Malicious PDF — malware analysis report

Static analysis result for SHA-256 22d5c716f2100b28…

MALICIOUS

PDF

43.5 KB Created: 2019-04-11 16:13:51 +03:00 Authoring application: PScript5.dll Version 5.2.2 (via Mac OS X 10.8.4 Quartz PDFContext)
MD5: 3b1f94a0711b70d1d47a4947bf94ee81 SHA-1: 052d2dfd37d222f37b4442e9b69a70dd5e1752ba SHA-256: 22d5c716f2100b28c9a573ae616e68661c60120818f27dd93c90cb31858eb4de
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged this document as malicious with high confidence. The primary attack pattern appears to be a link farm designed to manipulate search engine results or to distribute additional malicious content via the linked PDFs.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9171

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/adventures-in-scuba-diving.pdf
    • http://www.gorillawalker.com/legend-of-weathertop-tolkien-quest.pdf
    • http://www.gorillawalker.com/swing-jazz-violin-with-hot-club-rhythm-sheet-music-string.pdf
    • http://www.gorillawalker.com/lullabyhullaballoo.pdf
    • http://www.gorillawalker.com/el-narco-the-bloody-rise-of-mexican-drug-cartels-unabridged.pdf
    • http://www.gorillawalker.com/dk-discoveries-tutankhamun-the-life-and-death-of-a-pharaoh.pdf
    • http://www.gorillawalker.com/financial-aid-for-study-training-abroad-2006-2008-financial-aid.pdf
    • http://www.gorillawalker.com/page-1-great-expectations-seventy-graphic-solutions.pdf
    • http://www.gorillawalker.com/177-mental-toughness-secrets-of-the-world-class-12-cd.pdf
    • http://www.gorillawalker.com/a-freshman-honors-course-in-calculus-and-analytic-geometry.pdf
    • http://www.gorillawalker.com/the-everything-gluten-free-breakfast-and-brunch-cookbook-includes-crispy.pdf
    • http://www.gorillawalker.com/good-sex-2-0-leader-s-guide-a-whole-person.pdf
    • http://www.gorillawalker.com/conquering-headache-5th-edition-fifth-edition.pdf
    • http://www.gorillawalker.com/the-stonehenge-scrolls.pdf
    • http://www.gorillawalker.com/technique-for-composers.pdf
    • http://www.gorillawalker.com/american-history-1-before-1865-softcover-student-edition-with-cd.pdf
    • http://www.gorillawalker.com/hepatitis-treatment-and-rehabilitation-d37-chinese-edition.pdf
    • http://www.gorillawalker.com/steel-chair-to-the-head-the-pleasure-and-pain-of.pdf
    • http://www.gorillawalker.com/cuore-di-vetro-italian-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/feu-d-artifice-op-4-tuba-part-qty-3-a2137.pdf
    • http://www.gorillawalker.com/shift-shifter-series-kindle-edition.pdf
    • http://www.gorillawalker.com/voyage-to-maryland-1633-relatio-itineris-in-marilandiam.pdf
    • http://www.gorillawalker.com/biology-living-systems.pdf
    • http://www.gorillawalker.com/mcts-microsoft-exchange-server-2007-configuration-study-guide-exam-70.pdf
    • http://www.gorillawalker.com/constructing-communities-in-the-late-roman-countryside.pdf
    • http://www.gorillawalker.com/role-reversal-achieving-uncommonly-excellent-results-in-the-student-centered.pdf
    • http://www.gorillawalker.com/the-storms-of-providence-navigating-the-waters-of-calvinism-arminianism.pdf
    • http://www.gorillawalker.com/network-coding-data-compression-theory-applications-challenges.pdf
    • http://www.gorillawalker.com/perspectives-on-congregational-leadership-applying-systems-thinking-for-effective-leadership.pdf
    • http://www.gorillawalker.com/the-mouth-with-a-mind-of-its-own.pdf
    • http://www.gorillawalker.com/das-modell-mit-der-sexklinge-heftige-erotische-geschichten-3-german.pdf
    • http://www.gorillawalker.com/the-impact-of-public-opinion-on-u-s-foreign-policy.pdf
    • http://www.gorillawalker.com/the-fishmonger-cookbook.pdf
    • http://www.gorillawalker.com/the-arab-world-society-culture-and-state.pdf
    • http://www.gorillawalker.com/pathfinder-pathfinder-series.pdf
    • http://www.gorillawalker.com/vidas-de-los-espa-oles-c-lebres-spanish-edition.pdf
    • http://www.gorillawalker.com/helping-couples-change-a-social-learning-approach-to-marital-therapy.pdf
    • http://www.gorillawalker.com/writing-naturally-a-memoir.pdf
    • http://www.gorillawalker.com/implementing-organizational-project-management-a-practice-guide.pdf
    • http://www.gorillawalker.com/islanders-and-mainlanders-prehistoric-context-for-the-southern-california-coast.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.