Malicious PDF — malware analysis report

Static analysis result for SHA-256 fbc2361a212e5142…

MALICIOUS

PDF

42.6 KB Created: 2018-11-14 21:48:09 +03:00 Authoring application: Adobe InDesign CS3 (5.0.3) (via Adobe PDF Library 8.0)
MD5: 8c914a1c36eb2b8ff8c5d7a3405c47d2 SHA-1: 53fffb967d603bbfce4d7d5ba33fb254567c9103 SHA-256: fbc2361a212e5142382783ac441f9ce884cc7be75d5b3f0316ab3b6e7b019c4d
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF document was flagged by a machine learning classifier and contains a large number of external links, indicating a potential link farm or distribution point for malicious content. The embedded URLs point to various PDF files hosted on the same domain, suggesting a coordinated effort to manipulate search engine results or distribute further payloads. No scripts were extracted, and the document body was unreadable.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/psychology-in-europe-facts-figures-realities.pdf
    • http://www.gorillawalker.com/first-love-the-adolescent-s-experience-of-amour-adolescent-cultures.pdf
    • http://www.gorillawalker.com/charleston-impressions.pdf
    • http://www.gorillawalker.com/implementing-twi-creating-and-managing-a-skills-based-culture.pdf
    • http://www.gorillawalker.com/vic-braden-s-tennis-for-the-future.pdf
    • http://www.gorillawalker.com/learn-german-with-paul-noble-course-review-german-made-easy.pdf
    • http://www.gorillawalker.com/the-derrydale-cook-book-of-and-game.pdf
    • http://www.gorillawalker.com/a-practical-dictionary-of-chinese-medicine.pdf
    • http://www.gorillawalker.com/effective-teaching-styles-new-directions-for-continuing-education-no-43.pdf
    • http://www.gorillawalker.com/badminton-steps-to-success-2nd-edition-steps-to-success-activity.pdf
    • http://www.gorillawalker.com/astral-projection-the-amazing-secret-of-astral-projection-the-beginners.pdf
    • http://www.gorillawalker.com/140-great-fashion-designs-1950-2000-dover-full-color-electronic.pdf
    • http://www.gorillawalker.com/jensi-mc-kensey-il-privato-il-caso-del-free-to.pdf
    • http://www.gorillawalker.com/nationalism-and-socialism.pdf
    • http://www.gorillawalker.com/family-affairs.pdf
    • http://www.gorillawalker.com/the-boy-who-climbed-into-the-moon.pdf
    • http://www.gorillawalker.com/treacherous-attempts-women-shakespeare-and-marriage-law.pdf
    • http://www.gorillawalker.com/forest-trees-of-australia.pdf
    • http://www.gorillawalker.com/ultrasound-anatomy-normal-appearance-a-practical-approach.pdf
    • http://www.gorillawalker.com/mathematical-statistics-a-decision-theoretic-approach.pdf
    • http://www.gorillawalker.com/lifepac-gold-history-grade-2-boxed-set.pdf
    • http://www.gorillawalker.com/the-cupcake-romance-2-dirty-weekend.pdf
    • http://www.gorillawalker.com/dear-dumb-diary-year-two-2-the-super-nice-are.pdf
    • http://www.gorillawalker.com/condorito-historietas-a-color-1-spanish-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/programa-m-dico-arquitect-nico-para-el-dise-o-de.pdf
    • http://www.gorillawalker.com/instructor-s-testing-manual-trigonometry-9th-edition.pdf
    • http://www.gorillawalker.com/places-of-performance-the-semiotics-of-theatre-architecture.pdf
    • http://www.gorillawalker.com/study-guide-for-judson-deffeyes-and-hargraves-physical-geology-1976.pdf
    • http://www.gorillawalker.com/tramping-with-the-legion-a-carolina-rebel-s-story.pdf
    • http://www.gorillawalker.com/introduction-to-vlsi-design-mcgraw-hill-series-in-electrical-engineering.pdf
    • http://www.gorillawalker.com/dk-eyewitness-books-shark.pdf
    • http://www.gorillawalker.com/an-atlas-of-psoriasis-second-edition-encyclopedia-of-visual-medicine.pdf
    • http://www.gorillawalker.com/the-stretch-deck-50-stretches.pdf
    • http://www.gorillawalker.com/favorite-brand-name-mexican-collection-incl-dust-jacket.pdf
    • http://www.gorillawalker.com/pharmacology-and-the-nursing-process.pdf
    • http://www.gorillawalker.com/communication-a-critical-cultural-introduction.pdf
    • http://www.gorillawalker.com/dashiell-hammett-crime-stories-and-other-writings-library-of-america.pdf
    • http://www.gorillawalker.com/familiar-places-a-tale-of-vampires-murder-and-submission.pdf
    • http://www.gorillawalker.com/germany-s-tiger-tanks-d-w-to-tiger-i-design.pdf
    • http://www.gorillawalker.com/best-ever-indian-cookbook-325-famous-step-by-step-recipes.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.