Malicious PDF — malware analysis report

Static analysis result for SHA-256 13499b632b44bcc9…

MALICIOUS

PDF

45.2 KB Created: 2019-03-18 06:08:38 +03:00 Authoring application: Adobe Acrobat 8.1 Combine Files (via Acrobat Distiller 8.1.0 (Windows))
MD5: a0a38b51a89b3c2d0be76179d6eda7be SHA-1: 31f18494d557d52918a30bce69f4f0c17a968816 SHA-256: 13499b632b44bcc9058b142df2ced48e21d0a96809f63b320e75f8276dab2947
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1105 Ingress Tool Transfer

The PDF contains a large number of embedded links to external PDF files, as indicated by the 'PDF_SEO_LINK_FARM' heuristic. The ML classifier also flagged the document as malicious. The primary purpose appears to be directing users to a website hosting numerous documents, potentially for SEO manipulation or to serve as a distribution point for further malicious content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8173

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/handbook-on-ingredients-for-aquaculture-feeds.pdf
    • http://www.gorillawalker.com/clarinet-exam-pieces-20142017-grade-2-score-part-selected-from.pdf
    • http://www.gorillawalker.com/organic-synthesis-solutions-manual.pdf
    • http://www.gorillawalker.com/ghosts-of-versailles-vosc-vocal-score.pdf
    • http://www.gorillawalker.com/the-palm-at-the-end-of-the-mind-selected-poems.pdf
    • http://www.gorillawalker.com/stargate-atlantis-impressions.pdf
    • http://www.gorillawalker.com/the-life-and-revelations-of-anne-catherine-emmerich-2-volume.pdf
    • http://www.gorillawalker.com/detailed-instruction-for-appropriate-icd-10-pcs-coding-2015.pdf
    • http://www.gorillawalker.com/taken-in-the-restroom-husband-turned-gay-1-staright-to.pdf
    • http://www.gorillawalker.com/gotta-headache.pdf
    • http://www.gorillawalker.com/single-room-maternity-care.pdf
    • http://www.gorillawalker.com/the-essays-penguin-classics.pdf
    • http://www.gorillawalker.com/the-business-style-handbook-second-edition-an-a-to-z.pdf
    • http://www.gorillawalker.com/an-italian-affair.pdf
    • http://www.gorillawalker.com/home-health-aide-on-the-go-in-service-lessons-volume.pdf
    • http://www.gorillawalker.com/close-to-the-bone-the-treatment-of-painful-musculoskeletal-disorders.pdf
    • http://www.gorillawalker.com/cakes-and-pastries.pdf
    • http://www.gorillawalker.com/think-fast-the-racer-s-why-to-guide-to-winning.pdf
    • http://www.gorillawalker.com/polymers-for-packaging-applications-print-replica-kindle-edition.pdf
    • http://www.gorillawalker.com/the-question-of-palestine-british-jewish-arab-relations-1914-1918.pdf
    • http://www.gorillawalker.com/catch-a-wave.pdf
    • http://www.gorillawalker.com/lonely-planet-seattle-city-guide.pdf
    • http://www.gorillawalker.com/digital-slr-astrophotography-practical-amateur-astronomy.pdf
    • http://www.gorillawalker.com/korean-film-directors-park-chan-wook-by-young-jin-kim.pdf
    • http://www.gorillawalker.com/a-gentleman-of-means-a-steampunk-adventure-novel-magnificent-devices.pdf
    • http://www.gorillawalker.com/byzanz-konstantinopel-istanbul-handbuch-d-kunstdenkmaler-german-edition.pdf
    • http://www.gorillawalker.com/a-younger-man-s-game-the-adventures-of-captain-hawker.pdf
    • http://www.gorillawalker.com/gregg-college-keyboarding-document-processing-word-2007-update-kit-2.pdf
    • http://www.gorillawalker.com/the-dogs-of-yelapa-los-perros-de-yelapa-adventures-with.pdf
    • http://www.gorillawalker.com/ib-physics-print-and-online-course-book-pack-2014-edition.pdf
    • http://www.gorillawalker.com/zig-zag-the-surprising-path-to-greater-creativity.pdf
    • http://www.gorillawalker.com/coding-club-level-1-python-basics.pdf
    • http://www.gorillawalker.com/55-most-common-medicinal-herbs-the-complete-natural-medicine-guide.pdf
    • http://www.gorillawalker.com/the-captain-s-log-diamond-lil-does-the-loop.pdf
    • http://www.gorillawalker.com/the-sonnets-triumphs-and-other-poems-of-petrarch.pdf
    • http://www.gorillawalker.com/postpartum-depression-and-anxiety-a-self-help-guide-for-mothers.pdf
    • http://www.gorillawalker.com/the-disease-concept-of-alcoholism-by-e-m-jellinek.pdf
    • http://www.gorillawalker.com/the-sword-of-calandra-book-two-wizard-s-destiny-volume.pdf
    • http://www.gorillawalker.com/new-trends-in-basic-and-clinical-research-of-glaucoma-a.pdf
    • http://www.gorillawalker.com/competitor-analysis-dengue-virus-vaccines-download-pdf-digital.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.