Malicious PDF — malware analysis report

Static analysis result for SHA-256 3531606b016f9b1b…

MALICIOUS

PDF

43.0 KB Created: 2019-04-11 16:13:49 +03:00 Authoring application: XPP (via Adobe Acrobat Pro DC 15.23.20053)
MD5: ca7ce6640d46af7cf57e3ac9bff1863a SHA-1: d2a8fea8b88ce34680f1e891030f607d4a8c3b00 SHA-256: 3531606b016f9b1b2879f8508c4c10133a5d4110681f0bdaa994ec7a5ed86828
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF was flagged by a machine learning classifier as malicious. Static analysis revealed a large number of embedded URLs pointing to PDFs hosted on the same domain, indicating a potential link farm or SEO abuse tactic. While no scripts were extracted, the sheer volume of links suggests a malicious intent to redirect users or manipulate search engine rankings.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9027

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/city-streets-chicago-il-pocket-map-laminated.pdf
    • http://www.gorillawalker.com/recent-developments-in-european-thought.pdf
    • http://www.gorillawalker.com/un-mundo-perfecto-perfect-world-coleccion-derechos-del-nino-children.pdf
    • http://www.gorillawalker.com/brits-the-war-against-the-ira.pdf
    • http://www.gorillawalker.com/las-cuatro-nobles-verdades-coleccion-autoayuda-spanish-edition.pdf
    • http://www.gorillawalker.com/my-first-look-at-iran.pdf
    • http://www.gorillawalker.com/outback-cook.pdf
    • http://www.gorillawalker.com/tombs-temples-and-their-orientations-a-new-perspective-on-mediterranean.pdf
    • http://www.gorillawalker.com/footprints-across-the-south-bartram-s-trail-revisited.pdf
    • http://www.gorillawalker.com/the-ccl-handbook-of-coaching-a-guide-for-the-leader.pdf
    • http://www.gorillawalker.com/lenten-pharmacy-daily-healing-therapies.pdf
    • http://www.gorillawalker.com/eutychus-youth-applied-theology-for-youth-ministry-reaching-youth-on.pdf
    • http://www.gorillawalker.com/performance-and-the-contemporary-city-an-interdisciplinary-reader.pdf
    • http://www.gorillawalker.com/nursing-its-principles-and-practice-for-hospital-and-private-use.pdf
    • http://www.gorillawalker.com/owl-city-ocean-eyes.pdf
    • http://www.gorillawalker.com/the-window-fragments-from-an-ordinary-life-in-poetry.pdf
    • http://www.gorillawalker.com/uganda-be-kidding-me-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/summary-mark-r-levin-the-liberty-amendments-restoring-the-american.pdf
    • http://www.gorillawalker.com/jane-s-armour-and-artillery-upgrades-2002-2003.pdf
    • http://www.gorillawalker.com/inner-whispers-messages-from-a-spirit-guide-volume-2.pdf
    • http://www.gorillawalker.com/earth-and-reveries-of-will-an-essay-on-the-imagination.pdf
    • http://www.gorillawalker.com/compendium-of-materia-medica-diet-therapy-paperback.pdf
    • http://www.gorillawalker.com/mcdougal-littell-concepts-skills-california-test-and-practice-workbook-grade.pdf
    • http://www.gorillawalker.com/aesop-s-fables-dolly-parton-s-imagination-library.pdf
    • http://www.gorillawalker.com/height-velocity-test-ah-1g-helicopter-at-heavy-gross-weight.pdf
    • http://www.gorillawalker.com/cajun-through-and-through.pdf
    • http://www.gorillawalker.com/power-trip-2.pdf
    • http://www.gorillawalker.com/campus-cravings-broken-pottery.pdf
    • http://www.gorillawalker.com/black-white-and-gold.pdf
    • http://www.gorillawalker.com/the-broken-road-from-the-iron-gates-to-mount-athos.pdf
    • http://www.gorillawalker.com/khaos-fire-dragons-book-3.pdf
    • http://www.gorillawalker.com/entrenamiento-para-el-jugador-de-ajedrez-spanish-edition.pdf
    • http://www.gorillawalker.com/corporate-social-responsibility-and-trade-unions-perspectives-across-europe-routledge.pdf
    • http://www.gorillawalker.com/house-of-the-dead-other-world.pdf
    • http://www.gorillawalker.com/the-volkswagen-book.pdf
    • http://www.gorillawalker.com/disney-junior-encyclopedia-of-animated-characters-including-characters-from-your.pdf
    • http://www.gorillawalker.com/forrest-general-medical-center-advanced-medical-transcription-course-2nd-edition.pdf
    • http://www.gorillawalker.com/lost-riders.pdf
    • http://www.gorillawalker.com/the-reece-malcolm-list-stacy-cantor-abrams-collection-book.pdf
    • http://www.gorillawalker.com/recommended-country-inns-the-midwest-8th-recommended-country-inns-series.pdf
    • http://www.gorillawalker.com/las-cuatro-nobles-verdades-coleccion-autoayud
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.