Malicious PDF — malware analysis report

Static analysis result for SHA-256 ffc4845fd00df200…

MALICIOUS

PDF

43.7 KB Created: 2018-12-15 20:47:18 +03:00 Authoring application: Adobe InDesign CS6 (Macintosh) (via Acrobat Distiller 10.1.12 (Macintosh))
MD5: f5865b87197a4bd3e76152d448bbb746 SHA-1: 065c1ed9534e843b2b13a1bcbc6ab45339cca60d SHA-256: ffc4845fd00df200d9176c365fddabb27a3890a4938fecb2e9a8408ea7607ae3
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF was flagged by a critical heuristic for containing a large number of external links, specifically a link farm. The ML classifier also indicated a high probability of maliciousness. The embedded URLs point to various PDF documents hosted on the same domain, suggesting a coordinated effort to distribute content or manipulate search results. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8859

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/coercion-as-cure-a-critical-history-of-psychiatry.pdf
    • http://www.gorillawalker.com/write-it-up-practical-strategies-for-writing-and-publishing-journal.pdf
    • http://www.gorillawalker.com/coping-with-self-mutilation-a-helping-book-for-teens-who.pdf
    • http://www.gorillawalker.com/contemporary-issues-in-lung-cancer.pdf
    • http://www.gorillawalker.com/eviction-notice-a-hood-rat-novel-hood-rat-novels.pdf
    • http://www.gorillawalker.com/letts-11-success-151-11-results-booster-for-the-cem.pdf
    • http://www.gorillawalker.com/vertical-gardening-the-ultimate-guide-to-vertical-gardening-for-beginners.pdf
    • http://www.gorillawalker.com/strangers-in-the-house-coming-of-age-in-occupied-palestine.pdf
    • http://www.gorillawalker.com/amsterdam-city-flash-1997-1998.pdf
    • http://www.gorillawalker.com/iran-culture-smart-the-essential-guide-to-customs-culture-illustrated.pdf
    • http://www.gorillawalker.com/the-port-huron-statement-the-vision-call-of-the-1960s.pdf
    • http://www.gorillawalker.com/the-washington-manual-of-critical-care-lippincott-manual.pdf
    • http://www.gorillawalker.com/the-health-benefits-of-dog-walking-for-people-and-pets.pdf
    • http://www.gorillawalker.com/monster-erotica-mega-bundle-weird-as-it-gets.pdf
    • http://www.gorillawalker.com/gr-ne-smoothies-zum-abnehmen-10-saisonale-rezepte-abgestimmt-auf.pdf
    • http://www.gorillawalker.com/list-of-books.pdf
    • http://www.gorillawalker.com/dirty-and-dirtier-little-limericks.pdf
    • http://www.gorillawalker.com/up-and-down-california-in-1860-1864-the-journal-of.pdf
    • http://www.gorillawalker.com/modern-construction-roofs-modern-construction-series.pdf
    • http://www.gorillawalker.com/air-bear.pdf
    • http://www.gorillawalker.com/barbie-doll-fashion-vol-2-1968-1974-barbie-doll-fashion.pdf
    • http://www.gorillawalker.com/district-hospital-and-the-medical-school.pdf
    • http://www.gorillawalker.com/legal-services-in-rural-areas-an-evaluation.pdf
    • http://www.gorillawalker.com/germany-s-tiger-tanks-vk45-02-to-tiger-ii-design.pdf
    • http://www.gorillawalker.com/the-investment-property-plan-the-5-steps-to-becoming-rich.pdf
    • http://www.gorillawalker.com/4th-of-july.pdf
    • http://www.gorillawalker.com/vanadium-and-chromium-groups-comprehensive-organometallic-chemistry-ii-s.pdf
    • http://www.gorillawalker.com/die-fledermaus-the-bat-english-version-by-a-kalisch-vocal.pdf
    • http://www.gorillawalker.com/christopher-grey-s-studio-lighting-techniques-for-photography-tricks-of.pdf
    • http://www.gorillawalker.com/latin-american-melodrama-passion-pathos-and-entertainment.pdf
    • http://www.gorillawalker.com/junior-scientists-experiment-with-water-science-explorer-junior.pdf
    • http://www.gorillawalker.com/cheltenriam-churchdown-innsworth-streetmaster-street-maps.pdf
    • http://www.gorillawalker.com/the-complete-limited-liability-company-kit-cd-rom.pdf
    • http://www.gorillawalker.com/the-us-marine-corps-in-the-vietnam-war-iii-marine.pdf
    • http://www.gorillawalker.com/the-templars-and-the-assassins-the-militia-of-heaven.pdf
    • http://www.gorillawalker.com/rick-steves-florence-and-tuscany-2011.pdf
    • http://www.gorillawalker.com/simulation-pragmatic-constructions-of-reality-sociology-of-the-sciences-yearbook.pdf
    • http://www.gorillawalker.com/last-minute-italian-with-audio-cd-a-teach-yourself-guide.pdf
    • http://www.gorillawalker.com/gossamer-axe.pdf
    • http://www.gorillawalker.com/scion-demigod-scion.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.