Malicious PDF — malware analysis report

Static analysis result for SHA-256 fe57f15aac45b88c…

MALICIOUS

PDF

47.4 KB Created: 2019-02-14 08:12:22 +03:00 Authoring application: Adobe Acrobat 8.0 Combine Files (via Adobe Acrobat 8.0)
MD5: 3e9f69b7bdbf5773f0e0f22c1e0ff424 SHA-1: 36d32dc335f72c27b882c1907269192d954513c8 SHA-256: fe57f15aac45b88cad7722809176ae35f80ec1aae4efadf35eeb89bedb541796
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF file contains a large number of embedded URLs pointing to external PDF documents, a technique often used for SEO manipulation or to host malicious content. The ML classifier also flagged this PDF as malicious. No scripts were extracted from this sample, and the document body was not parsable.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8509

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/victorian-lady-on-the-texas-frontier-the-journal-of-ann.pdf
    • http://www.gorillawalker.com/avengers-spotlight-37-avengers-reborn-1-of-4.pdf
    • http://www.gorillawalker.com/drawing-on-the-artist-within-an-inspirational-and-practical-guide.pdf
    • http://www.gorillawalker.com/routledge-encyclopedia-of-ancient-mediterranean-religions.pdf
    • http://www.gorillawalker.com/emotional-obesity-a-philosophical-guide-to-lighten-your-life.pdf
    • http://www.gorillawalker.com/prehospital-trauma-care.pdf
    • http://www.gorillawalker.com/the-rival-agha-shahid-ali-prize-in-poetry.pdf
    • http://www.gorillawalker.com/the-weapons-and-gear-of-the-revolutionary-war-the-story.pdf
    • http://www.gorillawalker.com/grade-5-selected-clarinet-exam-pieces-2008-2013.pdf
    • http://www.gorillawalker.com/15-top-jazz-duets-trombone.pdf
    • http://www.gorillawalker.com/rose-variations.pdf
    • http://www.gorillawalker.com/monterrey-mexico-guide-to-the-international-city.pdf
    • http://www.gorillawalker.com/compensation-recovery-scheme-a-medical-appeal-tribunal-is-not-bound.pdf
    • http://www.gorillawalker.com/the-codex-of-justinian-3-volume-hardback-set-a-new.pdf
    • http://www.gorillawalker.com/99-essential-business-idioms-and-phrasal-verbs-succeed-in-an.pdf
    • http://www.gorillawalker.com/the-4-lenses-of-innovation-a-power-tool-for-creative.pdf
    • http://www.gorillawalker.com/soccer-star-kak-goal-latin-stars-of-soccer.pdf
    • http://www.gorillawalker.com/fodor-s-chicago-2009-travel-guide.pdf
    • http://www.gorillawalker.com/medical-and-chirurgical-observations-on-inflammations-of-the-eyes-on.pdf
    • http://www.gorillawalker.com/atlas-of-diseases-of-the-kidney-volume-3-hypertension-and.pdf
    • http://www.gorillawalker.com/pharmacology-3rd-edition.pdf
    • http://www.gorillawalker.com/mother-teresa-come-be-my-light-the-private-writings-of.pdf
    • http://www.gorillawalker.com/2004-c-h-mccloy-research-lecture-are-american-children-and.pdf
    • http://www.gorillawalker.com/kashmir-an-experiment-gone-sour.pdf
    • http://www.gorillawalker.com/paleozoic-fossil-plants.pdf
    • http://www.gorillawalker.com/global-crisis-reporting-issues-in-cultural-and-media-studies.pdf
    • http://www.gorillawalker.com/federal-evidence-expert-witnesses-hear-say-hear-say-exceptions-law.pdf
    • http://www.gorillawalker.com/favorite-piano-classics-iii-music-scores.pdf
    • http://www.gorillawalker.com/the-corner-office-indispensable-and-unexpected-lessons-from-ceos-on.pdf
    • http://www.gorillawalker.com/juvenile-law-2014-massachusetts-police-questions.pdf
    • http://www.gorillawalker.com/phenomenology-and-applications-of-high-temperature-superconductors-the-los-alamos.pdf
    • http://www.gorillawalker.com/bonds-and-obligations-of-cities-towns-counties-and-townships-of.pdf
    • http://www.gorillawalker.com/differential-equations-a-modeling-approach-quantitative-applications-in-the-social.pdf
    • http://www.gorillawalker.com/odi-risconstrate-su-manoscritti-e-stampe-italian-edition.pdf
    • http://www.gorillawalker.com/solutions-for-dental-esthetics-the-natural-look.pdf
    • http://www.gorillawalker.com/the-clumsy-giant-tadpoles.pdf
    • http://www.gorillawalker.com/rode-hard-put-away-wet-lesbian-cowboy-erotica.pdf
    • http://www.gorillawalker.com/the-lost-witch-wizard.pdf
    • http://www.gorillawalker.com/the-choir-director-2-runaway-bride.pdf
    • http://www.gorillawalker.com/the-street-of-wonderful-possibilities-whistler-wilde-sargent-in-tite.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.