Malicious PDF — malware analysis report

Static analysis result for SHA-256 e9f6898e559d284c…

MALICIOUS

PDF

42.8 KB Created: 2018-11-23 08:04:52 +03:00 Authoring application: QuarkXPress(R) 7.01
MD5: 034749fdd80d2c9d73bdf79b28de69c9 SHA-1: 41bca2f18d1e05917660e39e8616fb9575bf7290 SHA-256: e9f6898e559d284c15392a585b14aa171edbaf9a9e252749561bec5f097eda5d
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a significant number of embedded URLs pointing to other PDF documents hosted on the same domain, as indicated by the PDF_SEO_LINK_FARM heuristic. This suggests a link farm or a distribution mechanism for potentially malicious content. The ML_NYX_PDF_MALICIOUS heuristic further supports the malicious nature of the file. No scripts were extracted, and the document body was heavily obfuscated, limiting further analysis of the specific lure.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-spectacular-difference-selected-poems-of-zelda.pdf
    • http://www.gorillawalker.com/profile-leaders-of-the-opposition-of-saint-lucia-volume-3.pdf
    • http://www.gorillawalker.com/endometriosis-current-management-and-future-trends.pdf
    • http://www.gorillawalker.com/textbook-of-physical-diagnosis-history-and-examination-with-student-consult.pdf
    • http://www.gorillawalker.com/suddenly-shifters-volume-2-suddenly-bear-suddenly-bear-too-siren.pdf
    • http://www.gorillawalker.com/the-structures-of-the-life-world-volume-2.pdf
    • http://www.gorillawalker.com/business-process-change-second-edition-a-guide-for-business-managers.pdf
    • http://www.gorillawalker.com/landmark-visitor-guide-yorkshire-dales-landmark-visitors-guide-yorkshire-dales.pdf
    • http://www.gorillawalker.com/a-demon-in-the-desert-grimluk-demon-hunter-volume-1.pdf
    • http://www.gorillawalker.com/juicing-for-beginner-s-how-to-juice-your-way-to.pdf
    • http://www.gorillawalker.com/lone-rangers-an-english-club-s-century-in-scottish-football.pdf
    • http://www.gorillawalker.com/learnsmart-access-card-for-essentials-of-the-living-world.pdf
    • http://www.gorillawalker.com/the-politics-of-musical-identity-selected-essays-ashgate-contemporary-thinkers.pdf
    • http://www.gorillawalker.com/colour-book-of-stamp-collecting.pdf
    • http://www.gorillawalker.com/forensics-book-3-forensics-series.pdf
    • http://www.gorillawalker.com/eyewitness-plant-dk-eyewitness-books.pdf
    • http://www.gorillawalker.com/tammy-damulkurra.pdf
    • http://www.gorillawalker.com/meryl-streep-anatomy-of-an-actor.pdf
    • http://www.gorillawalker.com/la-gymnastique-gymnastics-in-action-sans-limites-sports-in-action.pdf
    • http://www.gorillawalker.com/one-kink-at-a-time-amanda-s-kinkdom-book-2.pdf
    • http://www.gorillawalker.com/bronchiectasis-my-journey-kindle-edition.pdf
    • http://www.gorillawalker.com/mosby-s-guide-to-nursing-diagnosis-3e-early-diagnosis-in.pdf
    • http://www.gorillawalker.com/yag-laser-bronchoscopy.pdf
    • http://www.gorillawalker.com/the-coloring-book-a-comedian-solves-race-relations-in-america.pdf
    • http://www.gorillawalker.com/passwords-science-vocabulary-level-a.pdf
    • http://www.gorillawalker.com/carmen-fantasy-for-two-pianos.pdf
    • http://www.gorillawalker.com/insomnios-absurdos-veintid.pdf
    • http://www.gorillawalker.com/la-cuisine-optimiste-french-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/argentina-las-grandes-estancias.pdf
    • http://www.gorillawalker.com/baahemaa-nana-wo-di-bem-kindle-edition.pdf
    • http://www.gorillawalker.com/historical-tours-gettysburg-trace-the-path-of-america-s-heritage.pdf
    • http://www.gorillawalker.com/principles-methods-and-application-of-particle-size-analysis.pdf
    • http://www.gorillawalker.com/essential-mathematics-for-political-and-social-research-analytical-methods-for.pdf
    • http://www.gorillawalker.com/bouncing-back-rewiring-your-brain-for-maximum-resilience-and-well.pdf
    • http://www.gorillawalker.com/the-hitchhiker-s-guide-to-the-oceans-crewing-around-the.pdf
    • http://www.gorillawalker.com/fungi-from-yuggoth.pdf
    • http://www.gorillawalker.com/dynamic-analyses-of-suspension-bridge-structures.pdf
    • http://www.gorillawalker.com/first-contact-terran-chronicles-universe-volume-1.pdf
    • http://www.gorillawalker.com/world-class-speaking-the-ultimate-guide-to-presenting-marketing-and.pdf
    • http://www.gorillawalker.com/polymeric-delivery-systems-properties-and-applications-acs-symposium-series.pdf
    • http://www.gorillawalker.com/business-process-change-second-edition-a-guide-for-business-manage
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.