Malicious PDF — malware analysis report

Static analysis result for SHA-256 35a70b3a23c137a2…

MALICIOUS

PDF

32.7 KB Created: 2019-12-29 00:47:23 +03:00 Authoring application: Microsoft Word (via Acrobat PDFWriter 4.0 para Windows)
MD5: 91b46474dcfaf6fab06e182a0624dd54 SHA-1: f5edff6e7a799ec53ea0bb6082628e8d20c728d7 SHA-256: 35a70b3a23c137a26e206809691245ddd639636b2258c99ca0b15a77f2b6b27d
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF was flagged by a critical heuristic for containing a mass external PDF link farm, with 32 links detected. The ML classifier also indicated a high probability of maliciousness. The embedded URLs point to various PDF documents hosted on the same domain, suggesting a coordinated effort to distribute content or manipulate search engine results. No scripts were extracted, and the document body was unreadable.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8529

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/philosophy-of-religion-classic-and-contemporary-issues.pdf
    • http://www.gorillawalker.com/my-father-frank-lloyd-wright-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/mad-tuscans-and-their-families-a-history-of-mental-disorder.pdf
    • http://www.gorillawalker.com/collections-student-edition-grade-7-2015.pdf
    • http://www.gorillawalker.com/the-vegan-nutribullet-recipe-book-200-raw-vegan-blast-and.pdf
    • http://www.gorillawalker.com/cosmos-chinese-edition-paperback.pdf
    • http://www.gorillawalker.com/syphilis-your-sexual-health.pdf
    • http://www.gorillawalker.com/symphony-no-3-op-20-voice-and-piano-reduction-volume.pdf
    • http://www.gorillawalker.com/patients-come-second-leading-change-by-changing-the-way-you.pdf
    • http://www.gorillawalker.com/the-language-of-science.pdf
    • http://www.gorillawalker.com/tragic-muse-rachel-of-the-comedie-francaise.pdf
    • http://www.gorillawalker.com/pain-medicine-manual-2e.pdf
    • http://www.gorillawalker.com/if-walls-could-talk-don-t-let-epilepsy-control-you.pdf
    • http://www.gorillawalker.com/l-amico-fritz-act-ii-cherry-duet-il-padrone-fra.pdf
    • http://www.gorillawalker.com/the-terrorism-lectures.pdf
    • http://www.gorillawalker.com/if-you-feel-too-much-thoughts-on-things-found-and.pdf
    • http://www.gorillawalker.com/military-essays-and-recollections-papers-read-before-the-commandery-of.pdf
    • http://www.gorillawalker.com/lu-xun-s-shaoxing-a-photographic-journey-through-china-s.pdf
    • http://www.gorillawalker.com/flat-belly-cookbook-easy-paleo-slow-cooker-recipes-for-busy.pdf
    • http://www.gorillawalker.com/help-yourself-to-health-sleep.pdf
    • http://www.gorillawalker.com/small-animal-spect-imaging.pdf
    • http://www.gorillawalker.com/sovereign-the-books-of-mortals.pdf
    • http://www.gorillawalker.com/behind-the-label.pdf
    • http://www.gorillawalker.com/ear-training-and-sight-singing-hardback-common.pdf
    • http://www.gorillawalker.com/of-dice-and-men-the-story-of-dungeons-dragons-and.pdf
    • http://www.gorillawalker.com/l-approaches-in-several-complex-variables-development-of-oka-cartan.pdf
    • http://www.gorillawalker.com/ten-commandments-spinal-cord-of-civilization.pdf
    • http://www.gorillawalker.com/he-conquered-the-kaiser.pdf
    • http://www.gorillawalker.com/asesinos.pdf
    • http://www.gorillawalker.com/pavane.pdf
    • http://www.gorillawalker.com/discourse-on-the-origin-of-inequality-hackett-classics.pdf
    • http://www.gorillawalker.com/saints-lives-volume-i-dumbarton-oaks-medieval-library.pdf
    • http://www.gorillawalker.com/peru-the-best-hotels-restaurants-entertainment-travel-adventures-kindle-edition.pdf
    • http://www.gorillawalker.com/easy-love-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/ch-an-and-zen-teaching.pdf
    • http://www.gorillawalker.com/sacred-weapons-of-terra-ocean-vol-2-traditional-chinese-edition.pdf
    • http://www.gorillawalker.com/measle-and-the-dragodon.pdf
    • http://www.gorillawalker.com/war-in-heaven-taking-your-place-in-the-epic-battle.pdf
    • http://www.gorillawalker.com/rumble-volume-1-what-color-of-darkness.pdf
    • http://www.gorillawalker.com/favorable-occasions-favors-for-parties-weddings-and-holidays.pdf
    • http://www.gorillawalker.com/if
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.