Malicious PDF — malware analysis report

Static analysis result for SHA-256 f7b9ab4fd657424e…

MALICIOUS

PDF

40.5 KB Created: 2018-12-07 18:27:48 +03:00 Authoring application: dvipsk 5.58f Copyright 1986, 1994 Radical Eye Software (via Acrobat Distiller 3.0 f r Macintosh)
MD5: 17f07cfe08a3e3c058659fec5a2ac366 SHA-1: 32811464a0018bda647bd7b29453a1920ea8c752 SHA-256: f7b9ab4fd657424e4549ac7584fab83bc4df9ff0c9c512352953cb755ffeda77
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF file contains a large number of embedded external links, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged the document as malicious with a high probability. The document body is heavily obfuscated and unreadable, but the presence of numerous links to PDF files on the same domain suggests a link farm or a method to distribute further malicious content. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/mormonism-and-early-christianity-collected-works-of-hugh-nibley.pdf
    • http://www.gorillawalker.com/clinician-s-thesaurus-the-guide-to-conducting-interviews-and-writing.pdf
    • http://www.gorillawalker.com/your-dream-of-recovery-dream-interpretation-and-the-12-steps.pdf
    • http://www.gorillawalker.com/methaqualone-encyclopedia-of-psychoactive-drugs.pdf
    • http://www.gorillawalker.com/off-the-chain-an-insider-s-history-of-snowboarding-paperback.pdf
    • http://www.gorillawalker.com/liability-for-oil-pollution-and-collisions-maritime-law-series.pdf
    • http://www.gorillawalker.com/ecotheology-voices-from-south-and-north.pdf
    • http://www.gorillawalker.com/being-a-good-citizen-acorn-read-aloud-citizenship.pdf
    • http://www.gorillawalker.com/book-publishing-in-the-u-s-s-r-reports-of.pdf
    • http://www.gorillawalker.com/airbus-jetliners-enthusiast-color-series.pdf
    • http://www.gorillawalker.com/o-brother-where-art-thou-faber-and-faber-screenplays.pdf
    • http://www.gorillawalker.com/medicine-and-politics-in-colonial-peru-population-growth-and-the.pdf
    • http://www.gorillawalker.com/everyday-idioms-1-for-reference-and-practice-everyday-idioms-for.pdf
    • http://www.gorillawalker.com/ghost-town-beacon-street-girls.pdf
    • http://www.gorillawalker.com/leyendo-el-carnaval-miradas-desde-barranquilla-bah-a-y-barcelona.pdf
    • http://www.gorillawalker.com/designs-for-lamps-18-small-to-medium-stained-glass-lampshades.pdf
    • http://www.gorillawalker.com/the-dinosaur-hunter-s-kit-discover-the-traces-of-a.pdf
    • http://www.gorillawalker.com/history-of-the-german-general-staff-1657-1945.pdf
    • http://www.gorillawalker.com/cruel-miracles.pdf
    • http://www.gorillawalker.com/the-awakening-of-faith-attributed-to-asvaghosha-translations-from-the.pdf
    • http://www.gorillawalker.com/pop-tarts-volume-1.pdf
    • http://www.gorillawalker.com/winterland-a-novel.pdf
    • http://www.gorillawalker.com/the-dadly-virtues-adventures-in-the-worst-job-you-ll.pdf
    • http://www.gorillawalker.com/love-in-a-headscarf.pdf
    • http://www.gorillawalker.com/the-radiology-technologist-s-handbook-to-surgical-procedures.pdf
    • http://www.gorillawalker.com/kosher-kards-spread-good-schmear.pdf
    • http://www.gorillawalker.com/v-22-ospreys-torque-books-military-machines.pdf
    • http://www.gorillawalker.com/quiet-time-for-soprano-or-tenor-saxophone-and-piano.pdf
    • http://www.gorillawalker.com/a-light-to-the-gentiles.pdf
    • http://www.gorillawalker.com/500-jigsaw-sudoku-9x9-volume-1.pdf
    • http://www.gorillawalker.com/york-popoutmap-single-popout-map-york-folded-map-map.pdf
    • http://www.gorillawalker.com/the-third-twin-random-house-large-print.pdf
    • http://www.gorillawalker.com/renacida-diarios-tempranos-1947-1964-spanish-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/va-et-poste-une-sentinelle-roman-traduit-de-l-anglais.pdf
    • http://www.gorillawalker.com/geography-of-the-world.pdf
    • http://www.gorillawalker.com/goodbye-uncertainty-the-lost-found-series-book-3.pdf
    • http://www.gorillawalker.com/imagining-the-nation-nationalism-sectarianism-and-socio-political-conflict-in.pdf
    • http://www.gorillawalker.com/the-chrome-book-fourth-edition-the-essential-guide-to-cloud.pdf
    • http://www.gorillawalker.com/albania-travel-guide-sightseeing-hotel-restaurant-shopping-highlights.pdf
    • http://www.gorillawalker.com/concordia-curriculum-guide-grade-7-health.pdf
    • http://www.gorillawalker.com/ecotheology-voices-from-
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.