Malicious PDF — malware analysis report

Static analysis result for SHA-256 f58416f3d25fd469…

MALICIOUS

PDF

42.8 KB Created: 2018-11-23 08:00:44 +03:00 Authoring application: Acrobat PDFMaker 7.0 for Word (via Acrobat Distiller 7.0 (Windows))
MD5: 96c5362f2b3100ef83cff8547e002f0b SHA-1: 2550fe6403e6cdd5779ad6ab9766824f6635247c SHA-256: f58416f3d25fd469e4bbb74b6be21198aa8bdbc360443ea0d145aa4ed757fe29
90 Risk Score

Malware Insights

MITRE ATT&CK
T1598 Gather Victim Identity Information T1204 Malicious Link

The PDF file was flagged by a machine learning classifier as malicious. Static analysis revealed a large number of embedded URLs pointing to external PDF files, consistent with a link farm or SEO poisoning attack. The document body was heavily obfuscated and did not provide further clues.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/introduction-to-evidence-based-practice-a-practical-guide-for-nursing.pdf
    • http://www.gorillawalker.com/navy-combat-aircraft-and-pilots-aircraft-enslow.pdf
    • http://www.gorillawalker.com/classic-reproducibles-addition-subtraction-1-10-grades-1-2-frank.pdf
    • http://www.gorillawalker.com/the-politics-of-high-tech-growth-developmental-network-states-in.pdf
    • http://www.gorillawalker.com/empire-z-game-how-to-download-for-kindle-fire-hd.pdf
    • http://www.gorillawalker.com/typoholic-material-types-in-design.pdf
    • http://www.gorillawalker.com/evaluation-of-lightweight-composite-impact-resistant-tail-rotor-drive-shafting.pdf
    • http://www.gorillawalker.com/the-secret-garden-penguin-young-readers-l3.pdf
    • http://www.gorillawalker.com/disability-studies-a-reader.pdf
    • http://www.gorillawalker.com/flora-of-dorsetshire-or-a-catalogue-of-plants-found-in.pdf
    • http://www.gorillawalker.com/the-story-of-joseph-and-the-family-of-jacob.pdf
    • http://www.gorillawalker.com/barron-s-ged-writing-workbook-barron-ged-writing-workbk-2.pdf
    • http://www.gorillawalker.com/largemouth-bass-fish-game.pdf
    • http://www.gorillawalker.com/the-long-shadow-of-antiquity-what-have-the-greeks-and.pdf
    • http://www.gorillawalker.com/the-forest-of-time-and-other-stories.pdf
    • http://www.gorillawalker.com/puffins-climb-penguins-rhyme.pdf
    • http://www.gorillawalker.com/perfect-parties-kindle-edition.pdf
    • http://www.gorillawalker.com/the-days-of-noah-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/critique-social-media-and-the-information-society.pdf
    • http://www.gorillawalker.com/the-complete-titanic-from-the-ship-s-earliest-blueprints-to.pdf
    • http://www.gorillawalker.com/a-touch-morbid-touch-mortal-trilogy.pdf
    • http://www.gorillawalker.com/vegetarian-recipes-top-200-vegetarian-recipes-cookbook-vegetarian-vegetarian-cookbook.pdf
    • http://www.gorillawalker.com/and-west-is-west.pdf
    • http://www.gorillawalker.com/a-taste-for-hot-steel-frontline-encounters-of-a-foreign.pdf
    • http://www.gorillawalker.com/the-coconut-oil-cure-the-essential-guide-to-healing-your.pdf
    • http://www.gorillawalker.com/a-comprehensive-approach-to-child-sexual-abuse-investigations.pdf
    • http://www.gorillawalker.com/the-railway-detective-inspector-robert-colbeck.pdf
    • http://www.gorillawalker.com/holberg-suite-op-40-edvard-grieg-transcription-for-mandolin-orchestra.pdf
    • http://www.gorillawalker.com/the-musical-brain.pdf
    • http://www.gorillawalker.com/fast-simple-fresh-gluten-free-recipes-for-soups-appetizers-deliciously.pdf
    • http://www.gorillawalker.com/grand-gulch-cedar-mesa-plateau-blm-monticello-field-office-national.pdf
    • http://www.gorillawalker.com/7075-panzer-vor-7-concord-armor-at-war-series.pdf
    • http://www.gorillawalker.com/brunswick-gardens-charlotte-thomas-pitt-novels.pdf
    • http://www.gorillawalker.com/thick-film-sensors-volume-1-handbook-of-sensors-and-actuators.pdf
    • http://www.gorillawalker.com/sounds-like-home-growing-up-black-and-deaf-in-the.pdf
    • http://www.gorillawalker.com/neutrino-astrophysics.pdf
    • http://www.gorillawalker.com/construction-project-management-planning-and-scheduling.pdf
    • http://www.gorillawalker.com/the-silver-spike-the-chronicles-of-the-black-company.pdf
    • http://www.gorillawalker.com/ditka-the-player-the-coach-the-chicago-bears-legend-kindle.pdf
    • http://www.gorillawalker.com/the-robot-dynamic-the-theory-of-banging-book-1.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.