com/prep-school-experiment-a-contemporary-ya-romance.pdf
    • http://www.gorillawalker.com/dungeness-crabs-and-blackberry-cobblers-the-northwest-heritage-cookbook-knopf.pdf
    • http://www.gorillawalker.com/the-theory-of-communicative-action-reason-and-the-rationalization-of.pdf
    • http://www.gorillawalker.com/safety-in-welding-cutting-and-allied-processes-ansi-z49-1.pdf
    • http://www.gorillawalker.com/osteoporosis-how-to-prevent-the-brittle-bone-disease.pdf
    • http://www.gorillawalker.com/sacred-aid-faith-and-humanitarianism.pdf
    • http://www.gorillawalker.com/technique-of-organic-chemistry-vol-5-adsorption-and-chromatography.pdf
    • http://www.gorillawalker.com/moon-over-manifest-k
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.