Malicious PDF — malware analysis report

Static analysis result for SHA-256 30b18f14b3808906…

MALICIOUS

PDF

33.9 KB Created: 2019-09-18 16:33:19 +03:00 Authoring application: Microsoft Word: LaserWriter 8 8.6.5 (via Acrobat Distiller 4.0 for Macintosh)
MD5: 3c3d3deed4599c8abafec6357b962391 SHA-1: 669f82d905ef733c6bc1c0d081a7853dabc00379 SHA-256: 30b18f14b3808906fabb52422a8087b883a8c1a84ea5810cdcfd3562dd4cc363
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged this PDF as malicious. The primary attack pattern appears to be a link farm designed to manipulate search engine results or to distribute additional malicious content via the linked PDFs.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8529

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/construction-contracts-law-and-management.pdf
    • http://www.gorillawalker.com/beginnings-of-the-heart-kindle-edition.pdf
    • http://www.gorillawalker.com/criteria-for-divisibility-popular-lectures-in-mathematics.pdf
    • http://www.gorillawalker.com/quest-for-decisive-victory-from-stalemate-to-blitzkrieg-in-europe.pdf
    • http://www.gorillawalker.com/a-cup-of-water-under-my-bed-a-memoir.pdf
    • http://www.gorillawalker.com/complex-networks-and-their-applications.pdf
    • http://www.gorillawalker.com/winter-promise-seasons-of-the-heart.pdf
    • http://www.gorillawalker.com/burnt-bones-special-x-thriller-book-7-kindle-edition.pdf
    • http://www.gorillawalker.com/3-department-of-prosthesis-pediatric-dentistry-orthodontics-dental-country-test.pdf
    • http://www.gorillawalker.com/prices-drop-but-not-for-everyone-as-more-rational-market.pdf
    • http://www.gorillawalker.com/asian-american-literature-an-introduction-to-the-writings-and-their.pdf
    • http://www.gorillawalker.com/una-ciudad-hist-rica-antigua-guatemala-su-pasado-y-su.pdf
    • http://www.gorillawalker.com/business-planning-financing-the-start-up-business-and-venture-capital.pdf
    • http://www.gorillawalker.com/where-s-the-soda-tub.pdf
    • http://www.gorillawalker.com/handbook-for-process-plant-project-engineers.pdf
    • http://www.gorillawalker.com/clases-de-literatura-berkeley-1980-spanish-edition.pdf
    • http://www.gorillawalker.com/rest-in-pizza-pizza-lovers-mysteries.pdf
    • http://www.gorillawalker.com/the-oxford-companion-to-twentieth-century-poetry-in-english-oxford.pdf
    • http://www.gorillawalker.com/surgical-laparoscopy.pdf
    • http://www.gorillawalker.com/the-morganville-vampires-omnibus-vol-1-glass-houses-the-dead.pdf
    • http://www.gorillawalker.com/a-confederate-englishman-the-civil-war-letters-of-henry-wemyss.pdf
    • http://www.gorillawalker.com/nowhere-to-hide-the-story-of-royale-racing-cars.pdf
    • http://www.gorillawalker.com/saxon-math-6-5-answer-key-transparencies-vol-1.pdf
    • http://www.gorillawalker.com/home-care-for-the-stroke-patient-living-in-a-pattern.pdf
    • http://www.gorillawalker.com/charles-and-amanda-the-adventuresome-frogs.pdf
    • http://www.gorillawalker.com/aspects-of-semidefinite-programming-interior-point-algorithms-and-selected-applications.pdf
    • http://www.gorillawalker.com/understanding-muhammad-and-muslims.pdf
    • http://www.gorillawalker.com/rambles-in-yucatan-or-notes-of-travel-through-the-peninsula.pdf
    • http://www.gorillawalker.com/analytical-models-for-decision-making-understanding-public-health.pdf
    • http://www.gorillawalker.com/the-attraction-principle-finding-keeping-and-teaming-passionate-people.pdf
    • http://www.gorillawalker.com/the-salvation-of-vengeance-wanted-men.pdf
    • http://www.gorillawalker.com/the-golden-ei8ht-kindle-edition.pdf
    • http://www.gorillawalker.com/guide-to-peripheral-and-cerebrovascular-intervention.pdf
    • http://www.gorillawalker.com/twilight-of-the-gods-nietzsche-contra-wagner.pdf
    • http://www.gorillawalker.com/the-eleanor-roosevelt-papers-the-human-rights-years-1949-1952.pdf
    • http://www.gorillawalker.com/recycled-materials-in-pavement-design.pdf
    • http://www.gorillawalker.com/obsession-year-of-fire.pdf
    • http://www.gorillawalker.com/battle-cruiser.pdf
    • http://www.gorillawalker.com/healing-grace-finding-a-freedom-from-the-performance-trap.pdf
    • http://www.gorillawalker.com/construction-technology-student-text.pdf
    • http://www.gorillawalk
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.