Malicious PDF — malware analysis report

Static analysis result for SHA-256 fbb28093d8ae741c…

MALICIOUS

PDF

45.8 KB Created: 2018-11-30 01:49:10 +03:00 Authoring application: FrameMaker 7.2 (via Acrobat Distiller 7.0.5 (Windows))
MD5: c0fe5cfc4a46ee4483358bfb902b831a SHA-1: f8be336215f6d754f7cda914ab22e56455616f12 SHA-256: fbb28093d8ae741cacca3377f4f350a282701967f0dbcdbf60ddb4a543e7f3ea
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF was flagged by a critical heuristic for containing a large number of external links, forming a link farm. The ML classifier also indicated a high probability of maliciousness. The embedded URLs, all pointing to the same domain, suggest a coordinated effort to distribute malicious content or redirect users to phishing sites.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8439

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/black-americana-price-guide-antique-trader-s-black-americana-price.pdf
    • http://www.gorillawalker.com/matthew-storyteller-interpreter-evangelist.pdf
    • http://www.gorillawalker.com/hogarth.pdf
    • http://www.gorillawalker.com/yanmar-marine-diesel-engine-d27a-d36a-service-manual.pdf
    • http://www.gorillawalker.com/one-last-job-with-vengeance.pdf
    • http://www.gorillawalker.com/markenzeichen-aus-semiotischer-sicht-analyse-und-generierungsm-glichkeiten-german-edition.pdf
    • http://www.gorillawalker.com/the-origins-of-the-seder.pdf
    • http://www.gorillawalker.com/small-cracks-kindle-edition.pdf
    • http://www.gorillawalker.com/eating-for-meaning-guide-to-detox.pdf
    • http://www.gorillawalker.com/us-army-technical-manual-tm-5-3820-256-24p-1.pdf
    • http://www.gorillawalker.com/piping-calculations-manual-mcgraw-hill-calculations.pdf
    • http://www.gorillawalker.com/realistic-petals-on-a-flower-drawspace-module-3-1-a27.pdf
    • http://www.gorillawalker.com/digital-television-dvb-t-cofdm-and-atsc-8-vsb.pdf
    • http://www.gorillawalker.com/autonomic-nervous-system-volume-117-handbook-of-clinical-neurology-series.pdf
    • http://www.gorillawalker.com/the-fortunate-islands-being-adventures-with-the-negro-in-the.pdf
    • http://www.gorillawalker.com/el-salvador-an-entry-from-uxl-s-junior-worldmark-encyclopedia.pdf
    • http://www.gorillawalker.com/why-lutherans-sing-what-they-sing.pdf
    • http://www.gorillawalker.com/tattoos-50-designs-to-help-you-de-stress-coloring-for.pdf
    • http://www.gorillawalker.com/the-beckstead-wedding-dynamic-composition-skills-from-one-of-the.pdf
    • http://www.gorillawalker.com/loves-sacrifice-revels-plays-mup.pdf
    • http://www.gorillawalker.com/memoirs-of-a-young-bastard-the-diaries-of-tim-burstall.pdf
    • http://www.gorillawalker.com/america-s-uninsured-crisis-consequences-for-health-and-health-care.pdf
    • http://www.gorillawalker.com/wesley-bible-studies-exodus.pdf
    • http://www.gorillawalker.com/fibromyalgia-and-chronic-fatigue-acutherapy-and-holistic-approaches.pdf
    • http://www.gorillawalker.com/the-panama-canal-in-american-politics-domestic-advocacy-and-the.pdf
    • http://www.gorillawalker.com/the-theory-of-rotating-fluids-cambridge-monographs-on-mechanics-and.pdf
    • http://www.gorillawalker.com/kompendium-fur-alphabeten-german-edition.pdf
    • http://www.gorillawalker.com/methods-of-eliminating-ground-surveying-for-control-in-aerial-photography.pdf
    • http://www.gorillawalker.com/wilma-rudolph-athlete-and-educator-ferguson-career-biographies.pdf
    • http://www.gorillawalker.com/miedo-spanish-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/messengers-of-the-lost-battalion.pdf
    • http://www.gorillawalker.com/sedimentation-in-a-synorogenic-basin-complex-upper-carboniferous-of-north.pdf
    • http://www.gorillawalker.com/el-libro-de-los-muertos-misterios-de-la-historia.pdf
    • http://www.gorillawalker.com/triumph-o-imag-jk-rowling-oa-overcoming-adversity.pdf
    • http://www.gorillawalker.com/reporting-the-resistance-alexander-begg-and-joseph-hargrave-on-the.pdf
    • http://www.gorillawalker.com/the-cutting-room-dark-reflections-of-the-silver-screen.pdf
    • http://www.gorillawalker.com/make-a-meal-salads-better-homes-and-gardens.pdf
    • http://www.gorillawalker.com/essential-java-for-scientists-and-engineers.pdf
    • http://www.gorillawalker.com/give-me-some-music-shakespeare-an-der-bayerischen-staatsoper-m.pdf
    • http://www.gorillawalker.com/designer-dream-homes-kitchen-design-170-innovative-home-plans-spring.pdf
    • http://www.gorillawalker.com/small
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.