Malicious PDF — malware analysis report

Static analysis result for SHA-256 1e4ea39b7aae015f…

MALICIOUS

PDF

43.2 KB Created: 2019-02-13 19:54:15 +03:00 Authoring application: PDFCreator Version 0.9.8 (via GPL Ghostscript 8.64)
MD5: cfc70e62496e6d05418e4be148b27912 SHA-1: 449220a105740b9dcda851cd01e6373f7e1e9f63 SHA-256: 1e4ea39b7aae015faa6545bc9d9eaac57a3adbcbd46f9648403a2ffb8985066d
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded URLs pointing to external PDF files, as indicated by the 'PDF_SEO_LINK_FARM' heuristic. The ML classifier also flagged the document as malicious. The primary purpose appears to be directing users to a website hosting numerous PDF documents, likely for SEO manipulation or to serve as a distribution point for further malicious content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8859

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/short-shorter-shortest-stories-drabbles-tiny-tales-german-edition.pdf
    • http://www.gorillawalker.com/prealgebra-plus-new-mymathlab-with-pearson-etext-access-card-package.pdf
    • http://www.gorillawalker.com/reel-terror-the-scary-bloody-gory-hundred-year-history-of.pdf
    • http://www.gorillawalker.com/human-respiratory-viral-infections.pdf
    • http://www.gorillawalker.com/metaphors-dictionary.pdf
    • http://www.gorillawalker.com/shoptimism-why-the-american-consumer-will-keep-on-buying-no.pdf
    • http://www.gorillawalker.com/the-senses-the-amazing-human-body-library-binding.pdf
    • http://www.gorillawalker.com/latin-hits-instrumental-cd-play-along-for-trombone.pdf
    • http://www.gorillawalker.com/looking-for-history-dispatches-from-latin-america.pdf
    • http://www.gorillawalker.com/the-power-of-spoken-faith.pdf
    • http://www.gorillawalker.com/torts-bar-exam-review.pdf
    • http://www.gorillawalker.com/traps-more-trap-making-step-by-step.pdf
    • http://www.gorillawalker.com/queen-of-wands-sanctify.pdf
    • http://www.gorillawalker.com/larry-cohen-the-radical-allegories-of-an-independent-filmmaker-rev.pdf
    • http://www.gorillawalker.com/hal-leonard-folk-songs-for-violin-instrumental-play-along-book.pdf
    • http://www.gorillawalker.com/research-and-write-a-dissertation-in-30-days-essential-study.pdf
    • http://www.gorillawalker.com/bloodstoppers-and-bearwalkers-folk-traditions-of-michigan-s-upper-peninsula.pdf
    • http://www.gorillawalker.com/supernatural-seductions-iv.pdf
    • http://www.gorillawalker.com/the-touch-of-the-earth.pdf
    • http://www.gorillawalker.com/global-financial-crisis-causes-consequences-and-impact-on-economic-growth.pdf
    • http://www.gorillawalker.com/the-big-book-of-jokes.pdf
    • http://www.gorillawalker.com/the-notes-ronald-reagan-s-private-collection-of-stories-and.pdf
    • http://www.gorillawalker.com/betty-page-confidential.pdf
    • http://www.gorillawalker.com/the-art-of-mexican-cooking-hardcover-2008-author-diana-kennedy.pdf
    • http://www.gorillawalker.com/tarikh-i-jahan-gusha-volume-ii-the-history-of-the.pdf
    • http://www.gorillawalker.com/the-story-of-measurement.pdf
    • http://www.gorillawalker.com/sex-swaps-at-school-gender-swap-erotica-bundle.pdf
    • http://www.gorillawalker.com/the-small-community-foundation-of-democratic-life.pdf
    • http://www.gorillawalker.com/dragonar-academy-vol-2.pdf
    • http://www.gorillawalker.com/good-will-ghost-hunting-hell-s-bells-good-will-ghost.pdf
    • http://www.gorillawalker.com/rotten-lies-a-lee-ofsted-mystery.pdf
    • http://www.gorillawalker.com/remaking-the-heartland-middle-america-since-the-1950s.pdf
    • http://www.gorillawalker.com/centennial-buckeye-cook-book.pdf
    • http://www.gorillawalker.com/paul-kirks-championship-barbecue-volume-2-of-2-bbq-your.pdf
    • http://www.gorillawalker.com/polar-castaways-the-ross-sea-party-of-sir-ernest-shackleton.pdf
    • http://www.gorillawalker.com/the-judge-and-the-proportionate-use-of-discretion-a-comparative.pdf
    • http://www.gorillawalker.com/running-with-the-dogs-war-in-korea-with-d-2.pdf
    • http://www.gorillawalker.com/sleep-talking-psychology-and-psychophysiology.pdf
    • http://www.gorillawalker.com/dk-eyewitness-books-early-humans.pdf
    • http://www.gorillawalker.com/away-we-go.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.