Malicious PDF — malware analysis report

Static analysis result for SHA-256 23d0c1d1c2c5e047…

MALICIOUS

PDF

41.6 KB Created: 2018-12-15 08:10:49 +03:00 Authoring application: Acrobat PDFMaker 8.1 for Word (via Adobe Acrobat 8.2)
MD5: b1aafb8268ac85aefc4a48155a301ce0 SHA-1: 5ccbccd53adb1ac560978a63794d5d25cca03c4a SHA-256: 23d0c1d1c2c5e047578c39f417cd7cb495890caf78ed567af898066374649f74
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF file was flagged by a machine learning classifier and contains a significant number of embedded external links, a technique often used for SEO manipulation or to distribute further malicious content. The heuristic 'PDF_SEO_LINK_FARM' indicates a mass external PDF link farm, with 32 links identified. While no scripts were extracted, the sheer volume of links suggests a malicious intent to direct users to potentially harmful resources.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8872

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/microsoft-sql-server-2008-reporting-services.pdf
    • http://www.gorillawalker.com/the-politics-of-restorative-justice-a-critical-introduction.pdf
    • http://www.gorillawalker.com/thailand-crackers.pdf
    • http://www.gorillawalker.com/symphony-no-2-in-e-minor-op-27-kalmus-miniature.pdf
    • http://www.gorillawalker.com/henley-on-thames-town-city-memories-town-and-city-memories.pdf
    • http://www.gorillawalker.com/handbook-of-pricing-research-in-marketing.pdf
    • http://www.gorillawalker.com/the-war-before-the-true-life-story-of-becoming-a.pdf
    • http://www.gorillawalker.com/buried-in-ice-the-mystery-of-a-lost-arctic-expedition.pdf
    • http://www.gorillawalker.com/moral-darwinism-how-we-became-hedonists.pdf
    • http://www.gorillawalker.com/creative-pencil-drawing.pdf
    • http://www.gorillawalker.com/the-paleo-diet-decoded-lose-weight-quickly-the-right-way.pdf
    • http://www.gorillawalker.com/alive-to-change-successful-retailing-in-museums.pdf
    • http://www.gorillawalker.com/books-for-kids-animal-tales-25-cute-short-stories-for.pdf
    • http://www.gorillawalker.com/my-ivory-cellar-the-story-of-time-lapse-photography-classic.pdf
    • http://www.gorillawalker.com/baroque-cartouches-for-designers-and-artists-dover-pictorial-archive-series.pdf
    • http://www.gorillawalker.com/general-test-practice-for-101-u-s-jobs-arco-civil.pdf
    • http://www.gorillawalker.com/the-earth-and-its-peoples-a-global-history-advanced-placement.pdf
    • http://www.gorillawalker.com/poverty-and-small-scale-fisheries-in-west-africa.pdf
    • http://www.gorillawalker.com/oil-from-prospect-to-pipeline-oil-an-overview-of-the.pdf
    • http://www.gorillawalker.com/what-is-safe-the-risks-of-living-in-a-nuclear.pdf
    • http://www.gorillawalker.com/the-sixth-man.pdf
    • http://www.gorillawalker.com/el-esp-ritu-de-mis-padres-sigue-subiendo-en-la.pdf
    • http://www.gorillawalker.com/seneca-vi-epistles-93-124-loeb-classical-library.pdf
    • http://www.gorillawalker.com/brief-history-of-the-thirtieth-georgia-regiment.pdf
    • http://www.gorillawalker.com/1940-s-hairstyles.pdf
    • http://www.gorillawalker.com/ice-hockey-made-simple-a-spectator-s-guide-spectator-guide.pdf
    • http://www.gorillawalker.com/a-new-concept-of-the-universe.pdf
    • http://www.gorillawalker.com/almost-free-modules-volume-65-set-theoretic-methods-north-holland.pdf
    • http://www.gorillawalker.com/belgium-and-the-western-front-british-and-american-with-60.pdf
    • http://www.gorillawalker.com/strategic-corporate-entrepreneurship.pdf
    • http://www.gorillawalker.com/50-shades-of-memes-a-hilarious-collection-of-memes-and.pdf
    • http://www.gorillawalker.com/around-the-corner-to-cuba.pdf
    • http://www.gorillawalker.com/junior-builder-racing-machines.pdf
    • http://www.gorillawalker.com/6-lieder-a-score-for-voice-and-piano-op-48.pdf
    • http://www.gorillawalker.com/wildflowers-of-illinois-woodlands.pdf
    • http://www.gorillawalker.com/the-clan-macdougall-series-bundled-kindle-edition.pdf
    • http://www.gorillawalker.com/bow-wow-attracts-opposites.pdf
    • http://www.gorillawalker.com/dk-eyewitness-travel-guide-new-zealand-dk-eyewitness-travel-gd.pdf
    • http://www.gorillawalker.com/planet-of-puzzles-math-quest.pdf
    • http://www.gorillawalker.com/la-bibbia-dei-bambini-fumetto-nascita-di-ges.pdf
    • http://www.gorillawalk
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.