Malicious PDF — malware analysis report

Static analysis result for SHA-256 f353e6e28c62f4e2…

MALICIOUS

PDF

44.2 KB Created: 2018-12-15 20:07:04 +03:00 Authoring application: God (via Robotic Despoiler 1.0 for Windoze)
MD5: 02bdbb0d7415d7d6f228fd07b3013f39 SHA-1: 2c2ac7b858014942f7c06a85c56660bb0dd458cb SHA-256: f353e6e28c62f4e2fc403d0580f48a9db5b27471c93d45edc614fb0409db3494
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML_NYX_PDF_MALICIOUS heuristic also flagged the document with high confidence. The embedded URLs suggest a link farm or a method to distribute potentially malicious content disguised as legitimate documents. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8439

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/how-to-work-a-room-a-guide-to-successfully-managing.pdf
    • http://www.gorillawalker.com/you-ll-never-know-book-2-collateral-damage-by-c.pdf
    • http://www.gorillawalker.com/framed-women-in-law-and-film.pdf
    • http://www.gorillawalker.com/the-biker-s-pup-kindle-edition.pdf
    • http://www.gorillawalker.com/light-a-gone-novel.pdf
    • http://www.gorillawalker.com/neuroprogression-and-staging-in-bipolar-disorder.pdf
    • http://www.gorillawalker.com/the-language-of-service-encounters-a-pragmatic-discursive-approach.pdf
    • http://www.gorillawalker.com/super-style.pdf
    • http://www.gorillawalker.com/painting-vibrant-watercolors-discover-the-magic-of-light-color-and.pdf
    • http://www.gorillawalker.com/quick-and-easy-methods-to-natural-pest-control-an-ultimate.pdf
    • http://www.gorillawalker.com/a-treatise-on-the-art-of-boiling-sugar.pdf
    • http://www.gorillawalker.com/stinky-bugs-bugs-in-a-box-books.pdf
    • http://www.gorillawalker.com/the-getty-murua-essays-on-the-making-of-martin-de.pdf
    • http://www.gorillawalker.com/new-2015-a-level-physics-ocr-b-year-1-as.pdf
    • http://www.gorillawalker.com/instructional-theories-in-action-lessons-illustrating-selected-theories-and-models.pdf
    • http://www.gorillawalker.com/jews-in-gotham-new-york-jews-in-a-changing-city.pdf
    • http://www.gorillawalker.com/in-his-silks-restrained-book-1-kindle-edition.pdf
    • http://www.gorillawalker.com/reprint-1970-yearbook-edgewater-high-school-orlando-florida.pdf
    • http://www.gorillawalker.com/other-germans-black-germans-and-the-politics-of-race-gender.pdf
    • http://www.gorillawalker.com/urban-airborne-particulate-matter-origin-chemistry-fate-and-health-impacts.pdf
    • http://www.gorillawalker.com/the-distribution-of-prime-numbers-cambridge-mathematical-library.pdf
    • http://www.gorillawalker.com/where-we-got-the-bible-our-debt-to-the-catholic.pdf
    • http://www.gorillawalker.com/expertddx-obstetrics-published-by-amirsys-expertddx-tm.pdf
    • http://www.gorillawalker.com/luis-m-mansilla-emilio-tunon-from-rules-to-constraints.pdf
    • http://www.gorillawalker.com/clean-coal-dirty-air-or-how-the-clean-air-act.pdf
    • http://www.gorillawalker.com/grandmaster-preparation-calculation.pdf
    • http://www.gorillawalker.com/medical-terminology-a-short-course-6th-edition.pdf
    • http://www.gorillawalker.com/work-motivation-past-present-and-future-siop-organizational-frontiers-series.pdf
    • http://www.gorillawalker.com/isis-oracle.pdf
    • http://www.gorillawalker.com/make-this-model-medieval-castle-usborne-cut-out-models.pdf
    • http://www.gorillawalker.com/antwerp-plan-hacha-pocket-atlas-dg-ap-a-520.pdf
    • http://www.gorillawalker.com/on-the-supreme-good-mediaeval-sources-in-translation.pdf
    • http://www.gorillawalker.com/en-mi-pensamiento.pdf
    • http://www.gorillawalker.com/map-freetown-sierra-leone.pdf
    • http://www.gorillawalker.com/the-greek-millionaire-s-secret-child-harlequin-comics.pdf
    • http://www.gorillawalker.com/i-m-not-supposed-to-feel-like-this-a-christian.pdf
    • http://www.gorillawalker.com/tomb-raider-underworld-the-official-guide-prima-official-game-guides.pdf
    • http://www.gorillawalker.com/campi-flegrei-active-volcanoes-of-the-world.pdf
    • http://www.gorillawalker.com/life-animals-picture-puzzle.pdf
    • http://www.gorillawalker.com/william-shakespeare-a-textual-companion.pdf
    • http://www.gorillawalker.com/painti
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.