Malicious PDF — malware analysis report

Static analysis result for SHA-256 23d0a446bf09f548…

MALICIOUS

PDF

42.8 KB Created: 2019-01-06 08:13:15 +03:00 Authoring application: PrimoPDF http://www.primopdf.com (via Nitro PDF PrimoPDF)
MD5: 16c212a766674351dd7e979dbcf8a90b SHA-1: 050888ee9dc48430ac9fe0f7ce065409cd4beba0 SHA-256: 23d0a446bf09f548c5c9ac3fd39b8dcedf977f713c8091e880523cd85a59ae38
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links pointing to external websites, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged the document as malicious. The primary attack pattern appears to be a link farm designed to direct users to numerous URLs, likely for SEO manipulation or to serve as a distribution point for further malicious activity.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8698

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/celtic-designs-design-library.pdf
    • http://www.gorillawalker.com/the-detective-s-vampire-mate-vamp-mates-5-siren-publishing.pdf
    • http://www.gorillawalker.com/gorillas-the-smartest-animals.pdf
    • http://www.gorillawalker.com/the-good-book-the-true-story-of-y-all.pdf
    • http://www.gorillawalker.com/the-song-of-kahunsha.pdf
    • http://www.gorillawalker.com/geometric-modeling.pdf
    • http://www.gorillawalker.com/london-scene-gay-city-guide.pdf
    • http://www.gorillawalker.com/the-jewish-holidays-paperback.pdf
    • http://www.gorillawalker.com/work-study-travel-abroad-1984-1985-the-whole-world-handbook.pdf
    • http://www.gorillawalker.com/comment-on-practical-questions-and-answers-with-the-case-of.pdf
    • http://www.gorillawalker.com/minimalist-interiors.pdf
    • http://www.gorillawalker.com/police-officers-then-and-now-my-community-then-and-now.pdf
    • http://www.gorillawalker.com/how-to-build-and-operate-a-sawmill-with-three-loose.pdf
    • http://www.gorillawalker.com/no-author-better-served-the-correspondence-of-samuel-beckett-and.pdf
    • http://www.gorillawalker.com/pumpkins-and-petunias.pdf
    • http://www.gorillawalker.com/classic-motorcycles-2014-wall-calendar.pdf
    • http://www.gorillawalker.com/vocabbusters-vol-1-sat-make-vocabulary-fun-meaningful-and-memorable.pdf
    • http://www.gorillawalker.com/comparative-effectiveness-research.pdf
    • http://www.gorillawalker.com/lulu-goes-to-witch-school-i-can-read-book-2.pdf
    • http://www.gorillawalker.com/just-another-empire.pdf
    • http://www.gorillawalker.com/complete-digital-design-a-comprehensive-guide-to-digital-electronics-and.pdf
    • http://www.gorillawalker.com/diccionario-historico-biografico-del-peru-volume-5-spanish-edition.pdf
    • http://www.gorillawalker.com/uncle-and-the-treacle-trouble.pdf
    • http://www.gorillawalker.com/guinness-book-of-sitcoms-over-1000-situation-comedies-on-british.pdf
    • http://www.gorillawalker.com/look-cook-chicken-classics-the-ultimate-step-by-step-guide.pdf
    • http://www.gorillawalker.com/crime-stories.pdf
    • http://www.gorillawalker.com/tsubasa-reservoir-chronicle-volume-10.pdf
    • http://www.gorillawalker.com/el-arte-de-la-guerra-spanish-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/diet-nutrition-in-oral-health-2nd-07-by-paperback-2006.pdf
    • http://www.gorillawalker.com/opportunities-in-landscape-architecture-botanical-gardens-and-arboreta-careers-opportunities.pdf
    • http://www.gorillawalker.com/master-s-new-pet-2-genetically-engineered-shifter-pet-play.pdf
    • http://www.gorillawalker.com/the-romance-of-a-poor-young-man.pdf
    • http://www.gorillawalker.com/a-ventrian-s-promise-book-one-a-ventrian-trilogy-1.pdf
    • http://www.gorillawalker.com/hazardous-materials-incidents-surviving-the-initial-response.pdf
    • http://www.gorillawalker.com/public-relations-online-lasting-concepts-for-changing-media.pdf
    • http://www.gorillawalker.com/laser-ablation-in-liquids-principles-and-applications-in-the-preparation.pdf
    • http://www.gorillawalker.com/dominating-delilah-creamy-hucow-brides-hucow-first-time-erotica-kindle.pdf
    • http://www.gorillawalker.com/biofilm-removal-with-a-dental-water-jet-health-promotion-disease.pdf
    • http://www.gorillawalker.com/communication-skills-for-the-processing-of-words.pdf
    • http://www.gorillawalker.com/applied-reservoir-engineering-vol-2.pdf
    • http://www.primopdf.com
    • http://www.gorillawalker.com/comment-o
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    +1 more URL(s)

Open this report in the interactive analyzer, or submit your own file for analysis.