Malicious PDF — malware analysis report

Static analysis result for SHA-256 2d49b69a175853ef…

MALICIOUS

PDF

45.2 KB Created: 2019-03-18 08:28:02 +03:00 Authoring application: Adobe PageMaker 6.5 (via Acrobat Distiller 5.0 (Windows))
MD5: 82fca62c8b490d603f4b59820fa60deb SHA-1: 663050c915d2a82ae1e95dd4f102a624368ace34 SHA-256: 2d49b69a175853ef35a142013015cf2ff775734a2a31b2d25cb3adac4f7be51c
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded external links, identified by the PDF_SEO_LINK_FARM heuristic. The ML_NYX_PDF_MALICIOUS heuristic also flagged the document. The primary purpose appears to be directing users to a link farm, potentially for SEO manipulation or to host further malicious content, rather than direct exploitation within the PDF itself. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8439

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/historia-del-mundo-para-dummies-spanish-edition.pdf
    • http://www.gorillawalker.com/the-losers-club-lessons-from-the-least-likely-heroes-of.pdf
    • http://www.gorillawalker.com/merry-christmas-wish-lists-notebook-and-personal-journal-christmas-planning.pdf
    • http://www.gorillawalker.com/the-music-of-robert-cray.pdf
    • http://www.gorillawalker.com/the-prahova-valley-a-pocket-guide.pdf
    • http://www.gorillawalker.com/discover-maths-1-induction.pdf
    • http://www.gorillawalker.com/verkehrsverbot-german-edition.pdf
    • http://www.gorillawalker.com/big-brother-little-brother-the-american-influence-on-korean-culture.pdf
    • http://www.gorillawalker.com/financial-accounting-an-integrated-statements-approach.pdf
    • http://www.gorillawalker.com/san-diego-padres-101-my-first-team-board-book.pdf
    • http://www.gorillawalker.com/the-cinema-of-wim-wenders-the-celluloid-highway-directors-cuts.pdf
    • http://www.gorillawalker.com/applications-of-self-regulated-learning-across-diverse-disciplines-a-tribute.pdf
    • http://www.gorillawalker.com/rumi-a-new-translation-of-selected-poems.pdf
    • http://www.gorillawalker.com/sheet-music-oh-daddy-please-daddy-come-home-piano-vocals.pdf
    • http://www.gorillawalker.com/meritocracy-without-rising-inequality-wage-rate-differences-are-widening-by.pdf
    • http://www.gorillawalker.com/o-ye-legendary-texas-horned-frog.pdf
    • http://www.gorillawalker.com/the-blood-of-angels-divine-vampires.pdf
    • http://www.gorillawalker.com/unlocking-medical-terminology-with-cd.pdf
    • http://www.gorillawalker.com/translation-theory-and-practice-a-historical-reader.pdf
    • http://www.gorillawalker.com/financial-managerial-accounting-15th-fifteenth-edition-text-only.pdf
    • http://www.gorillawalker.com/3d-displays.pdf
    • http://www.gorillawalker.com/los-caminos-de-la-meditacion-spanish-edition.pdf
    • http://www.gorillawalker.com/insurgency-and-terrorism-from-revolution-to-apocalypse-second-edition-revised.pdf
    • http://www.gorillawalker.com/palestinian-citizens-in-an-ethnic-jewish-state-identities-in-conflict.pdf
    • http://www.gorillawalker.com/marco-polo-reisef-hrer-yucatan.pdf
    • http://www.gorillawalker.com/the-adventures-of-brer-rabbit-and-friends.pdf
    • http://www.gorillawalker.com/town-hall-square-the-sights-of-tallinn-unknown-binding.pdf
    • http://www.gorillawalker.com/the-world-according-to-blofeld-s-cat-unofficial-musings-from.pdf
    • http://www.gorillawalker.com/the-palaeontological-association-field-guide-to-fossils-plant-fossils-of.pdf
    • http://www.gorillawalker.com/wearing-gauss-s-jersey-a-k-peters-crc-press-2013.pdf
    • http://www.gorillawalker.com/argentina-chile-uruguay-paraguay-map.pdf
    • http://www.gorillawalker.com/the-presbyterian-church-in-ireland-a-popular-history.pdf
    • http://www.gorillawalker.com/the-forbidden-city.pdf
    • http://www.gorillawalker.com/the-way-alone-your-path-to-excellence-in-the-martial.pdf
    • http://www.gorillawalker.com/malta-hildebrand-s-travel-map.pdf
    • http://www.gorillawalker.com/a-beginning-greek-book-based-on-the-gospel-according-to.pdf
    • http://www.gorillawalker.com/shredding-the-composers-heavy-metal-guitar-meets-8-of-the.pdf
    • http://www.gorillawalker.com/where-the-locals-hike-in-the-west-kootenay-the-premier.pdf
    • http://www.gorillawalker.com/200-slow-cooker-recipes-hamlyn-all-color.pdf
    • http://www.gorillawalker.com/assault-from-the-sky-airborne-military-might.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.