Malicious PDF — malware analysis report

Static analysis result for SHA-256 387f94d26c061713…

MALICIOUS

PDF

42.6 KB Created: 2019-03-19 05:03:12 +03:00 Authoring application: PageMaker 6.5 (via Acrobat Distiller 3.01 for Windows)
MD5: dd6339f52a0b2e9120510861606c2a3b SHA-1: db64197ca43324cdd154734b6b26dfed77774a1a SHA-256: 387f94d26c061713f42c5d9f6e48a1de31a7c281984686b199ae84b4d10f2e16
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious File

The PDF file was flagged by a machine learning classifier as malicious. Static analysis revealed a significant number of embedded URLs pointing to external PDF files hosted on the same domain, indicating a potential link farm or content distribution mechanism. The primary attack pattern appears to be SEO manipulation or the delivery of further malicious content through these links.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9027

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/daddies-and-daughters.pdf
    • http://www.gorillawalker.com/dictionary-of-developmental-disabilities-terminology.pdf
    • http://www.gorillawalker.com/wild-bill-and-intrepid-donovan-stephenson-and-the-origin-of.pdf
    • http://www.gorillawalker.com/old-testament-reading-plan-workbook-level-i-middle-school-student.pdf
    • http://www.gorillawalker.com/mobile-dna-iii.pdf
    • http://www.gorillawalker.com/embattled-home-lost-and-found-volume-3.pdf
    • http://www.gorillawalker.com/paleo-freezer-recipes-and-paleo-mexican-recipes-2-book-combo.pdf
    • http://www.gorillawalker.com/a-bit-of-rough-rough-series-book-1.pdf
    • http://www.gorillawalker.com/business-communication-process-product-custom-edition.pdf
    • http://www.gorillawalker.com/the-web-fianna-trilogy-book-2-kindle-edition.pdf
    • http://www.gorillawalker.com/immigrants-coming-to-america-you-are-there.pdf
    • http://www.gorillawalker.com/the-american-in-holland-sentimental-rambles-in-the-eleven-provinces.pdf
    • http://www.gorillawalker.com/wreck-of-the-nebula-dream-a-sectors-sf-romance-kindle.pdf
    • http://www.gorillawalker.com/the-anger-aggression-workbook-reproducible-self-assessments-exercises-educational-handouts.pdf
    • http://www.gorillawalker.com/from-machine-to-machine-to-the-internet-of-things-introduction.pdf
    • http://www.gorillawalker.com/math-in-focus-grade-2-assessments-singapore-math.pdf
    • http://www.gorillawalker.com/new-york-city-local-law-33-of-2007-the-construction.pdf
    • http://www.gorillawalker.com/the-secret-of-the-lord-the-simple-key-that-will.pdf
    • http://www.gorillawalker.com/moon-yosemite-sequoia-kings-canyon-moon-handbooks.pdf
    • http://www.gorillawalker.com/a-thief-s-forgiveness.pdf
    • http://www.gorillawalker.com/alpha-tau-omega-first-century-at-simpson-1885-1985.pdf
    • http://www.gorillawalker.com/fairytale-in-the-ancient-world.pdf
    • http://www.gorillawalker.com/land-use-in-a-nutshell.pdf
    • http://www.gorillawalker.com/great-wall-chinese-essentials-in-communication-book-2.pdf
    • http://www.gorillawalker.com/bbw-love-full-figured-female-erotica-bundle.pdf
    • http://www.gorillawalker.com/celtic-folklore-welsh-and-manx.pdf
    • http://www.gorillawalker.com/wheat-free-diet-for-beginners-guide-easy-wheat-free-diet.pdf
    • http://www.gorillawalker.com/prentice-hall-encuentros-maravillosos-student-edition-softcover-2005c.pdf
    • http://www.gorillawalker.com/christmas-in-new-york.pdf
    • http://www.gorillawalker.com/index-islamicus.pdf
    • http://www.gorillawalker.com/aneuploidy-impacts-on-human-health.pdf
    • http://www.gorillawalker.com/the-single-malt-whisky-companion-a-connoisseur-s-guide.pdf
    • http://www.gorillawalker.com/yi-jiu-jiujiu-zang-xing-bi-ji-a-journal-on.pdf
    • http://www.gorillawalker.com/knoche-s-law-kindle-edition.pdf
    • http://www.gorillawalker.com/birnbaum-s-caribbean-bermuda-and-the-bahamas-1989.pdf
    • http://www.gorillawalker.com/evelyn-waugh-and-the-modernist-tradition-library-of-conservative-thought.pdf
    • http://www.gorillawalker.com/the-gunter-grass-reader.pdf
    • http://www.gorillawalker.com/coral-reef-hideaway-the-story-of-a-clown-anemonefisha-a.pdf
    • http://www.gorillawalker.com/down-on-the-farm-learn-to-read-fun-fantasy-learn.pdf
    • http://www.gorillawalker.com/latinos-and-the-nation-s-future.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.