Malicious PDF — malware analysis report

Static analysis result for SHA-256 fb48887058df66b2…

MALICIOUS

PDF

44.0 KB Created: 2019-02-12 19:46:45 +03:00 Authoring application: FrameMaker 12.0.4 (via Acrobat Distiller 11.0 (Windows))
MD5: 5d0348098de2981e28a8894697980567 SHA-1: 04b69bdd15c1e5f8c3f56d4231cc2870222d450b SHA-256: fb48887058df66b219d7838778d7052535e51cfbcdf3a3c02fb16dd9a2fe4b10
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF file contains a large number of embedded links to external PDF documents, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML_NYX_PDF_MALICIOUS classifier also flagged the file with high confidence. The embedded URLs suggest a link farm or distribution mechanism, potentially for SEO manipulation or to deliver further malicious payloads. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9171

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/nature-versus-natural-selection-an-essay-on-organic-evolution.pdf
    • http://www.gorillawalker.com/barney-and-baby-bop-go-to-school.pdf
    • http://www.gorillawalker.com/bluegrass-in-missouri-monthly-bulletin-missouri-state-board-of-agriculture.pdf
    • http://www.gorillawalker.com/auschwitz-spanish-edition.pdf
    • http://www.gorillawalker.com/the-transition-curve-or-curve-of-adjustment-as-applied-to.pdf
    • http://www.gorillawalker.com/rakugo-performing-comedy-and-cultural-heritage-in-contemporary-tokyo.pdf
    • http://www.gorillawalker.com/damenrunde-extrahei-erotischer-roman-german-edition.pdf
    • http://www.gorillawalker.com/into-daylight-poems-dorset-prize.pdf
    • http://www.gorillawalker.com/whose-puck-is-it-anyway-a-season-with-a-minor.pdf
    • http://www.gorillawalker.com/the-silicon-cycle-human-perturbations-and-impacts-on-aquatic-systems.pdf
    • http://www.gorillawalker.com/growing-up-church-of-christ-kindle-edition.pdf
    • http://www.gorillawalker.com/our-power-as-women-the-wisdom-and-strategies-of-highly.pdf
    • http://www.gorillawalker.com/les-deux-coeurs-du-monde-du-kibboutz-a-l-intifada.pdf
    • http://www.gorillawalker.com/get-set-for-school.pdf
    • http://www.gorillawalker.com/guidelines-for-the-management-of-sexually-transmitted-infections.pdf
    • http://www.gorillawalker.com/cbs-nuclear-medicine-and-radiotherapy-entrance-examination.pdf
    • http://www.gorillawalker.com/pro-netbeans-ide-6-rich-client-platform-edition-expert-s.pdf
    • http://www.gorillawalker.com/leisure-in-art-and-literature-warwick-studies-in-the-european.pdf
    • http://www.gorillawalker.com/deva-zan.pdf
    • http://www.gorillawalker.com/mini-scratch-it-spring-create-rainbow-art-pictures-mini-scratch.pdf
    • http://www.gorillawalker.com/minions-fearsome-foes-d-d-d20-3-0-fantasy-roleplaying.pdf
    • http://www.gorillawalker.com/trust-in-the-capacities-of-the-people-distrust-in-elites.pdf
    • http://www.gorillawalker.com/a-dog-is-listening-the-way-some-of-our-closest.pdf
    • http://www.gorillawalker.com/mercedes-benz-in-pictures.pdf
    • http://www.gorillawalker.com/police-supervision-and-management-in-an-era-of-community-policing.pdf
    • http://www.gorillawalker.com/revit-architecture-2013-crear-y-editar-familias-spanish-edition-kindle.pdf
    • http://www.gorillawalker.com/the-method-of-the-correlation-function-in-superconductivity-theory-springer.pdf
    • http://www.gorillawalker.com/pursuing-god-s-own-heart-lessons-from-the-life-of.pdf
    • http://www.gorillawalker.com/looking-for-the-king-an-inklings-novel.pdf
    • http://www.gorillawalker.com/symphony-no-2-full-score-a1686.pdf
    • http://www.gorillawalker.com/alpha-unleashed-alpha-girl-book-5.pdf
    • http://www.gorillawalker.com/andrea-ch-nier-un-di-all-azzurro-oboe-2-part.pdf
    • http://www.gorillawalker.com/chemistry-an-introduction-to-general-organic-and-biological-chemistry-plus.pdf
    • http://www.gorillawalker.com/the-zen-of-empirical-research-quantitative-methods-in-communication.pdf
    • http://www.gorillawalker.com/mouth-let-s-read-about-our-bodies.pdf
    • http://www.gorillawalker.com/hiking-colorado-s-front-range-fort-collins-to-colorado-springs.pdf
    • http://www.gorillawalker.com/8-gedichte-aus-letzte-bl-tter-op-10-zueignung-no.pdf
    • http://www.gorillawalker.com/elements-of-language-1st-course-grade-7-annotated-teacher-s.pdf
    • http://www.gorillawalker.com/a-critical-survey-on-the-application-of-plastic-fracture-mechanics.pdf
    • http://www.gorillawalker.com/the-family-that-overtook-christ-study-edition-lessons-in-sanctity.pdf
    • http://www.gorillawalker.com/rakugo-performing-comedy-and-cultu
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.