Malicious PDF — malware analysis report

Static analysis result for SHA-256 f9945ec8b632c294…

MALICIOUS

PDF

45.8 KB Created: 2018-12-15 20:06:15 +03:00 Authoring application: FrameMaker 10.0.2 (via Acrobat Distiller 11.0 (Windows))
MD5: 64845132bc5951764a4f30424ead45e4 SHA-1: 4e416e4534391cfc847e6cd5a9800d00ac56cc20 SHA-256: f9945ec8b632c294ef0fbe979f345282ff28bb7e67e755ec0d71d88497e8c0f5
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a significant number of embedded URLs, identified by the PDF_SEO_LINK_FARM heuristic, pointing to external PDF documents. This suggests a tactic to inflate search engine rankings or to serve as a distribution point for other malicious files. The ML classifier also flagged the document as malicious with high confidence. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8974

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/american-poetry-the-seventeenth-and-eighteenth-centuries-library-of-america.pdf
    • http://www.gorillawalker.com/the-allentown-line-new-york-to-harrisburg-and-the-pennsylvania.pdf
    • http://www.gorillawalker.com/route-66-a-road-to-america-s-landscape-history-and.pdf
    • http://www.gorillawalker.com/talk-to-strangers-how-everyday-random-encounters-can-expand-your.pdf
    • http://www.gorillawalker.com/the-epistles-of-john-expositional-commentary.pdf
    • http://www.gorillawalker.com/lost-in-my-own-backyard-a-walk-in-yellowstone-national.pdf
    • http://www.gorillawalker.com/accident-emergency-theory-into-practice-3e.pdf
    • http://www.gorillawalker.com/the-dream-workbook-discover-the-knowledge-and-power-hidden-in.pdf
    • http://www.gorillawalker.com/gendered-lives-communication-gender-and-culture-8th-eighth-edition-by.pdf
    • http://www.gorillawalker.com/joseph-and-the-amazing-technicolor-dreamcoat-playbill-march-1983-vol.pdf
    • http://www.gorillawalker.com/heikvaldo-tango-argentino-2-german-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/racial-profiling-at-issue-series.pdf
    • http://www.gorillawalker.com/lasik-the-eye-laser-miracle-the-complete-guide-to-better.pdf
    • http://www.gorillawalker.com/detox-box-set-two-superfoods-14-days-detox-superfoods-salads.pdf
    • http://www.gorillawalker.com/driver-acceptance-of-new-technology-theory-measurement-and-optimisation-human.pdf
    • http://www.gorillawalker.com/cases-and-materials-on-evidence-2002.pdf
    • http://www.gorillawalker.com/the-straight-talk-on-parenting-a-no-nonsense-approach-on.pdf
    • http://www.gorillawalker.com/sworn-in-secret-freemasonry-and-the-knights-templar-kindle-edition.pdf
    • http://www.gorillawalker.com/where-good-ideas-come-from-the-natural-history-of-innovation.pdf
    • http://www.gorillawalker.com/grace-maggie-across-the-pond-the-seasons-of-cherryvale-volume.pdf
    • http://www.gorillawalker.com/the-stand-volume-4-hardcases-stand-marvel.pdf
    • http://www.gorillawalker.com/card-tricks-and-brain-teasers-a-beginners-and-intermediate-s.pdf
    • http://www.gorillawalker.com/crises-conflict-and-disability-ensuring-equality.pdf
    • http://www.gorillawalker.com/secondary-cleft-surgery-selected-readings-in-oral-and-maxillofacial-surgery.pdf
    • http://www.gorillawalker.com/principles-of-farm-irrigation-system-design.pdf
    • http://www.gorillawalker.com/read-canadian-a-book-about-canadian-books.pdf
    • http://www.gorillawalker.com/thunder-s-shadow-in-the-shadow-of-the-cedar-volume.pdf
    • http://www.gorillawalker.com/printed-textile-design.pdf
    • http://www.gorillawalker.com/downloads-from-the-nine-awaken-as-you-read-kindle-edition.pdf
    • http://www.gorillawalker.com/bad-intentions-the-mike-tyson-story-by-heller-peter-22.pdf
    • http://www.gorillawalker.com/military-march-in-d-op-51-no-1-famous-marches.pdf
    • http://www.gorillawalker.com/caught-by-scylla-kindle-edition.pdf
    • http://www.gorillawalker.com/handbook-of-media-for-clinical-and-public-health-microbiology.pdf
    • http://www.gorillawalker.com/scale-plans-no-30-mikoyan-gurevich-mig-1-mig-3.pdf
    • http://www.gorillawalker.com/words-of-wisdom-for-women-at-the-well-quenching-your.pdf
    • http://www.gorillawalker.com/the-history-of-the-netherlands-illustrated-kindle-edition.pdf
    • http://www.gorillawalker.com/along-the-gulf-an-entertaining-story-of-an-outing-among.pdf
    • http://www.gorillawalker.com/lower-your-taxes-big-time.pdf
    • http://www.gorillawalker.com/eighty-seven.pdf
    • http://www.gorillawalker.com/progressive-jazz-studies-for-b-flat-or-e-flat-saxophone.pdf
    • http://www.gorillawalker.com/lost-in-my-own-backyard
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.