Malicious PDF — malware analysis report

Static analysis result for SHA-256 fcfd6510c4ddf902…

MALICIOUS

PDF

44.0 KB Created: 2018-11-26 20:03:22 +03:00 Authoring application: PDFCreator Version 0.9.8 (via GPL Ghostscript 8.64)
MD5: 09f2d22fe2340d796913c836d69c3fb2 SHA-1: 81d0db125f903502a6eac3dc50e0c00eaeba27a7 SHA-256: fcfd6510c4ddf902e78e4775dea3d816feb854ae79627f1776d24cbf6b675548
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded URLs pointing to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged this PDF as malicious. The document body is heavily obfuscated, but the presence of numerous links suggests a tactic to drive traffic to a website, potentially for SEO manipulation or to serve additional malicious content. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8859

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/gitana-m-a-spanish-edition.pdf
    • http://www.gorillawalker.com/cisplatin-chemistry-and-biochemistry-of-a-leading-anticancer-drug.pdf
    • http://www.gorillawalker.com/50-schl-sselideen-hirnforschung-german-edition.pdf
    • http://www.gorillawalker.com/marvel-s-captain-america-the-first-avenger-adaptation-1-of.pdf
    • http://www.gorillawalker.com/survival-manual-survival-guide-survival-handbook-sere-combined-with-civil.pdf
    • http://www.gorillawalker.com/no-good-deed-lucy-kincaid-novels-book-10.pdf
    • http://www.gorillawalker.com/color-management-untangled-with-christy-schuler-2-hour-tutorial-dvd.pdf
    • http://www.gorillawalker.com/organization-development-basics-astd-training-basics.pdf
    • http://www.gorillawalker.com/super-fresh-super-natural-super-vibrant-vegan-recipes.pdf
    • http://www.gorillawalker.com/understanding-disability-inclusion-access-diversity-and-civil-rights.pdf
    • http://www.gorillawalker.com/synoptic-problems-collected-essays-wissenschaftliche-untersuchungen-zum-neuen-testament.pdf
    • http://www.gorillawalker.com/the-jeweled-spur-the-yukon-queen-the-rough-rider-the.pdf
    • http://www.gorillawalker.com/whoopies-spanish-edition.pdf
    • http://www.gorillawalker.com/harvey-fierstein-s-safe-sex.pdf
    • http://www.gorillawalker.com/i-love-mormons-a-new-way-to-share-christ-with.pdf
    • http://www.gorillawalker.com/hanbury-martin-modern-equity.pdf
    • http://www.gorillawalker.com/dodge-heavy-construction-cost-book-1998-mcgraw-hill-s-dodge.pdf
    • http://www.gorillawalker.com/teaching-young-gifted-children-in-the-regular-classroom-identifying-nurturing.pdf
    • http://www.gorillawalker.com/a-floral-abc.pdf
    • http://www.gorillawalker.com/trend-driven-innovation-beat-accelerating-customer-expectations.pdf
    • http://www.gorillawalker.com/richardson-s-war-of-1812-with-notes-and-a-life.pdf
    • http://www.gorillawalker.com/spectacular-hits-for-ukulele-tro-cromwell-music-book.pdf
    • http://www.gorillawalker.com/little-stones-at-my-window-piedritas-en-la-ventana-poems.pdf
    • http://www.gorillawalker.com/parental-alienation-the-handbook-for-mental-health-and-legal-professionals.pdf
    • http://www.gorillawalker.com/bread-circus-whole-food-bible-1st-edition.pdf
    • http://www.gorillawalker.com/amish-proverbs-words-of-wisdom-from-the-simple-life.pdf
    • http://www.gorillawalker.com/the-skinny-indian-takeaway-recipe-book-british-indian-restaurant-dishes.pdf
    • http://www.gorillawalker.com/the-force-of-finance-triumph-of-the-capital-markets.pdf
    • http://www.gorillawalker.com/nyc-classic-unfolds.pdf
    • http://www.gorillawalker.com/infrared-absorption-spectroscopy.pdf
    • http://www.gorillawalker.com/warren-commission-report-a-graphic-investigation-into-the-kennedy-assassination.pdf
    • http://www.gorillawalker.com/anticholinergics-chapter-145-of-emergency-medicine-kindle-edition.pdf
    • http://www.gorillawalker.com/logic-an-aristotelian-approach.pdf
    • http://www.gorillawalker.com/pivotal-politics-a-theory-of-u-s-lawmaking-kindle-edition.pdf
    • http://www.gorillawalker.com/alhazred-author-of-the-necronomicon-necronomicon-series.pdf
    • http://www.gorillawalker.com/sex-with-a-stranger-kindle-edition.pdf
    • http://www.gorillawalker.com/st-james-road-a-post-world-war-ii-english-family.pdf
    • http://www.gorillawalker.com/wedding-photography-paperback-2012-author-mark-cleghorn.pdf
    • http://www.gorillawalker.com/the-21st-century-lifeskills-handbook-everyday-household-tasks.pdf
    • http://www.gorillawalker.com/the-ethics-of-biotechnology-biotechnology-in-the-21st-century-out.pdf
    • http://www.gorillawalker.com/no-good-de
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.