Malicious PDF — malware analysis report

Static analysis result for SHA-256 39727d22f2824878…

MALICIOUS

PDF

44.2 KB Created: 2018-11-23 08:07:57 +03:00 Authoring application: FrameMaker 12.0.2 (via Acrobat Distiller 11.0 (Windows))
MD5: 875257118cc73117b15c536db386ede3 SHA-1: aaf2e0a0d4e8c1c29a65404351c909aa8a3da067 SHA-256: 39727d22f28248784ed3faaac36e00943880ecfd715bf7a185e886e144977dee
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1059.001 PowerShell

The PDF file was flagged by a machine learning classifier as malicious. It contains a significant number of embedded URLs pointing to external PDF documents, a technique often used for SEO manipulation or to host malicious payloads. The heuristic 'PDF_SEO_LINK_FARM' specifically identifies this behavior, indicating a likely attempt to distribute or redirect users to other malicious resources.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8452

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/urban-people-and-places-the-sociology-of-cities-suburbs-and.pdf
    • http://www.gorillawalker.com/ant-man-giant-man-epic-collection-the-man-in-the.pdf
    • http://www.gorillawalker.com/for-doctors-only.pdf
    • http://www.gorillawalker.com/bergman-s-trial-advocacy-in-a-nutshell-4th-nutshell-series.pdf
    • http://www.gorillawalker.com/porky-and-bess-step-into-reading.pdf
    • http://www.gorillawalker.com/syrah-grenache-and-mourvedre-grape-guides-to-varieties.pdf
    • http://www.gorillawalker.com/fantasy-sketch-art-fantay-sketch-art-1.pdf
    • http://www.gorillawalker.com/pakistan-s-quagmire-security-strategy-and-the-future-of-the.pdf
    • http://www.gorillawalker.com/lehrbuch-der-mathematischen-physik-band-2-klassische-feldtheorie-german-edition.pdf
    • http://www.gorillawalker.com/die-gr-nen-eine-interpretationshilfe-german-edition.pdf
    • http://www.gorillawalker.com/the-christian-tradition-a-history-of-the-development-of-doctrine.pdf
    • http://www.gorillawalker.com/the-rough-guide-to-southeast-asia-on-a-budget-1.pdf
    • http://www.gorillawalker.com/balzac-a-life.pdf
    • http://www.gorillawalker.com/the-twentieth-century-pulpit.pdf
    • http://www.gorillawalker.com/reading-photography.pdf
    • http://www.gorillawalker.com/ballet-barre-and-center-combinations-word-descriptions.pdf
    • http://www.gorillawalker.com/irish-harp-music-traditional-and-original-irish-airs-arranged-for.pdf
    • http://www.gorillawalker.com/autism-spectrum-disorders-issues-in-assessment-and-intervention.pdf
    • http://www.gorillawalker.com/complexity-artificial-life-research-methods-paperback.pdf
    • http://www.gorillawalker.com/angel-or-not-angel-for-sure.pdf
    • http://www.gorillawalker.com/pivot-table-data-crunching-microsoft-excel-2010-mrexcel-library.pdf
    • http://www.gorillawalker.com/a-frog-and-a-toad-how-are-they-different-library.pdf
    • http://www.gorillawalker.com/stout-v-jefferson-county-board-of-education-u-s-supreme.pdf
    • http://www.gorillawalker.com/organic-metamorphism-and-geothermal-history-microscopic-study-of-organic-matter.pdf
    • http://www.gorillawalker.com/advanced-custom-motorcycle-wiring-revised-edition.pdf
    • http://www.gorillawalker.com/rites-of-the-republic-citizens-theatre-and-the-politics-of.pdf
    • http://www.gorillawalker.com/biowarfare-in-america.pdf
    • http://www.gorillawalker.com/soul-strategy-the-conscious-entrepreneurs-guide-to-earning-creating-value.pdf
    • http://www.gorillawalker.com/net-neutrality-in-europe-la-neutralit-de-l-internet-en.pdf
    • http://www.gorillawalker.com/pregnancy-back-to-shape-exercise-program.pdf
    • http://www.gorillawalker.com/my-life-as-an-explorer-hunt-for-the-past.pdf
    • http://www.gorillawalker.com/path-of-the-seer-warhammer-40-000-novels-path-of.pdf
    • http://www.gorillawalker.com/dokono-the-donkey-kindle-edition.pdf
    • http://www.gorillawalker.com/hal-leonard-the-disney-heroes-collection-recorder-fun-3-book.pdf
    • http://www.gorillawalker.com/reading-comprehension-grade-8-the-100-series-153.pdf
    • http://www.gorillawalker.com/diplodocus.pdf
    • http://www.gorillawalker.com/jake-bakes-cakes-a-silly-rhyming-children-s-picture-book.pdf
    • http://www.gorillawalker.com/immortality.pdf
    • http://www.gorillawalker.com/engage-transforming-healthcare-through-digital-patient-engagement.pdf
    • http://www.gorillawalker.com/gas-chromatography-analytical-chemistry-by-open-learning.pdf
    • http://www.gorillawalker.com/fantasy-sketch-art-fantay-ske
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.