Malicious PDF — malware analysis report

Static analysis result for SHA-256 ed4d0ba5b5770833…

MALICIOUS

PDF

40.3 KB Created: 2019-02-12 19:46:41 +03:00 Authoring application: Adobe InDesign CS4 (6.0.4) (via Adobe PDF Library 9.0)
MD5: 9ca8033b292b6a137343ddec5c712093 SHA-1: 3a661ee3b3d4a833588c463c0655f21368293a84 SHA-256: ed4d0ba5b5770833d21d2788b19e3e4d08e84710408021e740738f7c3ce1f8de
90 Risk Score

Malware Insights

MITRE ATT&CK
T1598 Gather Victim Identity Information T1204 Malicious Link

The PDF contains a large number of external links, identified by the PDF_SEO_LINK_FARM heuristic. The ML_NYX_PDF_MALICIOUS heuristic also flagged the document as malicious. The embedded URLs point to a domain that appears to be used for hosting numerous PDF files, suggesting a link farm or a distribution point for potentially malicious documents.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8872

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/rigby-on-our-way-to-english-leveled-reader-level-c.pdf
    • http://www.gorillawalker.com/how-to-write-it-third-edition-a-complete-guide-to.pdf
    • http://www.gorillawalker.com/no-such-thing-a-san-francisco-gold-rush-romance-gold.pdf
    • http://www.gorillawalker.com/the-cambridge-history-of-latin-america-volume-6-part-2.pdf
    • http://www.gorillawalker.com/essentials-for-nursing-assistants-second-edition-workbook-and-textbook-w.pdf
    • http://www.gorillawalker.com/clementina-suarez-her-life-and-poetry.pdf
    • http://www.gorillawalker.com/silence-inspector-celcius-daly.pdf
    • http://www.gorillawalker.com/catchpenny-cactus-heart.pdf
    • http://www.gorillawalker.com/magna-carta-a-commentary-on-the-great-charter-of-king.pdf
    • http://www.gorillawalker.com/hockey-night-in-transcona-lorimer-sports-stories.pdf
    • http://www.gorillawalker.com/perry-s-killer-playlist.pdf
    • http://www.gorillawalker.com/filhos-de-duna-cr-nicas-de-duna-portuguese-edition.pdf
    • http://www.gorillawalker.com/secrets-of-the-grand-canyon.pdf
    • http://www.gorillawalker.com/divided-desires-1-a-femdom-alpha-male-switch-erotic-romance.pdf
    • http://www.gorillawalker.com/the-enchanter-an-adventure-in-the-land-of-nabokov.pdf
    • http://www.gorillawalker.com/the-sensory-sensitive-child-practical-solutions-for-out-of-bounds.pdf
    • http://www.gorillawalker.com/silent-mercy-alex-cooper-book-13.pdf
    • http://www.gorillawalker.com/psychological-testing-history-principles-and-applications-5th-edition.pdf
    • http://www.gorillawalker.com/making-quality-work-a-leadership-guide-for-the-results-driven.pdf
    • http://www.gorillawalker.com/the-robot-builder-s-bonanza-99-inexpensive-robotics-projects.pdf
    • http://www.gorillawalker.com/sequoias-images.pdf
    • http://www.gorillawalker.com/a-basin-analysis-case-study-the-morrison-formation-grants-uranium.pdf
    • http://www.gorillawalker.com/we-didn-t-mean-to-go-to-sea-aurora-new.pdf
    • http://www.gorillawalker.com/fire-engines-community-vehicles.pdf
    • http://www.gorillawalker.com/biology-of-horseshoe-crabs.pdf
    • http://www.gorillawalker.com/military-aircraft-1914-to-the-present-day.pdf
    • http://www.gorillawalker.com/behind-the-wall-palestinians-under-occupation.pdf
    • http://www.gorillawalker.com/introduction-to-probability-and-statistics-for-engineers.pdf
    • http://www.gorillawalker.com/great-deep-the-sea-and-its-thresholds.pdf
    • http://www.gorillawalker.com/clerical-administrative-support-positions-passbooks.pdf
    • http://www.gorillawalker.com/light-science-alive.pdf
    • http://www.gorillawalker.com/the-zoo-quest-expeditions-travels-in-guyana-indonesia-and-paraguay.pdf
    • http://www.gorillawalker.com/tuscany-umbria-adventure-guide-adventure-guides-kindle-edition.pdf
    • http://www.gorillawalker.com/aeschyli-persae-latin-edition.pdf
    • http://www.gorillawalker.com/feeling-good-about-me-activity-book.pdf
    • http://www.gorillawalker.com/oil-market-prices.pdf
    • http://www.gorillawalker.com/parajita-pakistani-jenareladera-drshtite-muktijuddha-bengali-edition.pdf
    • http://www.gorillawalker.com/psychology-and-law-psychology-crime-and-law.pdf
    • http://www.gorillawalker.com/tornado-the-strongest-winds-on-earth-cover-to-cover-books.pdf
    • http://www.gorillawalker.com/claimed-the-warriors-of-nur-book-1-kindle-edition.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.