Malicious PDF — malware analysis report

Static analysis result for SHA-256 3b5913f9f2f5fd18…

MALICIOUS

PDF

34.1 KB Created: 2019-05-24 00:42:54 +03:00 Authoring application: PageMaker 6.5 (via Acrobat Distiller 3.01 for Windows)
MD5: f4074b39ecf33b6966f96ab0fe9a9b97 SHA-1: 65e88e9ed534712cb55988712218d6b1199584c3 SHA-256: 3b5913f9f2f5fd18a5e0bed761c3492a07849872d3be57502d7bfc35f3004633
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML_NYX_PDF_MALICIOUS heuristic also flagged the document as malicious. The primary attack pattern appears to be a link farm designed to manipulate search engine results or to distribute additional malicious content via the linked PDFs.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8313

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/vocabulary-power-grade-k-slipcase-edition-vocabulary-power-reading.pdf
    • http://www.gorillawalker.com/second-skin-josephine-baker-the-modern-surface.pdf
    • http://www.gorillawalker.com/bahamian-archaeology-life-in-the-bahamas-and-turks-and-caicos.pdf
    • http://www.gorillawalker.com/differential-equations-and-boundary-value-problems-computing-and-modeling-4th.pdf
    • http://www.gorillawalker.com/food-allergies-a-medical-dictionary-bibliography-and-annotated-research-guide.pdf
    • http://www.gorillawalker.com/international-neurolaw-a-comparative-analysis.pdf
    • http://www.gorillawalker.com/the-goblin-pony-and-other-stories-scary-fairy-tales.pdf
    • http://www.gorillawalker.com/management-lessons-from-mayo-clinic-inside-one-of-the-world.pdf
    • http://www.gorillawalker.com/special-polymers-for-electronics-and-optoelectronics.pdf
    • http://www.gorillawalker.com/eyes-in-a-storm-how-one-community-weathered-life-after.pdf
    • http://www.gorillawalker.com/raising-atlantis-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/principles-of-financial-engineering-academic-press-advanced-finance.pdf
    • http://www.gorillawalker.com/the-permissive-society-and-its-enemies-sixties-british-culture.pdf
    • http://www.gorillawalker.com/migration-and-international-trade-the-us-experience-since-1945.pdf
    • http://www.gorillawalker.com/the-nikon-d90-companion.pdf
    • http://www.gorillawalker.com/blackjack-calendar-2000-super-bikes.pdf
    • http://www.gorillawalker.com/exambusters-english-word-roots-vocabulary-flashcards-sat-act-gre-praxis.pdf
    • http://www.gorillawalker.com/leonardo-dicaprio-anatomy-of-an-actor.pdf
    • http://www.gorillawalker.com/chemical-induction-of-cancer-structural-bases-and-biological-mechanisms-part.pdf
    • http://www.gorillawalker.com/spectrum-writing-grade-2.pdf
    • http://www.gorillawalker.com/the-king-of-kahel.pdf
    • http://www.gorillawalker.com/anne-bonney-my-pirate-story.pdf
    • http://www.gorillawalker.com/a-gillnet-s-drift-tales-of-fish-and-freedom-on.pdf
    • http://www.gorillawalker.com/alberti-haller-ad-enumerationem-stirpium-helveticarum-emendationes-et-auctaria-romanian.pdf
    • http://www.gorillawalker.com/arming-against-hitler-france-and-the-limits-of-military-planning.pdf
    • http://www.gorillawalker.com/snare-drum-duets-25-duets-fortwo-snare-drums-bk-cd.pdf
    • http://www.gorillawalker.com/the-new-best-of-america-for-guitar-easy-tab-deluxe.pdf
    • http://www.gorillawalker.com/the-dirty-war-covert-strategies-and-tactics-used-in-political.pdf
    • http://www.gorillawalker.com/a-thread-in-the-tangle-legends-of-fyrsta-book-1.pdf
    • http://www.gorillawalker.com/introduction-to-scholastic-philosophy-medieval-and-modern.pdf
    • http://www.gorillawalker.com/muslim-women-throughout-the-world-a-bibliography.pdf
    • http://www.gorillawalker.com/indian-takeaway.pdf
    • http://www.gorillawalker.com/encyclopedia-of-romanticism-culture-in-britain-1780s-1830s-garland-reference.pdf
    • http://www.gorillawalker.com/there-s-something-about-werewolves-seven-brides-for-seven-shifters.pdf
    • http://www.gorillawalker.com/legio-xxxi-kindle-edition.pdf
    • http://www.gorillawalker.com/life-magazine-march-9-1959.pdf
    • http://www.gorillawalker.com/get-down-to-business-and-you-ll-get-the-job.pdf
    • http://www.gorillawalker.com/presidential-lightning-rods-the-politics-of-blame-avoidance-studies-in.pdf
    • http://www.gorillawalker.com/spring-wildflowers-of-the-san-francisco-bay-region-california-natural.pdf
    • http://www.gorillawalker.com/how-to-make-it-big-as-a-consultant-4th-fourth.pdf
    • http://www.gorillawalker.com/migration-and-international-trade-the-us-experience-s
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.