Malicious PDF — malware analysis report

Static analysis result for SHA-256 f038cdea1fc9cea4…

MALICIOUS

PDF

41.9 KB Created: 2019-04-09 05:10:17 +03:00 Authoring application: AH Formatter V5.3 MR1 for Windows (via Acrobat Distiller 8.1.0 (Windows))
MD5: 161e7d6bb1dbba6b3931ab1cd885a948 SHA-1: 77a3242530adb02fe65b2402b723710582eb68e2 SHA-256: f038cdea1fc9cea4d4bce62b68fbcc09036e98a9fd78b97e81f11a8225e2d6a7
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF was flagged by a critical heuristic for containing a mass external PDF link farm, with 32 links pointing to various external PDFs. The ML classifier also indicated a high probability of maliciousness. The document body contains numerous URLs, all pointing to the same domain, suggesting a coordinated effort to distribute links. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/diccionario-biblico-ilustrado-holman-spanish-edition.pdf
    • http://www.gorillawalker.com/crc-dictionary-of-agricultural-sciences.pdf
    • http://www.gorillawalker.com/hitler-s-charisma-leading-millions-into-the-abyss.pdf
    • http://www.gorillawalker.com/collage-playground-a-fresh-approach-to-creating-mixed-media-art.pdf
    • http://www.gorillawalker.com/wrist-tattoos-for-women-designs-ideas-tattoo-design-collection.pdf
    • http://www.gorillawalker.com/australian-residential-property-development-a-step-by-step-guide-for.pdf
    • http://www.gorillawalker.com/tart-cards-london-s-illicit-advertising-art.pdf
    • http://www.gorillawalker.com/making-music-improvisation-for-organists.pdf
    • http://www.gorillawalker.com/oso-creek-flood-control-project-area-nueces-county-texas-a.pdf
    • http://www.gorillawalker.com/ripple-a-short-story.pdf
    • http://www.gorillawalker.com/secrets-of-chilean-cuisine.pdf
    • http://www.gorillawalker.com/paediatric-epilepsy-syndromes-and-their-surgical-treatment.pdf
    • http://www.gorillawalker.com/advances-in-boundary-element-methods-for-fracture-mechanics.pdf
    • http://www.gorillawalker.com/race-place-and-poverty-ethnic-groups-and-low-income-distribution.pdf
    • http://www.gorillawalker.com/advanced-vocal-technique-middle-voice-placement-styles-essential-concepts.pdf
    • http://www.gorillawalker.com/i-love-you-night-and-day.pdf
    • http://www.gorillawalker.com/soul-soldiers-african-americans-and-the-vietnam-era-limited-edition.pdf
    • http://www.gorillawalker.com/earn-15-000-or-more-per-year-in-life-income.pdf
    • http://www.gorillawalker.com/shooters-the-toughest-men-in-professional-wrestling-kindle-edition.pdf
    • http://www.gorillawalker.com/there-is-only-the-earth-images-from-the-armenian-diaspora.pdf
    • http://www.gorillawalker.com/books-9787802326637-genuine-globalization-and-financial-administrative-law-protecting-consumer.pdf
    • http://www.gorillawalker.com/black-males-left-behind.pdf
    • http://www.gorillawalker.com/while-the-light-lasts-hercule-poirot-series.pdf
    • http://www.gorillawalker.com/aram-khachaturian-sabre-dance-from-the-ballet-gayaneh.pdf
    • http://www.gorillawalker.com/thinking-on-paper.pdf
    • http://www.gorillawalker.com/psyche-moon-volume-1.pdf
    • http://www.gorillawalker.com/thomas-in-the-snow-mini-pops.pdf
    • http://www.gorillawalker.com/au-revoir-crazy-european-chick.pdf
    • http://www.gorillawalker.com/unhallowed-dungeons-dragons-miniatures-booster-pack.pdf
    • http://www.gorillawalker.com/esntls-of-compl-denture-prosthodontics.pdf
    • http://www.gorillawalker.com/commodity-futures-trading-with-point-and-figure-charts.pdf
    • http://www.gorillawalker.com/the-autumn-garden.pdf
    • http://www.gorillawalker.com/cataloging-theory-and-practice-of-overseas-cooperation.pdf
    • http://www.gorillawalker.com/samizdat-book-and-installation-art-from-central-and-eastern-europe.pdf
    • http://www.gorillawalker.com/10-more-actual-official-recent-lsat-preptests-official-lsat-preptests.pdf
    • http://www.gorillawalker.com/plato-s-republic-a-dialogue-in-16-chapters.pdf
    • http://www.gorillawalker.com/channel-1-releasing-catalina-men-iconic-cocks-2011-wall-calendar.pdf
    • http://www.gorillawalker.com/the-disconnected-generation.pdf
    • http://www.gorillawalker.com/alexander-fleming-trailblazers-of-the-modern-world.pdf
    • http://www.gorillawalker.com/fink-muller-rusch-quick-steps-to-note-reading-book-3.pdf
    • http://www.gorillaw
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.