Malicious PDF — malware analysis report

Static analysis result for SHA-256 fa8862e261e9b57a…

MALICIOUS

PDF

42.7 KB Created: 2019-04-08 18:35:09 +03:00 Authoring application: Acrobat PDFMaker 15 for Word (via Adobe PDF Library 15.0)
MD5: b2fa6478e344889dd24c2a3a5554bb76 SHA-1: b3c286d63714b17b3b3d46d2149666e4123d3c7a SHA-256: fa8862e261e9b57aa997ac0048fca35dd888bab9c9c91ef5dace87fd24d1ba9d
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML_NYX_PDF_MALICIOUS heuristic also flagged the document with high confidence. The embedded URLs suggest a link farm strategy, likely to manipulate search engine results or distribute malicious content. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8872

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/retrieval-from-semantic-memory-springer-series-in-language-and-communication.pdf
    • http://www.gorillawalker.com/hidden-syria.pdf
    • http://www.gorillawalker.com/the-turn-of-the-screw-a-case-study-in-contemporary.pdf
    • http://www.gorillawalker.com/rhysmyth-1.pdf
    • http://www.gorillawalker.com/dead-run-monkeewrench-no-3.pdf
    • http://www.gorillawalker.com/lloyd-webber-andrew-best-of-clarinet-the.pdf
    • http://www.gorillawalker.com/the-odyssey-of-kp2-an-orphan-seal-a-marine-biologist.pdf
    • http://www.gorillawalker.com/el-foro-y-el-bazar-econom-a-instituciones-y-pol.pdf
    • http://www.gorillawalker.com/descubriendo-a-belial-en-medio-de-la-congregaci.pdf
    • http://www.gorillawalker.com/best-of-blandings-summer-lightning-service-with-a-smile-pigs.pdf
    • http://www.gorillawalker.com/rock-star-kindle-edition.pdf
    • http://www.gorillawalker.com/microbiology-a-systems-approach-3rd-third-edition-by-cowan-marjorie.pdf
    • http://www.gorillawalker.com/the-puzzle-of-multiple-sclerosis-from-1868-to-2007.pdf
    • http://www.gorillawalker.com/master-builders-developing-life-and-leadership-in-the-body-of.pdf
    • http://www.gorillawalker.com/the-chilean-revolution-and-the-balmaceda-administration-speech-delivered-at.pdf
    • http://www.gorillawalker.com/the-preaching-of-pope-francis-missionary-discipleship-and-the-ministry.pdf
    • http://www.gorillawalker.com/introduction-to-supergravity-springerbriefs-in-mathematical-physics.pdf
    • http://www.gorillawalker.com/annotated-insurance-legislation.pdf
    • http://www.gorillawalker.com/the-wasps-aristophanic-suite-overture-full-score-a2276.pdf
    • http://www.gorillawalker.com/disney-handy-manny-counting-on-friends-carry-a-tune-book.pdf
    • http://www.gorillawalker.com/eerdmans-dictionary-of-the-bible.pdf
    • http://www.gorillawalker.com/sex-club-cuckold-2-multiple-partner-cuckold-humiliation-mmf-erotica.pdf
    • http://www.gorillawalker.com/reset-your-life-make-a-new-start-live-different.pdf
    • http://www.gorillawalker.com/memory-improved-reading-and-memory-enhancement-across-the-life-span.pdf
    • http://www.gorillawalker.com/miami-restaurant-guide-2015-best-rated-restaurants-in-miami-500.pdf
    • http://www.gorillawalker.com/the-verbal-system-of-classical-hebrew-in-the-joseph-story.pdf
    • http://www.gorillawalker.com/pictures-at-an-exhibition-arrangement-for-orchestra-complete-full-score.pdf
    • http://www.gorillawalker.com/domenico-scarlatti-ninety-sonatas-in-three-volumes-volume-i-dover.pdf
    • http://www.gorillawalker.com/100-famous-australian-lives.pdf
    • http://www.gorillawalker.com/fact-fiction-and-folklore-in-harry-potter-s-world-an.pdf
    • http://www.gorillawalker.com/rand-mcnally-streets-of-bloomington-normal-communities-included-chenoa-downs.pdf
    • http://www.gorillawalker.com/in-place-of-death.pdf
    • http://www.gorillawalker.com/the-underground-lawyer-kindle-edition.pdf
    • http://www.gorillawalker.com/a-theory-of-human-motivation.pdf
    • http://www.gorillawalker.com/federal-yellow-book-summer-2015-who-146-s-who-in.pdf
    • http://www.gorillawalker.com/illegal-affair-volume-i-ii-iii-sleeping-with-the-enemy.pdf
    • http://www.gorillawalker.com/japan-travel-through.pdf
    • http://www.gorillawalker.com/shakespeare-and-tragedy.pdf
    • http://www.gorillawalker.com/nona-and-me.pdf
    • http://www.gorillawalker.com/transcendental-and-algebraic-numbers-dover-books-on-mathematics.pdf
    • http://www.gorillawalker.com/the-odyssey-of-kp2-an-orphan-seal-a-marine-biol
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.