Malicious PDF — malware analysis report

Static analysis result for SHA-256 31d28602ee4d81f2…

MALICIOUS

PDF

42.4 KB Created: 2019-03-17 04:04:37 +03:00 Authoring application: - (via Acrobat Distiller 5.0 (Windows))
MD5: 6ff75a036d69e504e075ba7683333436 SHA-1: 5a065e802951f3e0e404099bcffe13d761f14328 SHA-256: 31d28602ee4d81f2f7e51627c4f0e00227d40e6b18ed3f9e9338e6a6571835be
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged this PDF as malicious. The document body contains numerous URLs, suggesting a link farm or SEO manipulation tactic. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8872

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/kaplan-gre-exam-advanced-verbal-text-only-original-edition-by.pdf
    • http://www.gorillawalker.com/escape-from-lucien-amulet-6.pdf
    • http://www.gorillawalker.com/the-celestial-tradition-a-study-of-ezra-pound-s-the.pdf
    • http://www.gorillawalker.com/true-crime-ultimate-collection-the-stories-of-real-murders-mysteries.pdf
    • http://www.gorillawalker.com/with-axe-and-bible-the-scottish-pioneers-of-new-brunswick.pdf
    • http://www.gorillawalker.com/special-inorganic-cements-modern-concrete-technology.pdf
    • http://www.gorillawalker.com/lyon-s-legacy-catalyst-chronicles-book-1-unabridged-audible-audio.pdf
    • http://www.gorillawalker.com/it-s-not-my-department.pdf
    • http://www.gorillawalker.com/master-realist-techniques-in-colored-pencil-painting-in-4-weeks.pdf
    • http://www.gorillawalker.com/thinking-about-gis-geographic-information-system-planning-for-managers-fifth.pdf
    • http://www.gorillawalker.com/analysis-of-excitation-and-ionization-of-atoms-and-molecules-by.pdf
    • http://www.gorillawalker.com/banff-jasper-driving-map.pdf
    • http://www.gorillawalker.com/green-streak-1000.pdf
    • http://www.gorillawalker.com/time-rites-and-festivals-in-bali.pdf
    • http://www.gorillawalker.com/cuba-business-and-investment-opportunities-yearbook.pdf
    • http://www.gorillawalker.com/i-was-a-stranger-a-christian-theology-of-hospitality.pdf
    • http://www.gorillawalker.com/radiation-oncology-a-question-based-review-2nd-edition.pdf
    • http://www.gorillawalker.com/investing-your-life-in-things-that-matter.pdf
    • http://www.gorillawalker.com/the-very-best-hits-of-dolly-parton-pvg.pdf
    • http://www.gorillawalker.com/angel-diary-vol-11.pdf
    • http://www.gorillawalker.com/environmental-management-for-aquaculture-aquaculture-series.pdf
    • http://www.gorillawalker.com/steel-trapp-the-challenge.pdf
    • http://www.gorillawalker.com/bad-men.pdf
    • http://www.gorillawalker.com/paula-and-her-multi-coloured-hair.pdf
    • http://www.gorillawalker.com/good-housekeeping-100-best-chicken-recipes.pdf
    • http://www.gorillawalker.com/what-s-a-mother-in-law-to-do-5-essential.pdf
    • http://www.gorillawalker.com/ethiopia-travel-guide-sightseeing-hotel-restaurant-shopping-highlights.pdf
    • http://www.gorillawalker.com/the-best-of-joe-r-lansdale.pdf
    • http://www.gorillawalker.com/summary-made-to-stick-chip-and-dan-heath-why-some.pdf
    • http://www.gorillawalker.com/tatshenshini-alsek-river-recreation-survey-summary-of-results.pdf
    • http://www.gorillawalker.com/journal-of-rudolph-friederich-kurz-an-account-of-his-experiences.pdf
    • http://www.gorillawalker.com/the-black-cat-and-the-ghoul.pdf
    • http://www.gorillawalker.com/geriatric-neurology.pdf
    • http://www.gorillawalker.com/maine-outdoor-adventure-guide.pdf
    • http://www.gorillawalker.com/origin-of-man-gen-nin-ron.pdf
    • http://www.gorillawalker.com/from-green-fields-to-golden-sands-a-bike-ride-to.pdf
    • http://www.gorillawalker.com/ibadan-the-penkelemes-years-a-memoir-1945-67.pdf
    • http://www.gorillawalker.com/ukrainian-folk-tales.pdf
    • http://www.gorillawalker.com/california-coastal-invertebrates-mac-s-guides.pdf
    • http://www.gorillawalker.com/cirque-du-freak-7-hunters-of-the-dusk-book-7.pdf
    • http://www.gorillawalker.com/lyon-s-lega
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.