Malicious PDF — malware analysis report

Static analysis result for SHA-256 2dc924802bf76eb6…

MALICIOUS

PDF

42.7 KB Created: 2019-02-14 08:13:15 +03:00 Authoring application: Adobe PageMaker 6.5 (via Acrobat Distiller 3.0 for Windows)
MD5: b099d202dcf263bd987ed71e4c2050f6 SHA-1: 08e5554138747173c4da962482f72f969c293a9a SHA-256: 2dc924802bf76eb6a52f3453786c73b1e0523d0f25c3b602fe4e76e81811f949
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious File

The PDF was flagged by a machine learning classifier and contains a large number of embedded URLs pointing to external PDF files. This behavior is indicative of a link farm, likely intended for SEO manipulation or to serve as a distribution point for further malicious content. The ML classifier's high score supports the malicious verdict.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/baptism-understanding-the-sacraments.pdf
    • http://www.gorillawalker.com/the-steam-launch-elliott-bay-classics.pdf
    • http://www.gorillawalker.com/conrad-the-factory-made-boy-new-windmills.pdf
    • http://www.gorillawalker.com/the-wind-from-the-sun.pdf
    • http://www.gorillawalker.com/feisty-weather-book-24-magnificent-visions-kindle-edition.pdf
    • http://www.gorillawalker.com/the-times-calendar-cookbook.pdf
    • http://www.gorillawalker.com/the-shadow-of-creusa-negotiating-fictionality-in-late-antique-latin.pdf
    • http://www.gorillawalker.com/rabaul-and-bougainville-papua-new-guinea.pdf
    • http://www.gorillawalker.com/a-student-s-guide-to-legal-analysis-thinking-like-a.pdf
    • http://www.gorillawalker.com/tales-from-high-hallack-volume-three-the-collected-short-stories.pdf
    • http://www.gorillawalker.com/passing-the-ged.pdf
    • http://www.gorillawalker.com/the-smoker-s-diet-the-quick-guide-to-better-health.pdf
    • http://www.gorillawalker.com/the-mind-and-body-massage-the-guide-to-ultimate-relaxation.pdf
    • http://www.gorillawalker.com/the-hidden-treasures-in-the-gospels-an-inductive-study-for.pdf
    • http://www.gorillawalker.com/acrylic-painting-the-ultimate-guide-to-acrylic-painting-learn-acrylic.pdf
    • http://www.gorillawalker.com/a-short-history-of-the-mughal-empire-i-b-tauris.pdf
    • http://www.gorillawalker.com/the-armed-forces-officer.pdf
    • http://www.gorillawalker.com/it-s-duffy-time.pdf
    • http://www.gorillawalker.com/materials-and-processes-in-manufacturing-8th-edition.pdf
    • http://www.gorillawalker.com/holman-old-testament-commentary-volume-10-job.pdf
    • http://www.gorillawalker.com/reestrian-mates-the-complete-series-sci-fi-alien-romance.pdf
    • http://www.gorillawalker.com/a-glimpse-of-god.pdf
    • http://www.gorillawalker.com/dysphagia-in-movement-disorders-clinical-dysphagia.pdf
    • http://www.gorillawalker.com/games-and-activities-with-base-ten-blocks-book-1-grades.pdf
    • http://www.gorillawalker.com/holt-mathematics-homework-practice-workbook-course-1.pdf
    • http://www.gorillawalker.com/van-gogh-and-gauguin-the-studio-of-the-south.pdf
    • http://www.gorillawalker.com/the-design-activist-s-handbook-how-to-change-the-world.pdf
    • http://www.gorillawalker.com/extreme-finale.pdf
    • http://www.gorillawalker.com/differential-geometry-of-curves-and-surfaces-second-edition.pdf
    • http://www.gorillawalker.com/losing-god-clinging-to-faith-through-doubt-and-depression.pdf
    • http://www.gorillawalker.com/wine-tasting-in-san-diego-beyond-partake-of-the-grape.pdf
    • http://www.gorillawalker.com/rage-across-appalachia-werewolf.pdf
    • http://www.gorillawalker.com/vegan-tacos-authentic-and-inspired-recipes-for-mexico-s-favorite.pdf
    • http://www.gorillawalker.com/of-monsters-madness.pdf
    • http://www.gorillawalker.com/nutrition-and-growth-world-review-of-nutrition-and-dietetics-vol.pdf
    • http://www.gorillawalker.com/whereverville.pdf
    • http://www.gorillawalker.com/in-silico-models-for-drug-discovery-methods-in-molecular-biology.pdf
    • http://www.gorillawalker.com/vegetarian-on-the-go-easy-and-quick-recipes-for-busy.pdf
    • http://www.gorillawalker.com/elements-of-electromagnetics-oxford-series-in-electrical-and-computer-engineering.pdf
    • http://www.gorillawalker.com/truly-greenwich-village-a-guide-to-the-usual-and-unusual.pdf
    • http://www.goril
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.