Malicious PDF — malware analysis report

Static analysis result for SHA-256 398517e222333ac7…

MALICIOUS

PDF

43.4 KB Created: 2018-11-30 20:08:58 +03:00 Authoring application: FrameMaker 7.2 (via Acrobat Distiller 7.0 (Windows))
MD5: 041a7d128d29c80cf253d27f191b34e9 SHA-1: 4ec3fdfc29ea86f6530579e7b5c6d896fbc7c3f7 SHA-256: 398517e222333ac759d6c655036f48257d566213961439f9dc641a6a1effa067
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF file was flagged by a machine learning classifier as malicious. A critical heuristic identified a large number of external PDF links, suggesting a link farm or SEO abuse. The embedded URLs point to various PDF documents on the same domain, indicating a coordinated effort to distribute content or manipulate search rankings. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9171

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/trading-with-the-monster-sophie-s-first-monster-sophie-s.pdf
    • http://www.gorillawalker.com/instruments-of-darkness-witchcraft-in-early-modern-england.pdf
    • http://www.gorillawalker.com/100-colorful-granny-squares-to-crochet-dozens-of-mix-and.pdf
    • http://www.gorillawalker.com/das-m-dchen-ohne-gesicht-thriller-german-edition.pdf
    • http://www.gorillawalker.com/scott-foresman-spelling-spaceship.pdf
    • http://www.gorillawalker.com/jack-and-the-beanstalk-faith-as-a-seed.pdf
    • http://www.gorillawalker.com/juste-toi-et-moi-vol-12-french-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/ultimate-play-along-for-bass-alain-caron-play-book-cd.pdf
    • http://www.gorillawalker.com/globalization-and-new-international-public-works-agreements-in-developing-countries.pdf
    • http://www.gorillawalker.com/ggplot2-elegant-graphics-for-data-analysis-use-r.pdf
    • http://www.gorillawalker.com/an-exploration-into-china-s-economic-development-and-electricity-demand.pdf
    • http://www.gorillawalker.com/natural-wonders-laos-welcomes-tourists-but-still-feels-undiscovered-going.pdf
    • http://www.gorillawalker.com/the-correspondence-of-the-colonial-governors-of-rhode-island-1723.pdf
    • http://www.gorillawalker.com/episodes-from-the-early-history-of-mathematics.pdf
    • http://www.gorillawalker.com/birds-of-the-west-indies-a-guide-to-the-species.pdf
    • http://www.gorillawalker.com/crown-key-awakening-crown-key-chronicles-volume-1.pdf
    • http://www.gorillawalker.com/faith-lessons-on-the-death-and-resurrection-of-the-messiah.pdf
    • http://www.gorillawalker.com/the-rugby-pocket-bible.pdf
    • http://www.gorillawalker.com/hymns-the-hymnal-of-inter-varsity-christian-fellowship.pdf
    • http://www.gorillawalker.com/sudden-bloom.pdf
    • http://www.gorillawalker.com/the-nature-of-urban-design-a-new-york-perspective-on.pdf
    • http://www.gorillawalker.com/jfk-and-lbj-the-influence-of-personality-upon-politics.pdf
    • http://www.gorillawalker.com/by-boat-getting-around.pdf
    • http://www.gorillawalker.com/to-wed-the-fae-prince.pdf
    • http://www.gorillawalker.com/guess-what-level-5-activity-book-with-online-resources-british.pdf
    • http://www.gorillawalker.com/arrl-s-rf-amplifier-classics.pdf
    • http://www.gorillawalker.com/w-d-gann-divination-by-mathematics-harmonic-analysis.pdf
    • http://www.gorillawalker.com/vergleichende-gegenuberstellung-medizinisch-therapeuthischer-behandlungsmethoden-nach-calcaneusfrakturen-fersenbeinfrakturen-german-edition.pdf
    • http://www.gorillawalker.com/measurement-in-economics-a-handbook.pdf
    • http://www.gorillawalker.com/deadbolts-and-dinkles.pdf
    • http://www.gorillawalker.com/cityside.pdf
    • http://www.gorillawalker.com/the-warmth-of-god-in-the-alaskan-territory-christian-western.pdf
    • http://www.gorillawalker.com/playwriting-for-dummies-1st-first-edition-by-parra-angelo-2011.pdf
    • http://www.gorillawalker.com/jerry-moffatt-revelations.pdf
    • http://www.gorillawalker.com/yardsticks-children-in-the-classroom-ages-4-14.pdf
    • http://www.gorillawalker.com/thirty-six-sermons-of-john-calvin-kindle-edition.pdf
    • http://www.gorillawalker.com/cambia-tu-lenguaje-y-empodera-tus-hijos-empod-rate-n.pdf
    • http://www.gorillawalker.com/las-ense-anzas-secretas-de-las-plantas-la-inteligencia-del.pdf
    • http://www.gorillawalker.com/post-anarchism-a-reader.pdf
    • http://www.gorillawalker.com/richard-i.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.