Malicious PDF — malware analysis report

Static analysis result for SHA-256 35ee467d56fc478d…

MALICIOUS

PDF

46.5 KB Created: 2018-11-26 20:10:10 +03:00 Authoring application: - (via Acrobat Distiller 15.0 (Windows))
MD5: ddafb776c1cdd24b9429e7d81dec9c32 SHA-1: 15f200f49de562f81c1e24426219d8a2bfdd3e50 SHA-256: 35ee467d56fc478d6372f6d3816374357c53e09073023b629f49063b397939c7
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded URLs pointing to external websites, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged this PDF as malicious. While no scripts were extracted, the sheer volume of links suggests a malicious intent, possibly for SEO manipulation or to redirect users to further malicious content. The document body was unreadable.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8518

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/knossos-the-palace-of-minos-a-survey-of-the-minoan.pdf
    • http://www.gorillawalker.com/the-boy-who-drew-monsters-a-novel.pdf
    • http://www.gorillawalker.com/additional-skill-and-exercise-manual-for-college-algebra-in-context.pdf
    • http://www.gorillawalker.com/lermontov-s-hero-of-our-time-critical-studies-in-russian.pdf
    • http://www.gorillawalker.com/carl-fischer-method-for-trumpet-book-4-book.pdf
    • http://www.gorillawalker.com/the-lost-warrior-warriors-1.pdf
    • http://www.gorillawalker.com/turner-s-classical-landscapes-myth-and-meaning.pdf
    • http://www.gorillawalker.com/architectura-cum-exercitationibus-notisque-novissimus-j-poleni-et-commentarii-variorum.pdf
    • http://www.gorillawalker.com/the-fairy-berry-bake-off-disney-fairies-step-into-reading.pdf
    • http://www.gorillawalker.com/a-voyage-to-terra-australis-3-volumes.pdf
    • http://www.gorillawalker.com/flyfisher-s-guide-to-northern-california-flyfisher-s-guides.pdf
    • http://www.gorillawalker.com/cold-night-jack-paine-mysteries-book-2-kindle-edition.pdf
    • http://www.gorillawalker.com/human-diseases-for-medical-assistants.pdf
    • http://www.gorillawalker.com/design-construction-and-operation-of-a-150-kw-solar-powered.pdf
    • http://www.gorillawalker.com/pinguinos-penguins-spanish-edition.pdf
    • http://www.gorillawalker.com/assessing-english-language-learners-in-the-content-areas-a-research.pdf
    • http://www.gorillawalker.com/o2xygen-oxygen-therapies-a-new-way-of-approaching-disease.pdf
    • http://www.gorillawalker.com/el-estilo-es-la-idea-ensayo-hispanoamericano-del-siglo-xx.pdf
    • http://www.gorillawalker.com/the-scholarship-book-the-complete-guide-to-private-sector-scholarships.pdf
    • http://www.gorillawalker.com/tales-of-a-low-rent-birder.pdf
    • http://www.gorillawalker.com/lonely-planet-lo-mejor-de-china-travel-guide-spanish-edition.pdf
    • http://www.gorillawalker.com/shakespeare-s-songbook.pdf
    • http://www.gorillawalker.com/medical-students-to-guide-private-medical-school-pass-reader-2011.pdf
    • http://www.gorillawalker.com/the-perils-of-pierre-book-4-the-trap.pdf
    • http://www.gorillawalker.com/a-history-of-immunology-second-edition.pdf
    • http://www.gorillawalker.com/by-larina-kase-anxiety-disorders-wiley-concise-guides-to-mental.pdf
    • http://www.gorillawalker.com/windsor-and-eton-british-historic-town-atlas-iv.pdf
    • http://www.gorillawalker.com/principles-of-electronic-ceramics.pdf
    • http://www.gorillawalker.com/cello-concerto-op-104-critical-edition-full-score-a7132.pdf
    • http://www.gorillawalker.com/gold-experience-a2-active-teach.pdf
    • http://www.gorillawalker.com/medical-assisting-a-commitment-to-service-administrative-and-clinical-competencies.pdf
    • http://www.gorillawalker.com/fruits-and-vegetables-of-the-caribbean-caribbean-natural-history-series.pdf
    • http://www.gorillawalker.com/ebay-performance-selling-success-with-market-research-and-product-sourcing.pdf
    • http://www.gorillawalker.com/the-fall-of-the-packard-motor-car-company.pdf
    • http://www.gorillawalker.com/grieg-piano-concerto-in-a-minor-op-16-piano-part.pdf
    • http://www.gorillawalker.com/richard-de-mediavilla-questions-disput-es-tome-ii-questions-9.pdf
    • http://www.gorillawalker.com/the-rolls-royce-phantom-ii-and-phantom-iii-complete-classics.pdf
    • http://www.gorillawalker.com/top-10.pdf
    • http://www.gorillawalker.com/our-work-is-but-begun-a-history-of-the-university.pdf
    • http://www.gorillawalker.com/afghanistan-the-culture-lands-peoples-and-cultures.pdf
    • http://www.gorillawalker.com/carl-fischer-method-for-trumpet-book-4-boo
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.