Malicious PDF — malware analysis report

Static analysis result for SHA-256 e87b438d24c9415e…

MALICIOUS

PDF

41.2 KB Created: 2018-11-26 20:05:52 +03:00 Authoring application: Arbortext 5.4 (via PDFlib+PDI 7.0.4 (Win32))
MD5: acb0fbdae1a34d8b34c325226144e8ba SHA-1: 16c8147ef8d2539226f9e95049d97753cc2a37d6 SHA-256: e87b438d24c9415e66093ca2569e2802a9cd0fdf667722b6b26565be164e9244
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF was flagged by a machine learning classifier and contains a significant number of embedded external links, a technique often used for SEO manipulation or to host further malicious content. The heuristic 'PDF_SEO_LINK_FARM' specifically indicates a mass of external PDF links, with the first identified URL being http://www.gorillawalker.com/the-creative-soul-art-and-the-quest-for-wholeness.pdf. This suggests the document's primary purpose is to act as a lure or a distribution point for other malicious resources.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9027

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-creative-soul-art-and-the-quest-for-wholeness.pdf
    • http://www.gorillawalker.com/dramaturgy-of-sound-in-the-avant-garde-and-postdramatic-theatre.pdf
    • http://www.gorillawalker.com/the-medium-format-advantage-2nd-second-edition.pdf
    • http://www.gorillawalker.com/cu-ndo-podr-empezar-una-nueva-vida.pdf
    • http://www.gorillawalker.com/lo-que-nos-dicen-los-ngeles-encuentra-una-respuesta-espiritual.pdf
    • http://www.gorillawalker.com/tolerance-celebrating-differences-life-skills.pdf
    • http://www.gorillawalker.com/color-atlas-of-dermatology-3e.pdf
    • http://www.gorillawalker.com/coping-with-trauma-hope-through-understanding.pdf
    • http://www.gorillawalker.com/the-spirit-heir-a-dance-of-dragons-volume-2.pdf
    • http://www.gorillawalker.com/history-of-greek-literature-from-homer-to-the-hellenistic-period.pdf
    • http://www.gorillawalker.com/nabucco-vocal-score-giuseppe-verdi-vocal-score-score.pdf
    • http://www.gorillawalker.com/confessions-the-murder-of-an-angel-confessions-4.pdf
    • http://www.gorillawalker.com/bend-with-the-wind-a-novel.pdf
    • http://www.gorillawalker.com/the-negroes-in-negroland-the-negroes-in-america-and-negroes.pdf
    • http://www.gorillawalker.com/one-night-with-the-prince-kindle-edition.pdf
    • http://www.gorillawalker.com/sweet-pipes-seeds-of-discovery-alto-recorder-arrangements.pdf
    • http://www.gorillawalker.com/poverty-and-social-protection-in-indonesia.pdf
    • http://www.gorillawalker.com/simple-and-quick-recipes-chicken.pdf
    • http://www.gorillawalker.com/if-jesus-were-gay-other-poems.pdf
    • http://www.gorillawalker.com/two-troubled-souls-an-eighteenth-century-couple-s-spiritual-journey.pdf
    • http://www.gorillawalker.com/ritmo-lento-libros-del-tiempo-spanish-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/gramatica-y-ortografia-modernas-modern-spelling-and-grammar-spanish-edition.pdf
    • http://www.gorillawalker.com/understanding-anthony-powell-understanding-contemporary-british-literature.pdf
    • http://www.gorillawalker.com/the-welsh-peaks-a-constable-pictorial-guide-for-walkers-and.pdf
    • http://www.gorillawalker.com/printing-ink-manual.pdf
    • http://www.gorillawalker.com/2016-barns-wall-calendar.pdf
    • http://www.gorillawalker.com/newspaper-designer-s-handbook.pdf
    • http://www.gorillawalker.com/export-development-and-promotion-the-role-of-public-organizations.pdf
    • http://www.gorillawalker.com/the-stones-of-athens-princeton-legacy-library.pdf
    • http://www.gorillawalker.com/stray-bullets-volume-5.pdf
    • http://www.gorillawalker.com/activity-based-costing-and-management.pdf
    • http://www.gorillawalker.com/sand-chronicles-vol-6.pdf
    • http://www.gorillawalker.com/effective-software-maintenance-and-evolution-a-reuse-based-approach-kindle.pdf
    • http://www.gorillawalker.com/acute-ischemic-stroke-imaging-and-intervention.pdf
    • http://www.gorillawalker.com/florence-town-centre-maps.pdf
    • http://www.gorillawalker.com/red-invitation-only-book-1.pdf
    • http://www.gorillawalker.com/my-first-french-word-book-english-and-french-edition.pdf
    • http://www.gorillawalker.com/a-basic-foil-companion.pdf
    • http://www.gorillawalker.com/introduction-to-pcm-telemetering-systems-second-edition.pdf
    • http://www.gorillawalker.com/playborhood-turn-your-neighborhood-into-a-place-for-play.pdf
    • http://www.gorillawalker.com/c
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.