Malicious PDF — malware analysis report

Static analysis result for SHA-256 26e52f2ddb760912…

MALICIOUS

PDF

45.3 KB Created: 2019-04-30 16:27:10 +03:00 Authoring application: PageMaker 7.0 (via Acrobat Distiller 7.0 (Windows))
MD5: dad3278c95196f71b2b9abe26f44ee6a SHA-1: 6a6b82ed5af1c208a2a38a44eb7bbce5a70c4b3a SHA-256: 26e52f2ddb760912b9384589c208881ebf51976b90fbc02f6dbb51bba5e6ea6c
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged this PDF as malicious. The document body is heavily obfuscated and does not provide clear textual lures, but the sheer volume of links suggests an attempt to drive traffic to a link farm, potentially for SEO manipulation or to host further malicious content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8812

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/modern-and-ancient-lake-sediments-proceedings-of-a-symposium-held.pdf
    • http://www.gorillawalker.com/the-work-25-years-of-fallon.pdf
    • http://www.gorillawalker.com/their-highest-potential-an-african-american-school-community-in-the.pdf
    • http://www.gorillawalker.com/no-greater-joy-volume-3.pdf
    • http://www.gorillawalker.com/cuando-era-puertorrique-a-spanish-edition.pdf
    • http://www.gorillawalker.com/the-legend-of-lee-hall-kindle-edition.pdf
    • http://www.gorillawalker.com/gymnastics-for-boys.pdf
    • http://www.gorillawalker.com/the-arnold-anthology-of-postcolonial-literatures-in-english.pdf
    • http://www.gorillawalker.com/becoming-jake.pdf
    • http://www.gorillawalker.com/applications-of-item-response-theory-to-practical-testing-problems.pdf
    • http://www.gorillawalker.com/the-nature-and-functions-of-dreaming.pdf
    • http://www.gorillawalker.com/victim-zero-the-fall.pdf
    • http://www.gorillawalker.com/on-marx-revolutionary-and-utopian-liveright-classics.pdf
    • http://www.gorillawalker.com/the-jo-paso-reader-two-novels-of-suburban-femdom-book.pdf
    • http://www.gorillawalker.com/veterinary-dentistry-a-team-approach-2e-by-holmstrom-dvm-steven.pdf
    • http://www.gorillawalker.com/who-goes-there-science-fiction-and-fantasy-pseudonyms-a-bibliographic.pdf
    • http://www.gorillawalker.com/quick-easy-sushi-cookbook.pdf
    • http://www.gorillawalker.com/scrabble-fun-word-detective-intermediate-level.pdf
    • http://www.gorillawalker.com/naui-master-scuba-diver-training-program-textbook-workbook-audio-cassettes.pdf
    • http://www.gorillawalker.com/art-that-moves-animation-around-the-world-culture-in-action.pdf
    • http://www.gorillawalker.com/take-it-to-the-next-level-life-insurance-solutions-for.pdf
    • http://www.gorillawalker.com/bundle-the-administrative-professional-technology-procedures-14th-office-technology-coursemate.pdf
    • http://www.gorillawalker.com/estimating-building-costs-civil-and-environmental-engineering.pdf
    • http://www.gorillawalker.com/55-successful-harvard-law-school-application-essays-what-worked-for.pdf
    • http://www.gorillawalker.com/electrostatic-lens-systems-2nd-edition.pdf
    • http://www.gorillawalker.com/medicinal-plants-of-the-southern-appalachians.pdf
    • http://www.gorillawalker.com/the-iliad-the-samuel-butler-prose-translation.pdf
    • http://www.gorillawalker.com/elephants-amazing-pictures-and-facts-about-elephants-let-s-learn.pdf
    • http://www.gorillawalker.com/a-plump-and-perky-turkey-turtleback-school-library-binding-edition.pdf
    • http://www.gorillawalker.com/historical-fiction-collection-the-stories-from-the-golden-age-kindle.pdf
    • http://www.gorillawalker.com/grouse-of-the-world.pdf
    • http://www.gorillawalker.com/resourceful-leadership-tradeoffs-and-tough-decisions-on-the-road-to.pdf
    • http://www.gorillawalker.com/women-in-ancient-america.pdf
    • http://www.gorillawalker.com/little-critter-just-a-big-storm.pdf
    • http://www.gorillawalker.com/local-leadership-in-democratic-transition-competing-paradigms-in-international-peacebuilding.pdf
    • http://www.gorillawalker.com/where-women-create-book-of-inspiration-in-the-studio-and.pdf
    • http://www.gorillawalker.com/how-to-conduct-puja-to-mahalakshmi-kindle-edition.pdf
    • http://www.gorillawalker.com/adaptive-data-compression-the-springer-international-series-in-engineering-and.pdf
    • http://www.gorillawalker.com/unmasking-of-ksan-the-mm.pdf
    • http://www.gorillawalker.com/fifty-years-on-the-mississippi-or-gould-s-history-of.pdf
    • http://www.gorillawalker.com/the-arnold-anthology-of-postcolonial-literatu
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.