Malicious PDF — malware analysis report

Static analysis result for SHA-256 35c88c367fc9c0ae…

MALICIOUS

PDF

33.9 KB Created: 2020-02-08 21:02:20 +03:00 Authoring application: - (via Mac OS X 10.6.8 Quartz PDFContext)
MD5: 1b24fd37ac7dda391c66855464fb6a8b SHA-1: 598fa1d3270da69b8c8037172fa841a851f82e26 SHA-256: 35c88c367fc9c0aeab2c57197865add7ed09ffabf4b01b0298a360ae0084c12a
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Phishing: Spearphishing Attachment T1204.002 Malicious Link: Malicious File

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged the document as malicious. The primary attack pattern appears to be a link farm, potentially for SEO manipulation or to distribute further malicious content disguised as legitimate documents.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8529

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-kingfisher-young-people-s-book-of-the-universe-kingfisher.pdf
    • http://www.gorillawalker.com/diccionario-biografico-de-personajes-historicos-del-siglo-xx-espanol-biographical.pdf
    • http://www.gorillawalker.com/australia-touring-atlas-a4.pdf
    • http://www.gorillawalker.com/southwest-ireland-cork-kerry-and-limerick-cadogan-guides.pdf
    • http://www.gorillawalker.com/math-jokes-4-mathy-folks.pdf
    • http://www.gorillawalker.com/preparing-for-inspection-the-second-round.pdf
    • http://www.gorillawalker.com/scotland-in-the-nineteenth-century-an-analytical-bibliography-of-material.pdf
    • http://www.gorillawalker.com/seitz-fritz-student-s-concerto-no-2-in-g-major.pdf
    • http://www.gorillawalker.com/presidential-debates.pdf
    • http://www.gorillawalker.com/the-new-commandments.pdf
    • http://www.gorillawalker.com/lookin-for-luv-a-man-s-world-series.pdf
    • http://www.gorillawalker.com/higher-order-theories-of-consciousness-an-anthology-advances-in-consciousness.pdf
    • http://www.gorillawalker.com/the-political-evolution-of-muslims-in-tamilnadu-and-madras-1930.pdf
    • http://www.gorillawalker.com/addnet-network-a-low-end-technology-success-university-of-georgia.pdf
    • http://www.gorillawalker.com/instamatics.pdf
    • http://www.gorillawalker.com/the-life-recovery-journey-inspiring-stories-and-biblical-wisdom-as.pdf
    • http://www.gorillawalker.com/confesi-n-de-un-sicario-a-sicarii-confession-spanish-edition.pdf
    • http://www.gorillawalker.com/smoke-firing-contemporary-artists-and-approaches.pdf
    • http://www.gorillawalker.com/hidden-worldviews-eight-cultural-stories-that-shape-our-lives.pdf
    • http://www.gorillawalker.com/the-treaty-of-nice.pdf
    • http://www.gorillawalker.com/clinical-manifestations-assessment-of-respiratory-disease.pdf
    • http://www.gorillawalker.com/gnss-for-vehicle-control-gnss-technology-and-applications.pdf
    • http://www.gorillawalker.com/graven-images-frame-monographs-of-contemporary-interior-architects.pdf
    • http://www.gorillawalker.com/iditarod-activites-for-the-classroom-book-1.pdf
    • http://www.gorillawalker.com/beyond-the-arab-spring-authoritarianism-democratization-in-the-arab-world.pdf
    • http://www.gorillawalker.com/highland-wedding.pdf
    • http://www.gorillawalker.com/five-guys-named-moe-vocal-selection.pdf
    • http://www.gorillawalker.com/what-s-past-is-prologue-the-personal-stories-of-women.pdf
    • http://www.gorillawalker.com/a-whisper-of-danger-treasures-of-the-heart-2-heartquest.pdf
    • http://www.gorillawalker.com/intraoperative-neurophysiological-monitoring-for-deep-brain-stimulation-principles-practice-and.pdf
    • http://www.gorillawalker.com/anatomy-for-martial-artists.pdf
    • http://www.gorillawalker.com/shadowland-blood-on-the-streets.pdf
    • http://www.gorillawalker.com/artes-de-mexico-3-la-talavera-de-puebla-talavera-pottery.pdf
    • http://www.gorillawalker.com/skymaul-2-where-america-buys-his-stuff.pdf
    • http://www.gorillawalker.com/digital-electronics-principles-and-applications-student-text-with-multisim-cd.pdf
    • http://www.gorillawalker.com/portraits-and-profiles.pdf
    • http://www.gorillawalker.com/blood-forest.pdf
    • http://www.gorillawalker.com/nonvolatile-memory-technologies-with-emphasis-on-flash-a-comprehensive-guide.pdf
    • http://www.gorillawalker.com/an-introduction-to-the-calculus-of-variations-dover-books-on.pdf
    • http://www.gorillawalker.com/german-infantry-in-action-weapons-combat-troops-no-2.pdf
    • http://www.gori
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.