Malicious PDF — malware analysis report

Static analysis result for SHA-256 e8a276eac1e1a754…

MALICIOUS

PDF

40.6 KB Created: 2018-12-02 10:59:36 +03:00 Authoring application: Acrobat PDFMaker 7.0 for Word (via Acrobat Distiller 7.0 (Windows))
MD5: 8f2ec3fecceae161e8b0f07ac92cdcfd SHA-1: 254ed424b0dc6c4fcfb65cce178752dc1a915a40 SHA-256: e8a276eac1e1a754aefa603a88167f7e854ffea8fd74d5ce6c10285f10b775bd
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF was flagged by a machine learning classifier as malicious and contains a large number of embedded links to external PDF files. The heuristic 'PDF_SEO_LINK_FARM' indicates a mass of external links, suggesting a tactic to manipulate search engine results or distribute content from a central domain. No scripts were extracted from this sample, and the document body was unreadable, so the rationale is based on the PDF structure and embedded URLs.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9027

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/language-and-silence-selected-poems-of-svetlana-marisova.pdf
    • http://www.gorillawalker.com/chapter-49-lessons-and-policy-implications-from-the-global-financial.pdf
    • http://www.gorillawalker.com/the-tarot-game-with-cards.pdf
    • http://www.gorillawalker.com/rescued-by-the-sheikh-harlequin-comics-kindle-edition.pdf
    • http://www.gorillawalker.com/tennessee-farming-tennessee-farmers-antebellum-agriculture-upper-south.pdf
    • http://www.gorillawalker.com/gentlemen-of-decision.pdf
    • http://www.gorillawalker.com/relationships-101-maxwell-john-c.pdf
    • http://www.gorillawalker.com/brazil-rio-de-janeiro-at-night-postcard-c1950.pdf
    • http://www.gorillawalker.com/pedir-a-dios-ask-god-plegarias-mantras-y-oraciones-de.pdf
    • http://www.gorillawalker.com/ap-physics-1-crash-course-book-online-advanced-placement-ap.pdf
    • http://www.gorillawalker.com/true-crime-library-serial-killers.pdf
    • http://www.gorillawalker.com/the-bewitched-viking-viking-i.pdf
    • http://www.gorillawalker.com/adapted-classics-canterbury-tales-se-95c-adapted-classics-series.pdf
    • http://www.gorillawalker.com/santa-s-sleigh-is-on-its-way-to-georgia-a.pdf
    • http://www.gorillawalker.com/a-girl-is-a-half-formed-thing.pdf
    • http://www.gorillawalker.com/precontract-studies.pdf
    • http://www.gorillawalker.com/zero-to-a-billion-61-rules-entrepreneurs-need-to-know.pdf
    • http://www.gorillawalker.com/the-politics-of-nuclear-power-a-history-of-the-shoreham.pdf
    • http://www.gorillawalker.com/pornstar-superhero-volume-1.pdf
    • http://www.gorillawalker.com/beyond-sundown.pdf
    • http://www.gorillawalker.com/the-gold-jewelry-buying-guide.pdf
    • http://www.gorillawalker.com/a-brush-with-the-moon-foxblood-series-book-1-kindle.pdf
    • http://www.gorillawalker.com/marconi-s-battle-for-radio-science-stories-series.pdf
    • http://www.gorillawalker.com/world-link-3-workbook.pdf
    • http://www.gorillawalker.com/sixties-fashion-queen-all-that-jazz.pdf
    • http://www.gorillawalker.com/administration-of-rent-and-mortgage-interest-assistance-report-of-inter.pdf
    • http://www.gorillawalker.com/beyond-paradise.pdf
    • http://www.gorillawalker.com/a-traveller-in-bohemia-and-moravia-a-historical-guide-for.pdf
    • http://www.gorillawalker.com/how-to-write-a-patent-application-2nd-ed-intellectual-property.pdf
    • http://www.gorillawalker.com/spaceman-daddy-a-novel.pdf
    • http://www.gorillawalker.com/dentist-on-the-ward-pocket-notes.pdf
    • http://www.gorillawalker.com/option-grid-oral-medication-for-adults-with-plaque-psoriasis.pdf
    • http://www.gorillawalker.com/how-hot-is-hot-science-projects-with-temperature-hot-science.pdf
    • http://www.gorillawalker.com/poverty-and-politics-the-rise-and-decline-of-the-farm.pdf
    • http://www.gorillawalker.com/world-war-i-chronicle-of-america-s-wars.pdf
    • http://www.gorillawalker.com/variationen.pdf
    • http://www.gorillawalker.com/skillbuilding-building-speed-and-accuracy-on-the-keyboard-student-edition.pdf
    • http://www.gorillawalker.com/plumbing-technology.pdf
    • http://www.gorillawalker.com/el-loro-y-la-higuera-un-cuento-jataka-a-jataka.pdf
    • http://www.gorillawalker.com/school-admissions-code.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.