Malicious PDF — malware analysis report

Static analysis result for SHA-256 f7f97ab38174dc0b…

MALICIOUS

PDF

41.4 KB Created: 2018-12-15 08:17:11 +03:00 Authoring application: Adobe InDesign CS4 (6.0.6) (via Adobe PDF Library 9.0)
MD5: e05b1f92c25761510ebcb5d00a521c11 SHA-1: cb1d0f7beddcb6783b211eeeb9f68029ac87ab24 SHA-256: f7f97ab38174dc0b598e00eb848270f5e7e2d3fdf99a73a2d1345abec367667a
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of external links, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged this PDF as malicious with a high probability. The document body is heavily obfuscated and does not provide clear textual content, but the presence of numerous links suggests a redirection or SEO abuse tactic. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/gold-standard-in-international-trade-report-on-the-introduction-of.pdf
    • http://www.gorillawalker.com/the-beastly-pirates.pdf
    • http://www.gorillawalker.com/just-german-shepherds-2015-box-calendar.pdf
    • http://www.gorillawalker.com/verdure.pdf
    • http://www.gorillawalker.com/sleep-disorders-an-alternative-medicine-definitive-guide.pdf
    • http://www.gorillawalker.com/south-east-bus-handbook.pdf
    • http://www.gorillawalker.com/stacy-kellams-probate-possibilities-welcome-to-the-world-of-unlimited.pdf
    • http://www.gorillawalker.com/the-angel-s-command-castaways-of-the-flying-dutchman.pdf
    • http://www.gorillawalker.com/evolution-and-the-big-questions-sex-race-religion-and-other.pdf
    • http://www.gorillawalker.com/data-now-bigger-and-better-prickly-paradigm-press.pdf
    • http://www.gorillawalker.com/perl-by-example-5th-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/the-man-who-bombed-karachi.pdf
    • http://www.gorillawalker.com/implants-in-clinical-dentistry-second-edition.pdf
    • http://www.gorillawalker.com/my-little-blue-robot.pdf
    • http://www.gorillawalker.com/sgt-frog-vol-18.pdf
    • http://www.gorillawalker.com/love-in-play.pdf
    • http://www.gorillawalker.com/the-prince-the-penis-pill-gay-sex-fairy-tales-1.pdf
    • http://www.gorillawalker.com/physicians-desk-reference-2009-pdr-63rd-edition.pdf
    • http://www.gorillawalker.com/the-lord-s-prayer-for-children-baby-blessings.pdf
    • http://www.gorillawalker.com/my-beautiful-bow-an-adoption-story.pdf
    • http://www.gorillawalker.com/the-elements-of-continuum-biomechanics.pdf
    • http://www.gorillawalker.com/a-polite-and-commercial-people-england-1727-1783-new-oxford.pdf
    • http://www.gorillawalker.com/american-regional-cuisines-food-culture-and-cooking.pdf
    • http://www.gorillawalker.com/solo-the-north-pole-alone-and-unsupported.pdf
    • http://www.gorillawalker.com/licensing-update-2013.pdf
    • http://www.gorillawalker.com/gnosis-book-three-the-esoteric-cycle-study-and-commentaries-on.pdf
    • http://www.gorillawalker.com/a-visit-to-jebel-shammar-nedj-new-routes-through-northern.pdf
    • http://www.gorillawalker.com/the-wine-spectator-s-annual-wine-buying-guide-1992.pdf
    • http://www.gorillawalker.com/scripture-a-guide-for-the-perplexed.pdf
    • http://www.gorillawalker.com/euripides-children-of-heracles-hippolytus-andromache-hecuba-loeb-classical-library.pdf
    • http://www.gorillawalker.com/rafting-quifet-creek.pdf
    • http://www.gorillawalker.com/the-uninvited-guest-a-gareth-and-gwen-medieval-mystery.pdf
    • http://www.gorillawalker.com/wavelet-radio-euma-high-frequency-technologies-series-kindle-edition.pdf
    • http://www.gorillawalker.com/radical-ecstasy.pdf
    • http://www.gorillawalker.com/exilius-the-banish-d-roman.pdf
    • http://www.gorillawalker.com/new-mycommunicationlab-without-pearson-etext-standalone-access-card-for-public.pdf
    • http://www.gorillawalker.com/dubbing-and-subtitling-in-a-world-context.pdf
    • http://www.gorillawalker.com/the-sight-of-hell-vol-10-classic-reprint.pdf
    • http://www.gorillawalker.com/chasing-merlin.pdf
    • http://www.gorillawalker.com/translingual-narration-colonial-and-postcolonial-taiwanese-fiction-and-film.pdf
    • http://www.gorillawalker.com/the-angel-s-command-castaways-of-the-flying-dut
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.