Malicious PDF — malware analysis report

Static analysis result for SHA-256 150b890bf54cbc21…

MALICIOUS

PDF

43.2 KB Created: 2019-03-16 14:01:04 +03:00 Authoring application: Adobe Acrobat 6.02 (via Adobe Acrobat 6.02 Paper Capture Plug-in)
MD5: 27fb92904a2ac660c40d18f75913b943 SHA-1: 42cc0c2c0aff5ccec3d2137b7de467fb45b62b0a SHA-256: 150b890bf54cbc217b2f303f540928227966b47e56edf1e8dc60fefe93ed4e72
100 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded links to external PDF files, identified by the PDF_SEO_LINK_FARM heuristic. This suggests the document is part of a link farm or SEO manipulation tactic, rather than a direct user-facing lure. The ML classifier also flagged the document as malicious. While no scripts were extracted, the sheer volume of links points to a malicious intent to drive traffic or manipulate search rankings.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9171

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
    Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/station-games-fun-and-imaginative-pe-lessons.pdf
    • http://www.gorillawalker.com/autobiography-of-maxim-gorky-my-childhood-in-the-world-my.pdf
    • http://www.gorillawalker.com/hotel-transylvania-2-movie-novelization.pdf
    • http://www.gorillawalker.com/moonlight-sonata-op-27-no-2-complete-alfred-masterwork-edition.pdf
    • http://www.gorillawalker.com/how-to-enter-and-win-color-photography-contests.pdf
    • http://www.gorillawalker.com/grains-and-cereals-popcorn-good-food.pdf
    • http://www.gorillawalker.com/the-bulldog-drummond-encyclopedia.pdf
    • http://www.gorillawalker.com/daughter-of-derry-the-story-of-brigid-sheils-makowski.pdf
    • http://www.gorillawalker.com/the-akasha-paradigm-revolution-in-science-evolution-in-consciousness.pdf
    • http://www.gorillawalker.com/michelin-the-green-guide-autriche-2e.pdf
    • http://www.gorillawalker.com/recipes-from-behind-the-redwood-curtain.pdf
    • http://www.gorillawalker.com/the-beatle-s-quiz-book.pdf
    • http://www.gorillawalker.com/mission-san-juan-bautista-the-missions-of-california.pdf
    • http://www.gorillawalker.com/the-sage-handbook-of-qualitative-research-sage-handbooks.pdf
    • http://www.gorillawalker.com/the-earlier-history-of-english-bookselling.pdf
    • http://www.gorillawalker.com/sales-and-use-tax-answer-book.pdf
    • http://www.gorillawalker.com/hymnal-of-the-church-of-god.pdf
    • http://www.gorillawalker.com/a-handbook-for-travellers-on-the-continent-being-a-guide.pdf
    • http://www.gorillawalker.com/glencoe-literature-2002-course-3-grade-8-the-reader-s.pdf
    • http://www.gorillawalker.com/obscurity-jodi-arias-a-shakedown-title-book-5.pdf
    • http://www.gorillawalker.com/children-of-the-same-god-the-historical-relationship-between-unitarianism.pdf
    • http://www.gorillawalker.com/admirals-of-the-world-a-biographical-dictionary-1500-to-the.pdf
    • http://www.gorillawalker.com/butoh-dairakudakan-kochuten-performance-daiseikai-japanese-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/musculoskeletal-anatomy-flashcards-2e.pdf
    • http://www.gorillawalker.com/sport-heritage.pdf
    • http://www.gorillawalker.com/elegant-sayings-nagarjuna-s-staff-of-wisdom-sakya-pandit-s.pdf
    • http://www.gorillawalker.com/inevitable-surprises.pdf
    • http://www.gorillawalker.com/balls.pdf
    • http://www.gorillawalker.com/thadeous-turtle-s-secret-kindle-edition.pdf
    • http://www.gorillawalker.com/the-middle-zone-mastering-the-most-difficult-hands-in-hold.pdf
    • http://www.gorillawalker.com/the-best-new-patriotic-classics.pdf
    • http://www.gorillawalker.com/the-amazing-superfood-of-the-orient-your-pocket-guide-to.pdf
    • http://www.gorillawalker.com/katana-shodan-the-scroll-of-five-masters.pdf
    • http://www.gorillawalker.com/container-ships-pictures-and-history-of-shipping-boats-kindle-edition.pdf
    • http://www.gorillawalker.com/and-other-stories.pdf
    • http://www.gorillawalker.com/quantitative-data-processing-in-scanning-probe-microscopy-spm-applications-for.pdf
    • http://www.gorillawalker.com/saving-darwin-how-to-be-a-christian-and-believe-in.pdf
    • http://www.gorillawalker.com/growing-orchids-from-seed.pdf
    • http://www.gorillawalker.com/thestreet-com-ratings-guide-to-bond-money-market-mutual-funds.pdf
    • http://www.gorillawalker.com/sexpakt-mit-dem-teufel-2-paranormal-d-monen-erotik-german.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.