Malicious PDF — malware analysis report

Static analysis result for SHA-256 f0e4dfc9f3ed48b2…

MALICIOUS

PDF

45.5 KB Created: 2019-03-17 12:30:45 +03:00 Authoring application: Writer (via LibreOffice 4.2)
MD5: b02a7c1dd961fedb996eb7a255ce35f8 SHA-1: db930e4129ec1646801db7145d71c5ae23e89aab SHA-256: f0e4dfc9f3ed48b2e2588a7e07efdc5fee59c1461d750e1474c478229de7ca72
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged this PDF as malicious. The document body itself is heavily obfuscated and does not provide clear user-facing text, but the presence of numerous links suggests a tactic to manipulate search engine results or to distribute further malicious content. The primary IOCs are the URLs pointing to these external PDFs.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8974

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/holt-elements-of-language-student-edition-grade-8-2007.pdf
    • http://www.gorillawalker.com/the-dao-of-taijiquan-way-to-rejuvenation-tai-chi.pdf
    • http://www.gorillawalker.com/joseph-and-the-amazing-technicolor-dreamcoat-score.pdf
    • http://www.gorillawalker.com/yao-ming-the-road-to-the-nba.pdf
    • http://www.gorillawalker.com/reading-wine-and-other-stories-and-poems-the-winners-anthology.pdf
    • http://www.gorillawalker.com/dorland-s-illustrated-medical-dictionary-30th-edition.pdf
    • http://www.gorillawalker.com/my-name-is-mitch.pdf
    • http://www.gorillawalker.com/mainframe-assembler-programming.pdf
    • http://www.gorillawalker.com/arbitration-and-dispute-resolution-law-journal-bv-1997.pdf
    • http://www.gorillawalker.com/violinschule-violin-tutor-m-thode-de-violon-heged-iskola-iv.pdf
    • http://www.gorillawalker.com/to-the-wilderness-a-memoir.pdf
    • http://www.gorillawalker.com/your-brain-on-love-the-neurobiology-of-healthy-relationships.pdf
    • http://www.gorillawalker.com/fat-girl-in-a-strange-land.pdf
    • http://www.gorillawalker.com/by-author-vocabulary-workshop-enriched-edition-2013-test-booklet-form.pdf
    • http://www.gorillawalker.com/a-guide-for-institutions-interested-in-creating-new-physician-assistant.pdf
    • http://www.gorillawalker.com/insights-on-revelation-swindoll-s-living-insights-new-testament-commentary.pdf
    • http://www.gorillawalker.com/memorial-day-let-s-celebrate-american-holidays.pdf
    • http://www.gorillawalker.com/the-rise-and-fall-of-the-third-reich-a-history.pdf
    • http://www.gorillawalker.com/multimedia-and-communications-technology.pdf
    • http://www.gorillawalker.com/the-abbess-of-andalusia-flannery-o-connor-s-spiritual-journey.pdf
    • http://www.gorillawalker.com/aerodynamics-of-the-helecopter.pdf
    • http://www.gorillawalker.com/drunk-driving-compact-research-series.pdf
    • http://www.gorillawalker.com/public-speaking-for-college-career.pdf
    • http://www.gorillawalker.com/tales-of-durga-kindle-edition.pdf
    • http://www.gorillawalker.com/call-to-battle-scrapyard-ship-book-7-unabridged-audible-audio.pdf
    • http://www.gorillawalker.com/coin-and-money-magic.pdf
    • http://www.gorillawalker.com/wish-you-were-here-an-essential-guide-to-your-favorite.pdf
    • http://www.gorillawalker.com/organizations-structures-processes-and-outcomes.pdf
    • http://www.gorillawalker.com/the-practice-of-public-relations-prac-of-public-relations-11.pdf
    • http://www.gorillawalker.com/popular-potatoes-100-easy-and-delicious-recipes.pdf
    • http://www.gorillawalker.com/oral-pathology-as-a-university-discipline-the-nature-and-relevance.pdf
    • http://www.gorillawalker.com/infertility-pipeline-review-q4-2010-download-pdf-digital.pdf
    • http://www.gorillawalker.com/dark-connections.pdf
    • http://www.gorillawalker.com/practical-hints-on-playing-the-trombone.pdf
    • http://www.gorillawalker.com/mccarran-bill-hearing-begins-mccarran-ferguson-act-exempting-insurance-companies.pdf
    • http://www.gorillawalker.com/ergodic-theory-groups-and-geometry-nsf-cbms-regional-research-conferences.pdf
    • http://www.gorillawalker.com/a-garland-of-satire-wisdom-and-history-latin-verse-from.pdf
    • http://www.gorillawalker.com/keyboard-anthology-first-series-book-iii-keyboard-anthologies-abrsm-bk.pdf
    • http://www.gorillawalker.com/video-transit-training-for-older-travelers-a-case-study-of.pdf
    • http://www.gorillawalker.com/from-manassas-to-appomattox-memoirs-of-the-civil-war-in.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.