Malicious PDF — malware analysis report

Static analysis result for SHA-256 27b3a1a9d79c369b…

MALICIOUS

PDF

44.2 KB Created: 2019-02-14 08:24:19 +03:00 Authoring application: PScript5.dll Version 5.2.2 (via Acrobat Distiller 7.0.5 (Windows))
MD5: e3fd68aa84f1e1b9b9275e77ff796fe3 SHA-1: 6bb1ce90e40d6fa0bd9952073c67398ffa961de7 SHA-256: 27b3a1a9d79c369b5eb13f15525c8780c9db26339b87de1897e894258305e196
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF was flagged by a critical heuristic for containing a large number of external links, suggesting a link farm or distribution mechanism. The ML classifier also strongly indicated maliciousness. While no scripts were extracted, the sheer volume of embedded URLs points to a malicious intent, likely to redirect users to potentially harmful content or for SEO manipulation. The document body contained obfuscated data and repeated URLs, reinforcing the link farm hypothesis.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9007

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/dry-skin-care-solutions-21-completely-natural-remedies-for-achieving.pdf
    • http://www.gorillawalker.com/arkwright-hardcover.pdf
    • http://www.gorillawalker.com/vegan-victory-for-britain-how-what-you-eat-determines-your.pdf
    • http://www.gorillawalker.com/prematurity-in-scientific-discovery-on-resistance-and-neglect.pdf
    • http://www.gorillawalker.com/whole-food-plant-based-diet-101-newbie-friendly-guide-to.pdf
    • http://www.gorillawalker.com/dash-diet-slow-cooker-cookbook-a-7-day-7lbs-dash.pdf
    • http://www.gorillawalker.com/beginner-s-fingerpicking-guitar-folk-blues-and-country-book-3.pdf
    • http://www.gorillawalker.com/myofascial-pain-and-dysfunction-the-trigger-point-manual-vol-1.pdf
    • http://www.gorillawalker.com/easy-classical-alto-recorder-solos-featuring-music-of-bach-mozart.pdf
    • http://www.gorillawalker.com/wrongful-convictions-cases-and-materials-first-edition-2011-paperback.pdf
    • http://www.gorillawalker.com/venture-capital-in-deutschland-und-in-den-usa-methode-zur.pdf
    • http://www.gorillawalker.com/the-economics-of-industrial-organization.pdf
    • http://www.gorillawalker.com/what-i-m-trying-to-say-is-goodbye-kindle-edition.pdf
    • http://www.gorillawalker.com/adoption-dynamics-of-drip-irrigation-system-a-discriminate-functional-analysis.pdf
    • http://www.gorillawalker.com/west-meets-east-building-theoretical-bridges-research-methodology-in-strategy.pdf
    • http://www.gorillawalker.com/reflecting-his-image-discovering-your-worth-in-christ-from-a.pdf
    • http://www.gorillawalker.com/deep-deep-sea.pdf
    • http://www.gorillawalker.com/guess-who-playtime-pets.pdf
    • http://www.gorillawalker.com/el-lexus-le-da-hasta-masajes-autom.pdf
    • http://www.gorillawalker.com/new-money-staying-rich.pdf
    • http://www.gorillawalker.com/airborne-getting-your-faith-off-the-ground-biography.pdf
    • http://www.gorillawalker.com/paert-spiegel-im-spiegel-mirror-within-a-mirror-for-violin.pdf
    • http://www.gorillawalker.com/history-of-the-plague-in-london-classic-reprint.pdf
    • http://www.gorillawalker.com/american-rebel-the-life-of-clint-eastwood.pdf
    • http://www.gorillawalker.com/travel-journal-my-trip-to-honduras.pdf
    • http://www.gorillawalker.com/cabinet-56-sports.pdf
    • http://www.gorillawalker.com/handbook-of-biological-effects-of-electromagnetic-fields-third-edition-2.pdf
    • http://www.gorillawalker.com/fairest-in-all-the-land.pdf
    • http://www.gorillawalker.com/vector-methods-applied-to-differential-geometry-mechanics-and-potential-theory.pdf
    • http://www.gorillawalker.com/pmp-exam-preparation-placemat.pdf
    • http://www.gorillawalker.com/rethinking-the-vote-the-politics-and-prospects-of-american-election.pdf
    • http://www.gorillawalker.com/the-wreck-on-the-southern-old-97-song-with-ukulele.pdf
    • http://www.gorillawalker.com/the-ultimate-north-america-train-travel-guide-a-bluemarblexpress-explore.pdf
    • http://www.gorillawalker.com/easy-veggie-pasta-healthy-vegan-vegetarian-pasta-recipes-in-30.pdf
    • http://www.gorillawalker.com/poseidon-t.pdf
    • http://www.gorillawalker.com/lonely-planet-slovenia-italian-edition.pdf
    • http://www.gorillawalker.com/las-habas-el-ciclo-de-vida-spanish-edition.pdf
    • http://www.gorillawalker.com/color-a-natural-history-of-the-palette.pdf
    • http://www.gorillawalker.com/cameron-s-coup-how-the-tories-took-britain-to-the.pdf
    • http://www.gorillawalker.com/great-ghosts.pdf
    • http://www.gorillawalker.com/dash-diet-slo
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.