Malicious PDF — malware analysis report

Static analysis result for SHA-256 38575d90879f1289…

MALICIOUS

PDF

46.2 KB Created: 2019-04-05 20:38:09 +03:00 Authoring application: - (via Adobe Acrobat 10.0 Paper Capture Plug-in)
MD5: 3d435d4488aafa89973d8fa482313634 SHA-1: bb565c1551745f8903a1f7cfa5af817f50d3412b SHA-256: 38575d90879f128977caeac33542c78b209575c33180f775cd7ba9a42388ab8f
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious File

The PDF file was flagged by a machine learning classifier and contains a large number of embedded links to external PDF files, indicating a link farm or SEO manipulation tactic. The primary heuristic identified a "PDF_SEO_LINK_FARM" with 32 external links, suggesting the document's purpose is to distribute or promote these linked resources. No scripts were extracted, and the document body was unreadable.

Machine Learning

  • Nyx PDF Classifier malicious score 0.7914

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-counter-counterinsurgency-manual-paradigm.pdf
    • http://www.gorillawalker.com/civitas-by-design-building-better-communities-from-the-garden-city.pdf
    • http://www.gorillawalker.com/factors-of-soil-formation-a-system-of-quantitative-pedology-mcgraw.pdf
    • http://www.gorillawalker.com/deadhouse-gates-malazan-book-of-the-fallen-book-2-unabridged.pdf
    • http://www.gorillawalker.com/infection-inferno-book-1.pdf
    • http://www.gorillawalker.com/political-economy-of-development-in-india-oxford-india-paperbacks.pdf
    • http://www.gorillawalker.com/athletics-2004-the-international-track-and-field-annual.pdf
    • http://www.gorillawalker.com/4-pezzi-sacri-te-deum-no-4-trombone-4-part.pdf
    • http://www.gorillawalker.com/hal-leonard-mercyme-welcome-to-the-new-for-piano-vocal.pdf
    • http://www.gorillawalker.com/the-49ers-the-true-story.pdf
    • http://www.gorillawalker.com/cognitive-task-analysis-expertise-research-and-applications-series.pdf
    • http://www.gorillawalker.com/alex-s-arcade-adventure-understand-place-value-infomax-common-core.pdf
    • http://www.gorillawalker.com/1001-tv-series.pdf
    • http://www.gorillawalker.com/decoded-enhanced-edition.pdf
    • http://www.gorillawalker.com/the-men-behind-monty.pdf
    • http://www.gorillawalker.com/aftershock-h-i-v-e.pdf
    • http://www.gorillawalker.com/strategic-risk-taking-a-framework-for-risk-management.pdf
    • http://www.gorillawalker.com/the-fire-on-the-mountain-and-other-stories-from-ethiopia.pdf
    • http://www.gorillawalker.com/expert-oracle-database-architecture-oracle-database-9i-10g-and-11g.pdf
    • http://www.gorillawalker.com/cooking-for-two-fast-easy-delicious-low-calorie-cooking-for.pdf
    • http://www.gorillawalker.com/schizophrenia-sleep-and-acupuncture.pdf
    • http://www.gorillawalker.com/the-automotive-body-volume-i-components-design-mechanical-engineering-series.pdf
    • http://www.gorillawalker.com/armenia-travels-studies-volume-one-and-volume-two-2-volume.pdf
    • http://www.gorillawalker.com/engineering-nature-water-development-and-the-global-spread-of-american.pdf
    • http://www.gorillawalker.com/pelleas-et-melisande-in-full-score-dover-music-scores.pdf
    • http://www.gorillawalker.com/captain-fact-space-adventure-saving-the-world-one-fact-at.pdf
    • http://www.gorillawalker.com/clinical-phonology-assesment-and-treatment-of-articulation-disorders-in-children.pdf
    • http://www.gorillawalker.com/heroes-and-monsters-of-greek-myth.pdf
    • http://www.gorillawalker.com/the-new-2015-complete-guide-to-pokemon-black-and-white.pdf
    • http://www.gorillawalker.com/22-keys-to-sales-success-how-to-make-it-big.pdf
    • http://www.gorillawalker.com/klimt.pdf
    • http://www.gorillawalker.com/22-things-a-woman-must-know-if-she-loves-a.pdf
    • http://www.gorillawalker.com/the-theory-of-contract-law-new-essays-cambridge-studies-in.pdf
    • http://www.gorillawalker.com/between-states.pdf
    • http://www.gorillawalker.com/secrets-of-doctor-taverner-the.pdf
    • http://www.gorillawalker.com/itchy-brown-girl-seeks-employment.pdf
    • http://www.gorillawalker.com/first-language-lessons-for-the-well-trained-mind-level-3.pdf
    • http://www.gorillawalker.com/life-146-s-greatest-secret-the-race-to-crack-the.pdf
    • http://www.gorillawalker.com/mobility-for-sap.pdf
    • http://www.gorillawalker.com/a-small-price-to-pay-consumer-culture-on-the-canadian.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.