Malicious PDF — malware analysis report

Static analysis result for SHA-256 2bf475eb0a257b28…

MALICIOUS

PDF

33.9 KB Created: 2019-12-14 05:47:28 +03:00 Authoring application: Adobe Acrobat 8.0 Combine Files (via Adobe Acrobat 8.0)
MD5: c6c0fcdec06685af7efa1f8828b44825 SHA-1: b52f5356c85b09def2a82d9a4994dae02497646c SHA-256: 2bf475eb0a257b289c959ce209d65a067718a57216c4577781b38e3d7138b61f
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF was flagged by a machine learning classifier and contains a significant number of external links, indicating a potential SEO manipulation or content distribution scheme. The embedded URLs point to various PDF documents hosted on the same domain, suggesting a link farm or a method to host and distribute further malicious content. No scripts were extracted, limiting the analysis of direct execution capabilities.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8261

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-aggregate-production-function-and-the-measurement-of-technical-change.pdf
    • http://www.gorillawalker.com/when-computing-got-personal-a-history-of-the-desktop-computer.pdf
    • http://www.gorillawalker.com/the-girl-with-seven-names-a-north-korean-defector-s.pdf
    • http://www.gorillawalker.com/the-pacific-mutual-life-insurance-company-of-california-a-history.pdf
    • http://www.gorillawalker.com/psychophysics-the-fundamentals.pdf
    • http://www.gorillawalker.com/a-pocket-guide-to-rocks-and-minerals-pocket-guides.pdf
    • http://www.gorillawalker.com/christian-theology-vol-1.pdf
    • http://www.gorillawalker.com/managerial-accounting-for-libraries-and-other-not-for-profit-organizations.pdf
    • http://www.gorillawalker.com/moebius-oeuvres-arzach-usa-moebius-usa-french-edition.pdf
    • http://www.gorillawalker.com/trotpicks-modern-harness-handicapping-methods.pdf
    • http://www.gorillawalker.com/daniel-s-prophecies-made-easy.pdf
    • http://www.gorillawalker.com/petain-how-the-hero-of-france-became-a-convicted-traitor.pdf
    • http://www.gorillawalker.com/the-circle.pdf
    • http://www.gorillawalker.com/chimpanzees-2012-square-12x12-wall-calendar.pdf
    • http://www.gorillawalker.com/women-against-slavery-the-british-campaigns-1780-1870.pdf
    • http://www.gorillawalker.com/ein-schwan-a-swan-soprano-in-f-sheet-music.pdf
    • http://www.gorillawalker.com/hot-celebrity-quizzes.pdf
    • http://www.gorillawalker.com/who-global-report-on-mortality-attributable-to-tobacco.pdf
    • http://www.gorillawalker.com/a-user-s-guide-to-vacuum-technology.pdf
    • http://www.gorillawalker.com/aroma-of-beer-wine-and-distilled-alcoholic-beverages-handbook-of.pdf
    • http://www.gorillawalker.com/every-day-is-a-holiday-every-meal-is-a-feast.pdf
    • http://www.gorillawalker.com/texas-wills-and-estates-cases-and-materials-6th-edition.pdf
    • http://www.gorillawalker.com/the-royal-wedding-of-prince-william-and-kate-middleton.pdf
    • http://www.gorillawalker.com/an-eye-in-the-storm-an-american-war-correspondent-s.pdf
    • http://www.gorillawalker.com/fruits-basket-vol-10.pdf
    • http://www.gorillawalker.com/gluten-free-college-student-cookbook-201-gf-cf-recipes-for.pdf
    • http://www.gorillawalker.com/lord-of-the-rings-the-mythology-of-power.pdf
    • http://www.gorillawalker.com/the-situationists-and-the-city-a-reader.pdf
    • http://www.gorillawalker.com/enzymes-enzyme-therapy-how-to-jump-start-your-way-to.pdf
    • http://www.gorillawalker.com/the-complete-idiot-s-guide-to-vitamins-and-minerals-3rd.pdf
    • http://www.gorillawalker.com/arms-are-for-hugging-happy-reading-happy-learning-with-dr.pdf
    • http://www.gorillawalker.com/laser-diagnostics-and-modeling-of-combustion.pdf
    • http://www.gorillawalker.com/the-top-twelve-best-selling-praise-and-worship-anthems.pdf
    • http://www.gorillawalker.com/confocal-microscopy-and-multiphoton-excitation-microscopy-the-genesis-of-live.pdf
    • http://www.gorillawalker.com/bondi-beach-orgy.pdf
    • http://www.gorillawalker.com/sixty-poems-for-the-one-i-love-to-rose.pdf
    • http://www.gorillawalker.com/a-history-of-the-sikhs-volume-2-1839-2004-oxford.pdf
    • http://www.gorillawalker.com/white-spells-magic-for-love-money-happiness-white-spells-series.pdf
    • http://www.gorillawalker.com/research-methods-in-nursing-and-midwifery-pathways-to-evidence-based.pdf
    • http://www.gorillawalker.com/the-helicopter-adventure.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.