Malicious PDF — malware analysis report

Static analysis result for SHA-256 f71cb8620ee77c9f…

MALICIOUS

PDF

45.0 KB Created: 2018-11-14 11:32:07 +03:00 Authoring application: Word (via Mac OS X 10.7.5 Quartz PDFContext)
MD5: 9e50a7a7d36b260b14104861d3cad5e9 SHA-1: 0e67a087f88bb375c26b61a17e02f25c40863216 SHA-256: f71cb8620ee77c9f83846d85d582cb7c049ff383f3914424cc64592bad2e631e
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged this as malicious. The document body is heavily obfuscated and does not provide clear textual lures, but the sheer volume of links suggests a malicious intent, possibly for SEO manipulation or to distribute further malware. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8640

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/king-s-2003-street-atlas-twin-cities-metro.pdf
    • http://www.gorillawalker.com/solving-enterprise-applications-performance-puzzles-queuing-models-to-the-rescue.pdf
    • http://www.gorillawalker.com/incredible-curious-creatures-strange-weird-wacky-stuff.pdf
    • http://www.gorillawalker.com/lego-friends-andrea-s-new-horse.pdf
    • http://www.gorillawalker.com/a-treatise-on-the-art-of-boiling-sugar-crystallizing-lozenge.pdf
    • http://www.gorillawalker.com/citizenship-in-bosnia-and-herzegovina-macedonia-and-montenegro-effects-of.pdf
    • http://www.gorillawalker.com/that-thing-you-do-whispering-bay-romance-book-1-kindle.pdf
    • http://www.gorillawalker.com/stalked-a-mystery-suspense-cop-thriller-alexis-fields-thrill-series.pdf
    • http://www.gorillawalker.com/the-rebirth-of-anthropological-theory.pdf
    • http://www.gorillawalker.com/canada-s-maple-leaf-the-story-of-our-flag.pdf
    • http://www.gorillawalker.com/reproduction-larval-biology-and-recruitment-of-the-deep-sea-benthos.pdf
    • http://www.gorillawalker.com/lily-reaktion-books-botanical.pdf
    • http://www.gorillawalker.com/srimad-bhagavad-gita-with-original-sanskrit-and-hindi-translation.pdf
    • http://www.gorillawalker.com/much-ado-about-nothing-rsc-shakespeare.pdf
    • http://www.gorillawalker.com/william-faulkner-and-southern-history.pdf
    • http://www.gorillawalker.com/mr-magorium-s-paper-airplane-designs-mr-magorium-s-wonder.pdf
    • http://www.gorillawalker.com/play-in-childhood.pdf
    • http://www.gorillawalker.com/oecd-green-growth-studies-compact-city-policies-korea-towards-sustainable.pdf
    • http://www.gorillawalker.com/stormwalker-stormwalker-series-book-1.pdf
    • http://www.gorillawalker.com/the-low-g-string-tuning-ukulele-softcover-book-and-cd.pdf
    • http://www.gorillawalker.com/the-bike-book-complete-bicycle-maintenance-haynes-6th-sixth-revised.pdf
    • http://www.gorillawalker.com/the-digital-filmmaking-workshops-producing-marketing-and-screening-your-independent.pdf
    • http://www.gorillawalker.com/how-to-sell-art-to-interior-designers-learn-new-ways.pdf
    • http://www.gorillawalker.com/health-assessment-for-nursing-practice-text-and-mosby-s-nursing.pdf
    • http://www.gorillawalker.com/prairie-farms-and-prairie-folk.pdf
    • http://www.gorillawalker.com/the-2011-import-and-export-market-for-vehicles-specially-designed.pdf
    • http://www.gorillawalker.com/regime-change-and-succession-politics-in-africa-five-decades-of.pdf
    • http://www.gorillawalker.com/an-introduction-to-visual-culture.pdf
    • http://www.gorillawalker.com/a-good-man-becoming.pdf
    • http://www.gorillawalker.com/workbook-for-world-link-book-1-bk-2.pdf
    • http://www.gorillawalker.com/readings-in-modern-dance-vol-1.pdf
    • http://www.gorillawalker.com/culture-shock-japan-a-survival-guide-to-customs-and-etiquette.pdf
    • http://www.gorillawalker.com/the-xenophobe-s-guide-to-the-danes-xenophobe-s-guides.pdf
    • http://www.gorillawalker.com/archival-appraisal.pdf
    • http://www.gorillawalker.com/solar-power-for-your-home-green-guru-guides.pdf
    • http://www.gorillawalker.com/self-reference-and-modal-logic-universitext.pdf
    • http://www.gorillawalker.com/movie-songs-for-clarinet.pdf
    • http://www.gorillawalker.com/opening-nato-s-door.pdf
    • http://www.gorillawalker.com/a-world-of-secrets-the-uses-and-limits-of-intelligence.pdf
    • http://www.gorillawalker.com/roadshow-the-marketing-of-corporate-finance.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.