Malicious PDF — malware analysis report

Static analysis result for SHA-256 febbd62f718e960f…

MALICIOUS

PDF

42.7 KB Created: 2018-11-26 20:07:27 +03:00 Authoring application: PScript5.dll Version 5.2.2 (via Acrobat Distiller 10.1.2 (Windows))
MD5: 88cfb036765c07b4f2d59287bc851bab SHA-1: c822e07e50762bbc6a1118404d498c1996c1cfd1 SHA-256: febbd62f718e960f519409d842ace3c898f467e185d362a7730440d180d5429e
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF file was flagged by a machine learning classifier and contains a large number of embedded links to external PDF files, suggesting a link farm or SEO manipulation tactic. The primary heuristic indicates a 'PDF_SEO_LINK_FARM' with 32 external links, the first being http://www.gorillawalker.com/human-anatomy-for-artists.pdf. While no scripts were extracted, the sheer volume of links points towards a malicious intent, possibly to distribute further malware or engage in phishing.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8469

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/human-anatomy-for-artists.pdf
    • http://www.gorillawalker.com/mindfulness-for-compassionate-living-mindful-ways-to-less-stress-and.pdf
    • http://www.gorillawalker.com/graded-exercises-in-statistics-graded-exercises-in-advanced-level-mathematics.pdf
    • http://www.gorillawalker.com/dishuiyan-the-book-signed-by-the-author-donated-to-the.pdf
    • http://www.gorillawalker.com/long-lost-tour-lions-77.pdf
    • http://www.gorillawalker.com/fasting-the-ultimate-diet.pdf
    • http://www.gorillawalker.com/the-american-paint-horse.pdf
    • http://www.gorillawalker.com/a-great-effusion-of-blood-interpreting-medieval-violence.pdf
    • http://www.gorillawalker.com/the-luciano-legacy.pdf
    • http://www.gorillawalker.com/here-comes-darrell.pdf
    • http://www.gorillawalker.com/an-introduction-to-ontology.pdf
    • http://www.gorillawalker.com/historical-sketches-of-kentucky-embracing-its-history-antiquities-and-natural.pdf
    • http://www.gorillawalker.com/i-love-lucy-the-official-50th-anniversary-tribute.pdf
    • http://www.gorillawalker.com/witness-for-the-defense-the-accused-the-eyewitness-and-the.pdf
    • http://www.gorillawalker.com/meh-when-a-teacher-shrugs-seeking-ms-sandy-book-1.pdf
    • http://www.gorillawalker.com/marianne-north-a-very-intrepid-painter.pdf
    • http://www.gorillawalker.com/chasing-sacred-air-a-common-sense-guide-to-energy-efficiency.pdf
    • http://www.gorillawalker.com/den-store-hunger-roman-norwegian-edition.pdf
    • http://www.gorillawalker.com/amaury-s-hellion-scanguards-vampires.pdf
    • http://www.gorillawalker.com/what-happy-people-know-how-the-new-science-of-happiness.pdf
    • http://www.gorillawalker.com/alfred-improvised-tenor-saxophone-solos-sonny-stitt.pdf
    • http://www.gorillawalker.com/museums-and-higher-education-working-together-challenges-and-opportunities.pdf
    • http://www.gorillawalker.com/the-biggest-boat-i-could-afford-sailing-up-the-u.pdf
    • http://www.gorillawalker.com/the-economic-structure-of-corporate-law.pdf
    • http://www.gorillawalker.com/through-the-italian-alps-the-gta-grande-traversata-delle-alpi.pdf
    • http://www.gorillawalker.com/toronto-insight-pocket-guide-pocket-guides.pdf
    • http://www.gorillawalker.com/esthetics-and-biomechanics-in-orthodontics-2e.pdf
    • http://www.gorillawalker.com/the-beginners-method-for-soprano-and-alto-recorder-part-1.pdf
    • http://www.gorillawalker.com/pw21xe-standard-of-excellence-enhanced-book-1-alto-saxophone.pdf
    • http://www.gorillawalker.com/the-american-heritage-stedman-s-medical-dictionary.pdf
    • http://www.gorillawalker.com/the-story-of-a-thousand-year-pine-classic-reprint.pdf
    • http://www.gorillawalker.com/combat-search-and-rescue-in-desert-storm.pdf
    • http://www.gorillawalker.com/teach-me-too.pdf
    • http://www.gorillawalker.com/venice-walks-on-foot-guides.pdf
    • http://www.gorillawalker.com/ni-os-adolescentes-y-adicciones-children-adolescents-and-addictions-una.pdf
    • http://www.gorillawalker.com/soup-it-up-a-collection-of-simple-thai-soup-recipes.pdf
    • http://www.gorillawalker.com/edmund-de-waal.pdf
    • http://www.gorillawalker.com/my-dream-to-trample-aids-what-everyone-at-any-age.pdf
    • http://www.gorillawalker.com/barron-s-real-estate-exam-flash-cards-2nd-edition.pdf
    • http://www.gorillawalker.com/nemesis-truman-and-johnson-int-the-coils-of-war-in.pdf
    • http://www.gorillawalker.com/historical-sketches-of-kentucky-embracing-its-history-antiquities-an
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.