Malicious PDF — malware analysis report

Static analysis result for SHA-256 3337580459b5ae3f…

MALICIOUS

PDF

43.5 KB Created: 2018-11-23 08:04:43 +03:00 Authoring application: Adobe PageMaker 7.0 (via Acrobat Distiller 5.0.5 (Windows))
MD5: 6eba16915e36b315db3fc8b3156ba424 SHA-1: efa369058b213ea85db0919dbb44fd8c7586ab3a SHA-256: 3337580459b5ae3f41afedaf437a4cdd880ec376e58227fc50668b500bf120ee
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of external links to other PDF documents hosted on the same domain, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged this PDF as malicious. The embedded URLs likely serve as a lure to direct users to a website that may host further malicious content or be used for SEO spam.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8683

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/add-adhd-autism-ocd-and-more-a-detailed-informational-resource.pdf
    • http://www.gorillawalker.com/prisons-today-s-debate-issues-in-focus.pdf
    • http://www.gorillawalker.com/rf-and-microwave-transistor-oscillator-design.pdf
    • http://www.gorillawalker.com/no-14-in-f-sharp-minor-chic-hult-alto-recorder.pdf
    • http://www.gorillawalker.com/voices-from-the-second-republic-of-south-vietnam-1967-1975.pdf
    • http://www.gorillawalker.com/fun-parties-for-fun-kids.pdf
    • http://www.gorillawalker.com/methods-in-psychological-research.pdf
    • http://www.gorillawalker.com/glbt-teens-and-society-teens-being-gay-lesbian-bisexual-or.pdf
    • http://www.gorillawalker.com/in-christ-alone.pdf
    • http://www.gorillawalker.com/the-genetic-inferno-inside-the-seven-deadly-sins.pdf
    • http://www.gorillawalker.com/choosing-the-right-daw-for-you-take-the-guesswork-out.pdf
    • http://www.gorillawalker.com/god-s-business-balancing-faith-and-the-bottom-line.pdf
    • http://www.gorillawalker.com/unbelievable-sex-5-story-erotica-bundle-vampire-werewolf-shifter-mummy.pdf
    • http://www.gorillawalker.com/wake-up-america-world-war-i-and-the-american-poster.pdf
    • http://www.gorillawalker.com/afternoon-tea-the-australian-women-s-weekly-essentials.pdf
    • http://www.gorillawalker.com/the-last-testament-a-memoir-kindle-edition.pdf
    • http://www.gorillawalker.com/un-fils-inattendu-french-edition.pdf
    • http://www.gorillawalker.com/local-attachments-the-making-of-an-american-urban-neighborhood-1850.pdf
    • http://www.gorillawalker.com/psychiatric-care-in-the-nursing-home-1st-first-edition.pdf
    • http://www.gorillawalker.com/moving-from-project-management-to-project-leadership-a-practical-guide.pdf
    • http://www.gorillawalker.com/clusterfuck.pdf
    • http://www.gorillawalker.com/the-truth-about-adhd-and-other-neurobiological-disorders.pdf
    • http://www.gorillawalker.com/ingredients-webster-s-specialty-crossword-puzzles.pdf
    • http://www.gorillawalker.com/the-exile-ryan-kealey-series.pdf
    • http://www.gorillawalker.com/hackers-toeic-start-reading-for-korean-speakers-by-david-cho.pdf
    • http://www.gorillawalker.com/scholastic-success-with-grammar-grade-1-scholastic-success-with-workbooks.pdf
    • http://www.gorillawalker.com/redesigning-the-financial-aid-system-why-colleges-and-universities-should.pdf
    • http://www.gorillawalker.com/practical-reverse-engineering-x86-x64-arm-windows-kernel-reversing-tools.pdf
    • http://www.gorillawalker.com/forgotten-voices-victoria-cross.pdf
    • http://www.gorillawalker.com/recorder-practice-book-music-3-for-christian-schools.pdf
    • http://www.gorillawalker.com/horny-turkish-delights.pdf
    • http://www.gorillawalker.com/stem-cell-therapies-opportunities-for-ensuring-the-quality-and-safety.pdf
    • http://www.gorillawalker.com/resilience.pdf
    • http://www.gorillawalker.com/assessing-communication-education-a-handbook-for-media-speech-and-theatre.pdf
    • http://www.gorillawalker.com/babyface-a-collection-of-his-greatest-hits-piano-vocal-guitar.pdf
    • http://www.gorillawalker.com/how-to-find-old-la-a-guide-to-the-usual.pdf
    • http://www.gorillawalker.com/wood-destroying-insects-wood-borers-and-termites.pdf
    • http://www.gorillawalker.com/traits-of-a-lasting-marriage-what-strong-marriages-have-in.pdf
    • http://www.gorillawalker.com/iron-war-dave-scott-mark-allen-the-greatest-race-ever.pdf
    • http://www.gorillawalker.com/delmar-s-clinical-lab-manual-series-urinalysis-clinical-laboratory-manual.pdf
    • http://www.gorillawalker.com/
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.