Malicious PDF — malware analysis report

Static analysis result for SHA-256 2c9ba131a041013c…

MALICIOUS

PDF

41.0 KB Created: 2018-12-07 18:28:48 +03:00 Authoring application: pdftk 1.44 - www.pdftk.com (via itext-paulo-155 (itextpdf.sf.net-lowagie.com))
MD5: 9394b5166b50dda79f3155cb68ebea2e SHA-1: fe009a0ced3b4411a7f7bb1443ce3117930f051a SHA-256: 2c9ba131a041013c96bf81a382709ce3fe179df0c4a9c4552abf2c6062a263bf
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF was flagged by a machine learning classifier as malicious. It contains a large number of embedded URLs pointing to external PDF files, a technique often used for SEO manipulation or to distribute further malicious content. The heuristic 'PDF_SEO_LINK_FARM' specifically identifies this pattern, indicating a likely attempt to leverage link farms for malicious purposes.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9027

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-cult-of-thinness-2nd-second-edition-text-only.pdf
    • http://www.gorillawalker.com/the-seductress-a-billionaire-erotic-short-story-seductive-sixties-60s.pdf
    • http://www.gorillawalker.com/hysterical-laughter-four-ancient-comedies-about-women.pdf
    • http://www.gorillawalker.com/fatherhood-principle.pdf
    • http://www.gorillawalker.com/austria-foreign-policy-and-government-guide.pdf
    • http://www.gorillawalker.com/dangerous-friends.pdf
    • http://www.gorillawalker.com/the-alpine-xanadu-an-emma-lord-mystery.pdf
    • http://www.gorillawalker.com/a-peek-at-the-koran-kindle-edition.pdf
    • http://www.gorillawalker.com/hiking-the-bigfoot-country-a-sierra-club-totebook.pdf
    • http://www.gorillawalker.com/martin-luther-king-jr-the-story-of-our-nation-from.pdf
    • http://www.gorillawalker.com/the-trouble-with-tadpoles-a-first-look-at-the-life.pdf
    • http://www.gorillawalker.com/provability-computability-and-reflection-volume-76-studies-in-logic-and.pdf
    • http://www.gorillawalker.com/mission-design-data-for-venus-mars-and-jupiter-through-1990.pdf
    • http://www.gorillawalker.com/phenomenological-research-methods.pdf
    • http://www.gorillawalker.com/palgrave-concise-historical-atlas-of-the-cold-war.pdf
    • http://www.gorillawalker.com/die-alte-jungfer-ein-lustspiel-in-drei-aufz-gen-german.pdf
    • http://www.gorillawalker.com/if-you-re-happy-and-you-know-it-a-barefoot.pdf
    • http://www.gorillawalker.com/korea-and-the-world-beyond-the-cold-war.pdf
    • http://www.gorillawalker.com/introduccin-a-la-socioling-stica-hispnica.pdf
    • http://www.gorillawalker.com/finance-for-it-managers-simplified-easy-step-by-step-examples.pdf
    • http://www.gorillawalker.com/drawing-around-the-world-europe-the-geography-drawing-series.pdf
    • http://www.gorillawalker.com/searching-behaviour-the-behavioural-ecology-of-finding-resources-chapman-hall.pdf
    • http://www.gorillawalker.com/electronic-commerce-security-risk-management-and-control.pdf
    • http://www.gorillawalker.com/david-attenborough-s-life-stories-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/final-fantasy-xiii-2-the-complete-official-guide.pdf
    • http://www.gorillawalker.com/expert-video-poker-for-atlantic-city-by-lenny-frome-1997.pdf
    • http://www.gorillawalker.com/diversity-and-citizenship.pdf
    • http://www.gorillawalker.com/manos-que-curan-hands-of-light-spanish-edition.pdf
    • http://www.gorillawalker.com/matisse-in-search-of-true-painting.pdf
    • http://www.gorillawalker.com/using-museums-as-an-educational-resource.pdf
    • http://www.gorillawalker.com/the-food-lover-s-guide-to-the-gourmet-secrets-of.pdf
    • http://www.gorillawalker.com/new-mexico-146-s-royal-road-trade-and-travel-on.pdf
    • http://www.gorillawalker.com/landmarks-in-cardiac-surgery.pdf
    • http://www.gorillawalker.com/worker-participation-lessons-from-the-worker-co-ops-of-the.pdf
    • http://www.gorillawalker.com/table-toppers.pdf
    • http://www.gorillawalker.com/milan-falk-plan-italian-edition.pdf
    • http://www.gorillawalker.com/gogo-obasano-happy-kaigo-japanese-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/lincoln-and-the-decision-for-war-the-northern-response-to.pdf
    • http://www.gorillawalker.com/food-and-healing.pdf
    • http://www.gorillawalker.com/austria-foreign-policy-and-governmen
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.