Malicious PDF — malware analysis report

Static analysis result for SHA-256 1d5759f8746da23f…

MALICIOUS

PDF

44.4 KB Created: 2019-03-17 10:54:58 +03:00 Authoring application: Acrobat Distiller 5.0 (Windows) (via Adobe PDF Library 9.9)
MD5: 5b371fb522cab7213efda0d4703f9a0e SHA-1: 5dd3cb5f2a75808e4ed7a6a3366abcdbf7b7b576 SHA-256: 1d5759f8746da23f270d4705a248759bd7e72ab90efb502f9b171007c80075e2
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious File

The PDF was flagged by a machine learning classifier and contains a large number of embedded links to external PDFs, indicating a potential link farm or distribution mechanism for further malicious content. The heuristic 'PDF_SEO_LINK_FARM' specifically calls out the mass external PDF link farm. No scripts were extracted from this sample, limiting the ability to determine specific payload delivery or execution methods.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8439

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/chartered-institute-of-taxation-tax-treaties-and-controlled-foreign-company.pdf
    • http://www.gorillawalker.com/a-da-act-ii-victory-chorus-viene-o-guerrera-vendice.pdf
    • http://www.gorillawalker.com/awakened-love-amish-of-webster-county-v3-amish-of-webster.pdf
    • http://www.gorillawalker.com/live-children-s-curriculum-year-2-pack-getting-kids-into.pdf
    • http://www.gorillawalker.com/historic-gloucester.pdf
    • http://www.gorillawalker.com/britain-s-retreat-from-empire-in-east-asia-1905-1980.pdf
    • http://www.gorillawalker.com/the-wars-of-the-roses-the-fall-of-the-plantagenets.pdf
    • http://www.gorillawalker.com/understanding-the-social-world-of-the-new-testament.pdf
    • http://www.gorillawalker.com/clinical-supervision-in-the-helping-professions-a-practical-guide.pdf
    • http://www.gorillawalker.com/star-trek-costumes-five-decades-of-fashion-from-the-final.pdf
    • http://www.gorillawalker.com/adivina-cuanto-te-quiero-spanish-edition.pdf
    • http://www.gorillawalker.com/finding-words-for-worship-a-guide-for-leaders.pdf
    • http://www.gorillawalker.com/roman-britain-a-sourcebook-routledge-sourcebooks-for-the-ancient-world.pdf
    • http://www.gorillawalker.com/field-guide-to-north-american-truffles-hunting-identifying-and-enjoying.pdf
    • http://www.gorillawalker.com/felt-christmas-decorations-twenty-to-make.pdf
    • http://www.gorillawalker.com/natural-hemorrhoids-remedies-how-to-cure-hemorrhoids-fast-and-naturally.pdf
    • http://www.gorillawalker.com/the-gringo-s-guide-to-acapulco-3rd-edition.pdf
    • http://www.gorillawalker.com/the-versailles-treaty-and-its-legacy-the-failure-of-the.pdf
    • http://www.gorillawalker.com/the-g-factor-general-intelligence-and-its-implications.pdf
    • http://www.gorillawalker.com/stress-and-the-healthy-family-how-healthy-families-handle-the.pdf
    • http://www.gorillawalker.com/beat-reflux-all-natural-cure-kindle-edition.pdf
    • http://www.gorillawalker.com/loose-change-three-women-of-the-sixties.pdf
    • http://www.gorillawalker.com/appeal-of-fascism-creeping-right-handed-trap-of-terrorism-kadokawa.pdf
    • http://www.gorillawalker.com/air-quality-assessment-and-management-a-practical-guide-clay-s.pdf
    • http://www.gorillawalker.com/family-practice-guidelines.pdf
    • http://www.gorillawalker.com/more-prayers-first-book.pdf
    • http://www.gorillawalker.com/books-for-kids-frog-and-are-friends-bedtime-stories-for.pdf
    • http://www.gorillawalker.com/your-father-has-alzheimer-s-a-guide-to-baby-boomers.pdf
    • http://www.gorillawalker.com/jesus-calls-us-keyboard-bk2-moderate.pdf
    • http://www.gorillawalker.com/the-guitar-practice-journal-organise-your-practice-track-your-progress.pdf
    • http://www.gorillawalker.com/hospital-billing-completing-ub-04-claims-2nd-second-edition.pdf
    • http://www.gorillawalker.com/trattato-d-amore-italian-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/hiv-aids-and-the-social-consequences-of-untamed-biomedicine-anthropological.pdf
    • http://www.gorillawalker.com/marina-und-der-68er-german-edition.pdf
    • http://www.gorillawalker.com/bankruptcy-law-principles-policies-and-practice-2015-loose-leaf-version.pdf
    • http://www.gorillawalker.com/first-book-of-flight-a-child-s-history-of-aviation.pdf
    • http://www.gorillawalker.com/the-processing-of-information-and-structure.pdf
    • http://www.gorillawalker.com/eagles-complete-vol-1.pdf
    • http://www.gorillawalker.com/from-a-mess-to-a-miracle.pdf
    • http://www.gorillawalker.com/atlas-of-radiologic-measurement-7e.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.