Malicious PDF — malware analysis report

Static analysis result for SHA-256 ffb8ee116534604e…

MALICIOUS

PDF

32.1 KB Created: 2020-01-03 01:15:58 +03:00 Authoring application: Adobe InDesign CS4 (6.0.6) (via Adobe PDF Library 9.0)
MD5: bb8728076b6f92a59d1e378b3d12fd6d SHA-1: 9b18d60a2355e10ab387c40098a5d155c0595f6f SHA-256: ffb8ee116534604edfd8d252a311ff4abbaea70c40fd2c9c4e2bfbcd8f1c7d23
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious File

The PDF file was flagged by a machine learning classifier as malicious. Static analysis revealed a significant number of embedded external links, characteristic of a link farm or SEO manipulation tactic. The primary heuristic indicates a 'PDF_SEO_LINK_FARM' with 32 external links, the first of which is http://www.gorillawalker.com/virginia-from-sea-to-shining-sea-second-library-binding.pdf. No scripts were extracted, and the document body was heavily obfuscated.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8447

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/virginia-from-sea-to-shining-sea-second-library-binding.pdf
    • http://www.gorillawalker.com/the-microbiology-of-safe-food.pdf
    • http://www.gorillawalker.com/surprise-the-billionaire-s-obsession-book-3-kindle-edition.pdf
    • http://www.gorillawalker.com/clive-brittain-the-smiling-pioneer-the-biography-of-clive-brittain.pdf
    • http://www.gorillawalker.com/guppies-in-tuxedos-funny-eponyms.pdf
    • http://www.gorillawalker.com/today-i-m-alice-the-heartbreaking-memoir-of-a-woman.pdf
    • http://www.gorillawalker.com/the-grand-coulee-of-washington-and-dry-falls-in-picture.pdf
    • http://www.gorillawalker.com/by-grace-you-have-been-saved-bible-studies-on-healing.pdf
    • http://www.gorillawalker.com/masculine-landscapes-walt-whitman-and-the-homoerotic-text.pdf
    • http://www.gorillawalker.com/fiddle-time-scales-1-pieces-puzzles-scales-and-arpeggios.pdf
    • http://www.gorillawalker.com/minecraft-diary-of-a-minecraft-rabbit-an-unofficial-minecraft-book.pdf
    • http://www.gorillawalker.com/web-penetration-testing-with-kali-linux.pdf
    • http://www.gorillawalker.com/children-s-handbook-scotland-a-benefits-guide-for-children-living.pdf
    • http://www.gorillawalker.com/hear-my-prayer-vocal-score-oxford-choral-classics-octavos.pdf
    • http://www.gorillawalker.com/a-wedding-by-dawn.pdf
    • http://www.gorillawalker.com/burning-secret.pdf
    • http://www.gorillawalker.com/paraguay-in-wort-und-bild-eine-studie-uber-den-wirtschaftlichen.pdf
    • http://www.gorillawalker.com/militarizing-the-border-when-mexicans-became-the-enemy.pdf
    • http://www.gorillawalker.com/principles-of-macroeconomics-the-freedom-to-choose.pdf
    • http://www.gorillawalker.com/town-planning-towards-city-development-a-report-to-the-durbar.pdf
    • http://www.gorillawalker.com/chastity-discipline-a-story-of-bisexual-chastity-sissy-cuckold-slavery.pdf
    • http://www.gorillawalker.com/the-telephone-system-of-the-british-post-office-a-practical.pdf
    • http://www.gorillawalker.com/confucian-democracy-a-deweyan-reconstruction-suny-series-in-chinese-philosophy.pdf
    • http://www.gorillawalker.com/strange-plants-take-off-plants.pdf
    • http://www.gorillawalker.com/picture-showmen-insights-into-the-narrative-tradition-in-indian-ar.pdf
    • http://www.gorillawalker.com/secret-beaches-of-greater-victoria-view-royal-to-sidney.pdf
    • http://www.gorillawalker.com/by-ellis-d-avner-pediatric-nephrology-6th-sixth-edition.pdf
    • http://www.gorillawalker.com/rohinton-mistry-writers-of-the-indian-diaspora.pdf
    • http://www.gorillawalker.com/practical-cookery.pdf
    • http://www.gorillawalker.com/the-agile-association-an-article-from-association-management-html-digital.pdf
    • http://www.gorillawalker.com/the-yorkshire-terrier-kindle-edition.pdf
    • http://www.gorillawalker.com/hemidemisemiquavers-and-other-such-things-a-concise-guide-to-music.pdf
    • http://www.gorillawalker.com/el-nino-autista-deteccion-evolucion-y-tratamiento-infancia-y-desarrollo.pdf
    • http://www.gorillawalker.com/dk-eyewitness-travel-guide-tunisia-by-dk-publishing-dk-travel.pdf
    • http://www.gorillawalker.com/national-survey-of-state-laws.pdf
    • http://www.gorillawalker.com/bond-markets-analysis-and-strategies-7th-edition.pdf
    • http://www.gorillawalker.com/the-greatest-guessing-game-a-book-about-dividing-young-math.pdf
    • http://www.gorillawalker.com/handwriting-skills-copybook-1.pdf
    • http://www.gorillawalker.com/building-construction-cost-data-1992.pdf
    • http://www.gorillawalker.com/freak-story-1967-1969.pdf
    • http://www.gorillawalker.com/masculine-landscapes-walt-whitman-and-the-homoerotic-t
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.