Malicious PDF — malware analysis report

Static analysis result for SHA-256 1fce18fa92ec4c70…

MALICIOUS

PDF

42.7 KB Created: 2019-03-17 10:49:06 +03:00 Authoring application: PScript5.dll Version 5.2.2 (via Acrobat Distiller 7.0.5 (Windows))
MD5: 3ad64cb45caccd5612ca268fcee80b28 SHA-1: 65b983ba4572f0f5033d36a9a588138228e66fdd SHA-256: 1fce18fa92ec4c70e2c782b8f90d7ab04f707261ed6810e4cddd923a3586fce2
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged this document as malicious. The primary attack pattern appears to be a link farm designed to manipulate search engine results or to distribute additional malicious content via the linked PDFs.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/el-tachira-fronterizo-el-aislamiento-regional-y-la-integracion-nacional.pdf
    • http://www.gorillawalker.com/the-boardman-tasker-omnibus-savage-arena-the-shining-mountain-sacred.pdf
    • http://www.gorillawalker.com/knowledge-matters-the-public-mission-of-the-research-university-a.pdf
    • http://www.gorillawalker.com/fundamentals-of-precalculus-plus-mymathlab-student-starter-kit.pdf
    • http://www.gorillawalker.com/forgotten-places-barcelona-and-the-spanish-civil-war.pdf
    • http://www.gorillawalker.com/to-hell-and-back-a-surgeon-s-story-of-addiction.pdf
    • http://www.gorillawalker.com/yours-lord-mowbray-parish-handbooks.pdf
    • http://www.gorillawalker.com/cube-monkeys.pdf
    • http://www.gorillawalker.com/difference-methods-for-initial-value-problems-interscience-tracts-in-pure.pdf
    • http://www.gorillawalker.com/can-am-cars-in-detail-machines-and-minds-racing-unrestrained.pdf
    • http://www.gorillawalker.com/uneasy-allies-evangelical-and-jewish-relations.pdf
    • http://www.gorillawalker.com/essay-writing-made-easy-with-the-hourglass-organizer-a-classroom.pdf
    • http://www.gorillawalker.com/after-the-first-death.pdf
    • http://www.gorillawalker.com/bullion-and-foreign-exchanges-theoretically-and-practically-considered-1868.pdf
    • http://www.gorillawalker.com/the-question-of-freemasonry.pdf
    • http://www.gorillawalker.com/edward-barber-jay-osgerby-ascent.pdf
    • http://www.gorillawalker.com/insurers-watch-canada-auto-market-an-article-from-national-underwriter.pdf
    • http://www.gorillawalker.com/biogeochemistry-webster-s-timeline-history-1924-2007.pdf
    • http://www.gorillawalker.com/china-logo-design.pdf
    • http://www.gorillawalker.com/o-melhor-do-humor-na-internet-volume-2-em-portuguese.pdf
    • http://www.gorillawalker.com/egypt-s-desert-dreams-development-or-disaster.pdf
    • http://www.gorillawalker.com/on-the-road-50th-anniversary-edition.pdf
    • http://www.gorillawalker.com/rock-solid-volunteers.pdf
    • http://www.gorillawalker.com/super-color-picture-mazes.pdf
    • http://www.gorillawalker.com/around-the-river-s-bend-the-spirit-of-appalachia-series.pdf
    • http://www.gorillawalker.com/introduction-to-radiological-physics-and-radiation-dosimetry.pdf
    • http://www.gorillawalker.com/consequences-consequences-book-1-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/chicken-soup-for-the-teenage-soul-on-love-friendship-chicken.pdf
    • http://www.gorillawalker.com/tech-jacket-volume-3.pdf
    • http://www.gorillawalker.com/black-slaveowners-free-black-slave-masters-in-south-carolina-1790.pdf
    • http://www.gorillawalker.com/the-ark-kindle-edition.pdf
    • http://www.gorillawalker.com/crisis-in-the-eurozone.pdf
    • http://www.gorillawalker.com/designing-and-drawing-for-the-theatre.pdf
    • http://www.gorillawalker.com/families-children-and-the-development-of-dysfunction-developmental-clinical-psychology.pdf
    • http://www.gorillawalker.com/clinical-neuroanatomy-and-neuroscience-with-student-consult-online-access-5e.pdf
    • http://www.gorillawalker.com/avancemos-estudent-edition-dvd-level-1a-2010.pdf
    • http://www.gorillawalker.com/critical-reasoning-and-the-art-of-argumentation-revised-edition.pdf
    • http://www.gorillawalker.com/powerful-prayers-for-your-children.pdf
    • http://www.gorillawalker.com/the-shamer-s-war-shamer-chronicles.pdf
    • http://www.gorillawalker.com/lady-sings-the-blues.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.