Malicious PDF — malware analysis report

Static analysis result for SHA-256 274f1ef4858e9f7e…

MALICIOUS

PDF

46.0 KB Created: 2019-01-06 08:09:45 +03:00 Authoring application: PDFCreator Version 1.5.1 (via GPL Ghostscript 9.05)
MD5: 8f5f87bac05a47474995a1beeb38e79a SHA-1: 8424eb13c42700d9a753d55af22170db2622105b SHA-256: 274f1ef4858e9f7e20fc3fb7aba344122e85f7fd519a0e90ca153c25e150f603
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious File

The PDF file was flagged by a machine learning classifier and contains a large number of embedded links to external PDF files, indicating a potential SEO spam or content distribution scheme. The primary heuristic identified a 'PDF_SEO_LINK_FARM' with 32 external links, suggesting the document's purpose is to drive traffic or distribute other malicious content. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8634

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/el-cartel-de-los-sapos-edic-pelicula-spanish-edition.pdf
    • http://www.gorillawalker.com/the-song-of-david.pdf
    • http://www.gorillawalker.com/r-o-de-janeiro-gu-a-tur-stica.pdf
    • http://www.gorillawalker.com/veterinary-surgery-volume-v-1.pdf
    • http://www.gorillawalker.com/great-walks-yorkshire-dales-great-walks-series.pdf
    • http://www.gorillawalker.com/bendicional-ritual-de-bendiciones-rite-ritual-books-spanish-edition.pdf
    • http://www.gorillawalker.com/jerry-lee-lewis-lost-and-found.pdf
    • http://www.gorillawalker.com/modern-trends-in-tunnelling-and-blast-design.pdf
    • http://www.gorillawalker.com/from-nineveh-to-new-york-the-strange-story-of-the.pdf
    • http://www.gorillawalker.com/street-foods-report-of-an-fao-expert-consultation-jogjakarta-indonesia.pdf
    • http://www.gorillawalker.com/best-little-stories-from-the-civil-war-more-than-100.pdf
    • http://www.gorillawalker.com/design-of-machinery-with-student-resource-dvd.pdf
    • http://www.gorillawalker.com/the-supreme-court-compendium-data-decisions-and-developments.pdf
    • http://www.gorillawalker.com/word-study-lessons-phonics-spelling-and-vocabulary-grade-3.pdf
    • http://www.gorillawalker.com/defending-the-free-market-the-moral-case-for-a-free.pdf
    • http://www.gorillawalker.com/der-neue-firmenwert-des-bilanzrichtlinien-gesetzes-eine-untersuchung-zur-feststellung.pdf
    • http://www.gorillawalker.com/a-colour-atlas-of-anatomy-small-laboratory-animals-2-volume.pdf
    • http://www.gorillawalker.com/vw-kubelwagen-schwimmwagen-manual-vw-type-82-kubelwagen-1940-45.pdf
    • http://www.gorillawalker.com/granites-and-their-enclaves-the-bearing-of-enclaves-on-the.pdf
    • http://www.gorillawalker.com/camp-redemption.pdf
    • http://www.gorillawalker.com/belshazzar-s-feast-full-score-william-walton-edition.pdf
    • http://www.gorillawalker.com/war-diary-1862-5-of-brevet-brigadier-general-joseph-stockton.pdf
    • http://www.gorillawalker.com/analysis-of-psychiatric-drugs-neuromethods.pdf
    • http://www.gorillawalker.com/racial-and-ethnic-groups-11th-edition.pdf
    • http://www.gorillawalker.com/coatings-basics-european-coatings-tech-files.pdf
    • http://www.gorillawalker.com/the-story-house-52-new-stories-to-share-one-for.pdf
    • http://www.gorillawalker.com/introduction-to-contemporary-geography-plus-masteringgeography-with-etext-access-card.pdf
    • http://www.gorillawalker.com/trends-in-chemical-physics-research.pdf
    • http://www.gorillawalker.com/inside-the-minds-of-mass-murderers-why-they-kill.pdf
    • http://www.gorillawalker.com/word-recognition-in-beginning-literacy.pdf
    • http://www.gorillawalker.com/the-riddle-pellinor-book-2.pdf
    • http://www.gorillawalker.com/the-anchor-us-naval-training-center-san-diego-company-1959.pdf
    • http://www.gorillawalker.com/student-solutions-manual-for-precalculus-enhanced-with-graphing-utilities.pdf
    • http://www.gorillawalker.com/darwin-on-trial-deluxe-edition-paperback.pdf
    • http://www.gorillawalker.com/rush-s-lancers-the-sixth-pennsylvania-cavalry-in-the-civil.pdf
    • http://www.gorillawalker.com/collection-of-new-skin-care-methods-chinese-edition.pdf
    • http://www.gorillawalker.com/pick-5-lottosecrets-pick-5-lottery-system.pdf
    • http://www.gorillawalker.com/globally-oriented-citizenship-and-international-voluntary-service-interrogating-nigeria-s.pdf
    • http://www.gorillawalker.com/concepts-in-wine-chemistry.pdf
    • http://www.gorillawalker.com/salvage-5-another-mission-first-contact.pdf
    • http://www.gorillawalker.com/modern-tren
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.