Malicious PDF — malware analysis report

Static analysis result for SHA-256 2ba4ac6ff44aec24…

MALICIOUS

PDF

45.6 KB Created: 2019-02-14 08:13:38 +03:00 Authoring application: Adobe PageMaker 6.52 (via Acrobat Distiller 3.01 for Windows)
MD5: bb8b73057094b43fc8996526305b7b45 SHA-1: 708062b796c964a05dc55f4a0482643ee743f2b8 SHA-256: 2ba4ac6ff44aec24bde1cf07aa69bec8e287ffd9d5fcd753d45e3241b7d56190
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded external links, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged the document as malicious. The primary attack pattern appears to be a link farm, potentially for SEO manipulation or to distribute further malicious content via the numerous URLs. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9005

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/elliptic-differential-equations-theory-and-numerical-treatment-springer-series-in.pdf
    • http://www.gorillawalker.com/the-chinese-siamese-cat-the-moon-lady.pdf
    • http://www.gorillawalker.com/insurance-concepts-coverage-property-liability-life-health-and-risk-management.pdf
    • http://www.gorillawalker.com/carl-fischer-systematic-approach-to-daily-practice.pdf
    • http://www.gorillawalker.com/divorce-how-to-tell-the-kids.pdf
    • http://www.gorillawalker.com/likelihood-based-inference-in-cointegrated-vector-autoregressive-models.pdf
    • http://www.gorillawalker.com/pride-against-prejudice-the-biography-of-larry-doby.pdf
    • http://www.gorillawalker.com/a-western-approach-to-reincarnation-and-karma-selected-lectures-and.pdf
    • http://www.gorillawalker.com/away-team-starship-cadet-mission-book-1.pdf
    • http://www.gorillawalker.com/operations-management-international-edition.pdf
    • http://www.gorillawalker.com/atheism-among-the-people-the-ecumenical-theological-seminary-library.pdf
    • http://www.gorillawalker.com/star-wars-tales-vol-6.pdf
    • http://www.gorillawalker.com/lake-nakuru-national-park-map.pdf
    • http://www.gorillawalker.com/solar-90-annual-conference-proceedings-of-the-american-solar-energy.pdf
    • http://www.gorillawalker.com/masterpieces-from-time-museum-watches-clocks-scientific-instrument.pdf
    • http://www.gorillawalker.com/aids-to-embryology-3e.pdf
    • http://www.gorillawalker.com/reaction-kinetics-oxford-science-publications.pdf
    • http://www.gorillawalker.com/dearest-stepbrother-the-billionaire-s-baby-bargain-book-one.pdf
    • http://www.gorillawalker.com/companion-to-british-road-haulage-history.pdf
    • http://www.gorillawalker.com/the-wrong-way-rabbit-hello-reader.pdf
    • http://www.gorillawalker.com/mandarin-vocabulary-quickstudy-academic.pdf
    • http://www.gorillawalker.com/coomaraswamy-volume-2-selected-papers-metaphysics-v-2.pdf
    • http://www.gorillawalker.com/e-study-guide-for-historical-geology-textbook-by-reed-wicander.pdf
    • http://www.gorillawalker.com/xiii-tome-24-l-h-ritage-de-jason-mac-lane.pdf
    • http://www.gorillawalker.com/bible-heroes-coloring-activity-books.pdf
    • http://www.gorillawalker.com/the-ultimate-guide-to-small-game-and-varmint-hunting-how.pdf
    • http://www.gorillawalker.com/beer-consumption-found-to-boost-psoriasis-risk-news-an-article.pdf
    • http://www.gorillawalker.com/wizard-by-trade-summer-knight-death-masks-the-dresden-files.pdf
    • http://www.gorillawalker.com/el-violin-del-diablo-the-devil-s-violin-spanish-edition.pdf
    • http://www.gorillawalker.com/maya-for-games-modeling-and-texturing-techniques-with-maya-and.pdf
    • http://www.gorillawalker.com/tratado-del-socorro-de-pobres-treaty-of-poor-relief-spanish.pdf
    • http://www.gorillawalker.com/the-christian-mom-s-idea-book-revised-edition-hundreds-of.pdf
    • http://www.gorillawalker.com/electrical-estimating.pdf
    • http://www.gorillawalker.com/grab-another-partner-twelve-tremendous-partner-songs-for-young-singers.pdf
    • http://www.gorillawalker.com/traditional-irish-cooking-the-fare-of-old-ireland-and-its.pdf
    • http://www.gorillawalker.com/multiple-sclerosis-control-of-the-disease.pdf
    • http://www.gorillawalker.com/cookery-for-the-hospitality-industry-with-cd-rom.pdf
    • http://www.gorillawalker.com/how-to-start-and-build-a-successful-manufacturers-agency.pdf
    • http://www.gorillawalker.com/allergy-frontiers-and-futures-proceedings-of-the-24th-symposium-of.pdf
    • http://www.gorillawalker.com/attracting-investors-a-marketing-approach-to-finding-funds-for-your.pdf
    • http://www.gorillawalker.com/likelihood-based-inference-in-cointegr
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.