Malicious PDF — malware analysis report

Static analysis result for SHA-256 235527cce63fbbc8…

MALICIOUS

PDF

33.7 KB Created: 2019-11-10 05:17:47 +03:00 Authoring application: FrameMaker 7.2 (via Acrobat Distiller 7.0.5 (Windows))
MD5: 42c36df96675602de700e53a9de019bf SHA-1: 0ae08e999f1e30c944828fe024d209bbbe1e8b5d SHA-256: 235527cce63fbbc8e37b66acfb5c55e8d97f6ae295a20579b3a22cdb761105bb
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded external links, as indicated by the PDF_SEO_LINK_FARM heuristic. This suggests the document's primary purpose is to act as a link farm, potentially for SEO manipulation or to distribute malicious content through these links. The ML_NYX_PDF_MALICIOUS heuristic further supports the malicious nature of the file. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8313

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/dubai-creek-past-present.pdf
    • http://www.gorillawalker.com/geometry-trigonometry-algebra-3.pdf
    • http://www.gorillawalker.com/yo-yo-tricks-tips.pdf
    • http://www.gorillawalker.com/methodist-guide-to-cornwall.pdf
    • http://www.gorillawalker.com/the-new-museum-berlin-conserving-restoring-rebuilding-within-the-world.pdf
    • http://www.gorillawalker.com/government-leaders-then-and-now-my-community-then-and-now.pdf
    • http://www.gorillawalker.com/algebra-and-trigonometry-graphing-and-data-analysis.pdf
    • http://www.gorillawalker.com/souls-rescue.pdf
    • http://www.gorillawalker.com/komm-mit-activities-for-communication-level-1.pdf
    • http://www.gorillawalker.com/child-of-wonder-a-modern-christmas-drama-in-one-act.pdf
    • http://www.gorillawalker.com/marc-ferrez-robert-polidori-rio.pdf
    • http://www.gorillawalker.com/how-to-draw-children.pdf
    • http://www.gorillawalker.com/apache-mahout-essentials.pdf
    • http://www.gorillawalker.com/wake-up-calls-101-devotionals-for-sleepy-christians.pdf
    • http://www.gorillawalker.com/es-bible-low-carb.pdf
    • http://www.gorillawalker.com/picture-it-homeopathy-a-picture-based-guide-to-homeopathic-remedies.pdf
    • http://www.gorillawalker.com/healthy-habits-for-life-your-6-week-guide-to-food.pdf
    • http://www.gorillawalker.com/the-10-rules-of-rock-and-roll-collected-music-writings.pdf
    • http://www.gorillawalker.com/the-last-stand-of-the-tin-can-sailors-the-extraordinary.pdf
    • http://www.gorillawalker.com/how-to-design-surveys-survey-kit-vol-5.pdf
    • http://www.gorillawalker.com/duke-ellington-favorites-jazz-play-along-volume-88-cd-pkg.pdf
    • http://www.gorillawalker.com/le-fiabe-del-bosco-italian-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/gee-whiz-vol-03-no-22-may-1959-peek-a.pdf
    • http://www.gorillawalker.com/social-ethics-natural-law-in-the-modern-world-translated-from.pdf
    • http://www.gorillawalker.com/balinese-dance-drama-and-music-a-guide-to-the-performing.pdf
    • http://www.gorillawalker.com/puckered-moccasins-a-tale-of-old-fort-dearborn.pdf
    • http://www.gorillawalker.com/juancito-sosa-el-indio-que-cambio-la-historia-spanish-edition.pdf
    • http://www.gorillawalker.com/aeolian-harp-an-essay-concerning-the-nature-of-tone-english.pdf
    • http://www.gorillawalker.com/all-standing-the-remarkable-story-of-the-jeanie-johnston-the.pdf
    • http://www.gorillawalker.com/god-feeds-us-bible-storybook-grades-1-2-firelight.pdf
    • http://www.gorillawalker.com/loaner-lovers-the-chronicles-of-staffordshire-book-3.pdf
    • http://www.gorillawalker.com/smooth-jazz-jazz-play-along-series-volume-65.pdf
    • http://www.gorillawalker.com/the-greeks-history-culture-and-society-2nd-edition.pdf
    • http://www.gorillawalker.com/the-art-of-the-screwball-comedy-madcap-entertainment-from-the.pdf
    • http://www.gorillawalker.com/the-fog-diver.pdf
    • http://www.gorillawalker.com/osteoporosis-1.pdf
    • http://www.gorillawalker.com/republica-republic-biblioteca-de-filosofia-spanish-edition.pdf
    • http://www.gorillawalker.com/irish-map-discovery-cavan-fermanagh-leitrim-monaghan-sheet-27a-aqua3.pdf
    • http://www.gorillawalker.com/playing-with-style-violin-duets.pdf
    • http://www.gorillawalker.com/the-connaught-rangers-men-at-arms.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.