Malicious PDF — malware analysis report

Static analysis result for SHA-256 fc56e0a2d7080883…

MALICIOUS

PDF

42.9 KB Created: 2018-12-28 08:08:56 +03:00 Authoring application: PFU ScanSnap Manager 4.2.14 (via Adobe PDF Scan Library 2.3)
MD5: a6ee11789d5743b381a9b16349ba084c SHA-1: a153b97adae8beaa1eeb63f393562a0fd3e793c5 SHA-256: fc56e0a2d7080883a63c90b2eb8e34759eee490fa2a40b5728abf4075d5f5d21
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF was flagged by a critical heuristic for containing a large number of external links, suggesting a link farm or SEO abuse. The ML classifier also indicated a high probability of maliciousness. While no scripts were extracted, the sheer volume of links to external PDFs from a single domain points to a coordinated effort to distribute content or potentially malicious files.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9027

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/how-to-break-into-pharmaceutical-sales-a-headhunter-s-strategy.pdf
    • http://www.gorillawalker.com/langmuir-probe-diagnostics-of-the-vasimr-engine-kindle-edition.pdf
    • http://www.gorillawalker.com/island-bimbo.pdf
    • http://www.gorillawalker.com/largo-winch-english-version-volume-6-and-die.pdf
    • http://www.gorillawalker.com/scholastic-success-with-addition-subtraction-multiplication-division-grade-4.pdf
    • http://www.gorillawalker.com/russian-edition.pdf
    • http://www.gorillawalker.com/hero-the-life-and-death-of-audie-murphy.pdf
    • http://www.gorillawalker.com/action-and-appearance-ethics-and-the-politics-of-writing-in.pdf
    • http://www.gorillawalker.com/brooke-and-the-fairy-happy-birthday-the-magical-murphy-farm.pdf
    • http://www.gorillawalker.com/evening-rondeau.pdf
    • http://www.gorillawalker.com/st-p-mathematics-1a-second-edition-bk-1a.pdf
    • http://www.gorillawalker.com/the-heart-of-the-revolution-the-buddha-s-radical-teachings.pdf
    • http://www.gorillawalker.com/handmade-birthdays-101-gift-cake-card-ideas-for-ages-1.pdf
    • http://www.gorillawalker.com/the-professional-communications-toolkit.pdf
    • http://www.gorillawalker.com/icaew-management-information-passcards.pdf
    • http://www.gorillawalker.com/makin-stuff-up-secrets-of-song-craft-survival-in-the.pdf
    • http://www.gorillawalker.com/george-washington-carver-earth-keepers.pdf
    • http://www.gorillawalker.com/asia-s-new-institutional-architecture-evolving-structures-for-managing-trade.pdf
    • http://www.gorillawalker.com/fodor-s-bermuda-travel-guide.pdf
    • http://www.gorillawalker.com/why-knot-how-to-tie-more-than-sixty-ingenious-useful.pdf
    • http://www.gorillawalker.com/domestic-relationships-a-contemporary-approach-interactive-casebook-series.pdf
    • http://www.gorillawalker.com/little-by-little.pdf
    • http://www.gorillawalker.com/systems-analysis-and-design-in-a-changing-world-6th-edition.pdf
    • http://www.gorillawalker.com/overcoming-underachieving-a-simple-plan-to-boost-your-kids-grades.pdf
    • http://www.gorillawalker.com/three-into-one-milf-meets-her-match.pdf
    • http://www.gorillawalker.com/toonerific-for-string-orchestra-score.pdf
    • http://www.gorillawalker.com/the-young-people-s-book-of-saints.pdf
    • http://www.gorillawalker.com/fundamentals-of-construction-estimating.pdf
    • http://www.gorillawalker.com/the-phonological-structure-of-the-verbal-roots-in-arabic-and.pdf
    • http://www.gorillawalker.com/how-to-make-an-ebook-cover-for-non-designers.pdf
    • http://www.gorillawalker.com/brahma-sutra-bhasya-of-shankaracharya.pdf
    • http://www.gorillawalker.com/foot-and-ankle-secrets-1e.pdf
    • http://www.gorillawalker.com/the-flamboyant-unabridged-audio-cd.pdf
    • http://www.gorillawalker.com/el-club-del-acolchado-amish-spanish-edition.pdf
    • http://www.gorillawalker.com/dictionary-of-agriculture.pdf
    • http://www.gorillawalker.com/unlock-the-bible-keys-to-discovering-the-people-places.pdf
    • http://www.gorillawalker.com/shoulder-arms-letters-and-recollections-of-the-22nd-new-york.pdf
    • http://www.gorillawalker.com/beginning-flash-game-programming-for-dummies.pdf
    • http://www.gorillawalker.com/the-us-military-in-africa-enhancing-security-and-development.pdf
    • http://www.gorillawalker.com/lectures-on-revival.pdf
    • http://www.gorillawalker.com/action-and-appearance-ethics-and-the-politics-of-writing-in.pd
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.