Malicious PDF — malware analysis report

Static analysis result for SHA-256 fa7562ff238a36aa…

MALICIOUS

PDF

41.8 KB Created: 2018-12-07 18:28:43 +03:00 Authoring application: FrameMaker 7.0 (via Acrobat Distiller 5.0.5 (Windows); modified using iText® 5.5.4 ©2000-2014 iText Group NV (AGPL-version))
MD5: 5f43a83662d3b71e4c132d04960ded22 SHA-1: 0fad53354df60a5ac705bff6d4cc8d18ccfea2a4 SHA-256: fa7562ff238a36aa3135fb179e6c3707ed96ec787dacbe2a6cdb6232553fff6a
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious File

The PDF was flagged by a machine learning classifier and a critical heuristic for containing a large number of external links. These links, primarily to other PDF files hosted on the same domain, suggest a link farm or SEO abuse tactic. The embedded URLs are the primary indicators of malicious activity, likely serving as a distribution mechanism for further malicious content or to drive traffic.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8698

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/grandpa-doesn-t-know-me-anymore.pdf
    • http://www.gorillawalker.com/lean-six-sigma-for-the-healthcare-enterprise-methods-tools-and.pdf
    • http://www.gorillawalker.com/trigger-points-quickstudy-academic.pdf
    • http://www.gorillawalker.com/les-incroyables-vertus-des-smoothies-verts-french-edition.pdf
    • http://www.gorillawalker.com/goethes-wahlverwandtschaften-german-edition.pdf
    • http://www.gorillawalker.com/god-s-only-daughter-spenser-s-una-as-the-invisible.pdf
    • http://www.gorillawalker.com/caribbean-certificate-history-development-and-decolonization-bk-3.pdf
    • http://www.gorillawalker.com/italian-ice-the-ultimate-recipe-guide.pdf
    • http://www.gorillawalker.com/china-s-arms-acquisitions-from-abroad-a-quest-for-superb.pdf
    • http://www.gorillawalker.com/grounds-maintenance-equipment-blue-book-2014-your-guide-to-outdoor.pdf
    • http://www.gorillawalker.com/lady-di-la-bella-princesa-del-pueblo-que-desafio-a.pdf
    • http://www.gorillawalker.com/an-accidental-fortune.pdf
    • http://www.gorillawalker.com/hushed.pdf
    • http://www.gorillawalker.com/eight-inches-under-her-skirt-seducing-the-straight-guy-first.pdf
    • http://www.gorillawalker.com/cuba-and-its-music-from-the-first-drums-to-the.pdf
    • http://www.gorillawalker.com/schatz-walzer-op-418-full-score-a2105.pdf
    • http://www.gorillawalker.com/modelling-design-and-optimization-of-net-zero-energy-buildings-solar.pdf
    • http://www.gorillawalker.com/walt-kelly-s-fairy-tales.pdf
    • http://www.gorillawalker.com/what-to-do-with-granddaddy-s-coins-a-beginner-s.pdf
    • http://www.gorillawalker.com/deacon-s-touch-dume-ranch-series-book-1-kindle-edition.pdf
    • http://www.gorillawalker.com/the-fundamentals-of-landscape-architecture.pdf
    • http://www.gorillawalker.com/tax-cuts-on-repatriation-earnings-as-economic-stimulus-an-economic.pdf
    • http://www.gorillawalker.com/the-taming-of-the-shrew-third-series-arden-shakespeare.pdf
    • http://www.gorillawalker.com/an-exploration-of-dynamical-systems-and-chaos-completely-revised-and.pdf
    • http://www.gorillawalker.com/the-rule-of-three-kindle-edition.pdf
    • http://www.gorillawalker.com/performance-projections-film-and-the-body-in-action.pdf
    • http://www.gorillawalker.com/beyond-shame-beyond-book-one.pdf
    • http://www.gorillawalker.com/what-your-doctor-may-not-tell-you-about-anxiety-phobias.pdf
    • http://www.gorillawalker.com/ghost-towns-of-kansas-volume-one.pdf
    • http://www.gorillawalker.com/mad-game-the-nba-education-of-kobe-bryant.pdf
    • http://www.gorillawalker.com/patterns-of-distribution-of-amphibians-a-global-perspective.pdf
    • http://www.gorillawalker.com/green-grass-running-water-tpb.pdf
    • http://www.gorillawalker.com/pays-de-la-loire-ign-r07-map.pdf
    • http://www.gorillawalker.com/science-voyages-and-encounters-in-oceania-1511-1850-palgrave-studies.pdf
    • http://www.gorillawalker.com/below-the-surface-a-code-of-silence-novel.pdf
    • http://www.gorillawalker.com/john-patrick-s-craps-so-you-wanna-be-a-gambler.pdf
    • http://www.gorillawalker.com/collected-fat.pdf
    • http://www.gorillawalker.com/figure-drawing-the-beginner-s-guide.pdf
    • http://www.gorillawalker.com/intercultural-philosophy.pdf
    • http://www.gorillawalker.com/blackmailed-into-submission-political-extortion-book-1.pdf
    • http://www.gorillawalker.com/i
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.