Malicious PDF — malware analysis report

Static analysis result for SHA-256 21628a0c9237d089…

MALICIOUS

PDF

40.9 KB Created: 2019-04-09 12:41:33 +03:00 Authoring application: Adobe InDesign CS5 (7.0) (via Adobe PDF Library 9.9)
MD5: acdeab102b3eed17c34b178ad93fd243 SHA-1: 378412a1a37827f2dcdbaee49cdb26d8de0ae327 SHA-256: 21628a0c9237d089f64d846f8ce2c8199c821c9dc84dde5ea49c258ad916018e
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF file was flagged by a machine learning classifier as malicious. A critical heuristic identified a large number of external PDF links, suggesting a link farm or distribution mechanism. The embedded URLs point to various PDF documents hosted on the same domain, indicating a coordinated effort to host or link to potentially malicious content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/intrighi-e-gelosia-passion-il-velo-di-holmes-italian-edition.pdf
    • http://www.gorillawalker.com/sing-your-own-song-a-guide-for-single-moms.pdf
    • http://www.gorillawalker.com/marketing-the-core-2nd-edition.pdf
    • http://www.gorillawalker.com/digital-integrated-circuits.pdf
    • http://www.gorillawalker.com/the-law-of-mind-in-action-daily-lessons-and-treatments.pdf
    • http://www.gorillawalker.com/2-po-mes-op-32-allegro-no-2-for-orchestra.pdf
    • http://www.gorillawalker.com/bomb-the-author-interviews.pdf
    • http://www.gorillawalker.com/the-most-important-thing-you-ll-ever-study-a-survey.pdf
    • http://www.gorillawalker.com/off-duty-christmas.pdf
    • http://www.gorillawalker.com/las-familias-alcoholicas-alcoholic-families-spanish-edition.pdf
    • http://www.gorillawalker.com/kaiju-storm.pdf
    • http://www.gorillawalker.com/the-search-for-life-continued-planets-around-other-stars-springer.pdf
    • http://www.gorillawalker.com/practicing-texas-politics-text-only.pdf
    • http://www.gorillawalker.com/environmentally-responsible-design-green-and-sustainable-design-for-interior-designers.pdf
    • http://www.gorillawalker.com/by-herb-brambley-cotton-s-tale-a-true-iditarod-story.pdf
    • http://www.gorillawalker.com/american-revolution-from-a-to-z-the.pdf
    • http://www.gorillawalker.com/norwegian-proverbs.pdf
    • http://www.gorillawalker.com/marxism-and-history.pdf
    • http://www.gorillawalker.com/madiba.pdf
    • http://www.gorillawalker.com/les-totems-d-andre-breton-surrealisme-et-primitivisme-litteraire-collection.pdf
    • http://www.gorillawalker.com/railway-signal-engineering-in-the-mechanical-era.pdf
    • http://www.gorillawalker.com/the-demon-in-the-mirror-war-of-the-wizards-trilogy.pdf
    • http://www.gorillawalker.com/puppies-a-picture-book-of-cute-puppies-for-children-cute.pdf
    • http://www.gorillawalker.com/vegetation-of-the-soviet-polar-deserts-studies-in-polar-research.pdf
    • http://www.gorillawalker.com/sasha-s-parents-get-a-divorce-the-adventures-of-shelby.pdf
    • http://www.gorillawalker.com/angel-whispers-be-still-and-listen.pdf
    • http://www.gorillawalker.com/saving-emily-based-on-a-true-story.pdf
    • http://www.gorillawalker.com/loving-as-jesus-loves-loving-as-jesus-loved.pdf
    • http://www.gorillawalker.com/electron-density-and-bonding-in-crystals-principles-theory-and-x.pdf
    • http://www.gorillawalker.com/massive-mountains-amazing-planet-earth.pdf
    • http://www.gorillawalker.com/the-collected-reprints-from-sing-out-the-folk-song-magazine.pdf
    • http://www.gorillawalker.com/willowdale-yesterday-s-farms-today-s-legacy.pdf
    • http://www.gorillawalker.com/in-a-world-just-right.pdf
    • http://www.gorillawalker.com/microsoft-sql-server-2012-reporting-services-4-e.pdf
    • http://www.gorillawalker.com/a-life-course-approach-to-mental-disorders-a-life-course.pdf
    • http://www.gorillawalker.com/guant-namo-a-working-class-history-between-empire-and-revolution.pdf
    • http://www.gorillawalker.com/provence-cote-d-azur-aa-road-map-france.pdf
    • http://www.gorillawalker.com/presidential-elections-cornerstones-of-freedom-series.pdf
    • http://www.gorillawalker.com/cuba-represent-cuban-arts-state-power-and-the-making-of.pdf
    • http://www.gorillawalker.com/atlas-of-oral-histology-and-embryology.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.