Malicious PDF — malware analysis report

Static analysis result for SHA-256 12fe7d8f75be743a…

MALICIOUS

PDF

43.8 KB Created: 2019-03-17 09:56:39 +03:00 Authoring application: AdobePS5.dll Version 5.0.1 (via Acrobat Distiller 4.0 for Windows)
MD5: 23999dc00d7cfe3ff1f809beae19665f SHA-1: 9231d6ee6c6b78cb8e1650ff47ebdd9191e419a7 SHA-256: 12fe7d8f75be743a13fb2e051672ec924efe314f88c04270fcc002d6c6e46ecd
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded links pointing to external PDF files, suggesting a link farm or SEO poisoning attempt. The ML classifier also flagged this PDF as malicious. The primary attack pattern involves directing users to a large collection of documents hosted on the same domain, likely to manipulate search engine results or distribute content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9171

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/war-comes-to-the-big-bend-a-western-story.pdf
    • http://www.gorillawalker.com/monuments-of-estonia-2015-the-best-photos-from-wiki-loves.pdf
    • http://www.gorillawalker.com/applied-groundwater-modeling-second-edition-simulation-of-flow-and-advective.pdf
    • http://www.gorillawalker.com/lost-in-new-zealand.pdf
    • http://www.gorillawalker.com/piafex-programa-de-intervenci-n-en-autorregulaci-n-y-funciones.pdf
    • http://www.gorillawalker.com/the-events-of-october-murder-suicide-on-a-small-campus.pdf
    • http://www.gorillawalker.com/the-book-of-gad-the-seer-slovenian-translation-slovene-edition.pdf
    • http://www.gorillawalker.com/exploring-the-hidden-charles.pdf
    • http://www.gorillawalker.com/asian-vegetables-chinese-style-cooking.pdf
    • http://www.gorillawalker.com/dietistas-dieticians-people-who-care-for-our-health-spanish-edition.pdf
    • http://www.gorillawalker.com/stability-and-trim-of-fishing-vessels-and-other-small-ships.pdf
    • http://www.gorillawalker.com/integrated-circuit.pdf
    • http://www.gorillawalker.com/sufi-love-poetry-rumi-and-other-masters-and-poets-of.pdf
    • http://www.gorillawalker.com/alligator-and-crocodile-rescue-changing-the-future-for-endangered-wildlife.pdf
    • http://www.gorillawalker.com/beer-brewing-recipes-beer-making-tips-and-tricks-for-your.pdf
    • http://www.gorillawalker.com/new-country-houses.pdf
    • http://www.gorillawalker.com/natural-remedies-for-pig-diseases-natural-remedies-for-animals-series.pdf
    • http://www.gorillawalker.com/love-works-san-francisco-poet-laureate-series.pdf
    • http://www.gorillawalker.com/dilbert-i-love-my-coworkers-until-they-talk-2006-day.pdf
    • http://www.gorillawalker.com/fat-boy-vs-the-cheerleaders.pdf
    • http://www.gorillawalker.com/ample-hills-creamery-secrets-and-stories-from-brooklyn-s-favorite.pdf
    • http://www.gorillawalker.com/alfred-s-basic-adult-piano-course-text-only-by-w.pdf
    • http://www.gorillawalker.com/2011-wildlife-weekly-postcard-calendar.pdf
    • http://www.gorillawalker.com/bond-portfolio-investing-and-risk-management.pdf
    • http://www.gorillawalker.com/internet-marketing.pdf
    • http://www.gorillawalker.com/liebman-s-neuroanatomy-made-easy-and-understandable-by-gertz-s.pdf
    • http://www.gorillawalker.com/the-encyclopedia-of-modern-warfare-from-the-crimean-war-1850.pdf
    • http://www.gorillawalker.com/combinatorial-optimization-for-undergraduates-undergraduate-texts-in-mathematics.pdf
    • http://www.gorillawalker.com/jews-and-christians-getting-our-stories-straight.pdf
    • http://www.gorillawalker.com/adolescent-portraits-identity-relationships-and-challenges-5th-edition.pdf
    • http://www.gorillawalker.com/write-your-screenplay-step-by-step.pdf
    • http://www.gorillawalker.com/nanny-s-book-of-wordsearch.pdf
    • http://www.gorillawalker.com/the-beatles-greatest-hits-easy-piano-organ-guitar-music-songbook.pdf
    • http://www.gorillawalker.com/king-warrior-magician-lover-rediscovering-the-archetypes-of-the-mature.pdf
    • http://www.gorillawalker.com/funeral-anthem-for-queen-caroline-kalmus-edition.pdf
    • http://www.gorillawalker.com/awkward-moments-not-found-in-your-average-children-s-bible.pdf
    • http://www.gorillawalker.com/becoming-a-critical-thinker-a-user-friendly-manual-books-a.pdf
    • http://www.gorillawalker.com/thanks-a-guide-to-donor-centred-fundraising.pdf
    • http://www.gorillawalker.com/dao-de-jing-the-book-of-the-way.pdf
    • http://www.gorillawalker.com/the-hellish-vortex-between-breakfast-and-dinner.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.