Malicious PDF — malware analysis report

Static analysis result for SHA-256 3fe2c8d1d572b86f…

MALICIOUS

PDF

40.3 KB Created: 2018-11-23 08:00:31 +03:00 Authoring application: Adobe Acrobat 8.0 Combine Files (via Adobe Acrobat 8.0)
MD5: c3b2a6cf9cb95d38f01d2fd92f37bced SHA-1: 1e3f4a4bb67a7c6580f7ea37fb512e84e295255f SHA-256: 3fe2c8d1d572b86fe93e7008825c53e31f8918a8d5f0c265e1d76c71e196bb32
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF was flagged for containing a large number of external links, a technique often used for SEO manipulation or to host malicious content. The ML classifier also indicated a high probability of maliciousness. While no scripts were extracted, the sheer volume of links suggests a malicious intent to redirect users or influence search results, aligning with a phishing or SEO spam attack pattern.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8872

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/pride-and-prejudice-inset-full-translation-chinese-edition.pdf
    • http://www.gorillawalker.com/northanger-abbey-second-edition.pdf
    • http://www.gorillawalker.com/textbook-of-pharmacoepidemiology.pdf
    • http://www.gorillawalker.com/red-white-and-black-6th-edition.pdf
    • http://www.gorillawalker.com/insiders-guide-to-colorado-springs-insiders-guide-series.pdf
    • http://www.gorillawalker.com/lonely-planet-tokyo-city-guide.pdf
    • http://www.gorillawalker.com/always-mackenzie.pdf
    • http://www.gorillawalker.com/una-musica-constante-spanish-edition.pdf
    • http://www.gorillawalker.com/state-kid-hero-of-literacy-kindle-edition.pdf
    • http://www.gorillawalker.com/transport-phenomena-and-materials-processing.pdf
    • http://www.gorillawalker.com/songbird-caged-book-2-songbird-trilogy.pdf
    • http://www.gorillawalker.com/the-savage-garden-cultivating-carnivorous-plants-paperback.pdf
    • http://www.gorillawalker.com/a-man-no-more-how-victoria-feminized-her-boss.pdf
    • http://www.gorillawalker.com/the-theatre-of-tennessee-williams-volume-5-the-milk-train.pdf
    • http://www.gorillawalker.com/hildebrand-s-travel-map-morocco-hildebrand-s-africa-indian-ocean.pdf
    • http://www.gorillawalker.com/clothing-the-sacred-medieval-textiles-as-fabric-form-and-metaphor.pdf
    • http://www.gorillawalker.com/calls-to-worship-a-pocket-resource.pdf
    • http://www.gorillawalker.com/from-bin-laden-to-facebook-10-days-of-abduction-10.pdf
    • http://www.gorillawalker.com/writing-research-papers-across-the-curriculum.pdf
    • http://www.gorillawalker.com/farewell-josephine-the-romance-of-josephine-and-napoleon.pdf
    • http://www.gorillawalker.com/yakuza-italian-edition.pdf
    • http://www.gorillawalker.com/iconic-america-a-roller-coaster-ride-through-american-pop-culture.pdf
    • http://www.gorillawalker.com/i-am-not-afraid-demon-possession-and-spiritual-warfare.pdf
    • http://www.gorillawalker.com/the-gendered-pulpit.pdf
    • http://www.gorillawalker.com/two-gulls-and-a-girl.pdf
    • http://www.gorillawalker.com/needful-wangs-the-demon-dick-theft-trilogy.pdf
    • http://www.gorillawalker.com/how-to-do-everything-ipad-3rd-edition-covers-3rd-gen.pdf
    • http://www.gorillawalker.com/accept-me-as-i-am.pdf
    • http://www.gorillawalker.com/the-azitec-cosmos-1-000-piece-puzzle.pdf
    • http://www.gorillawalker.com/best-tea-shop-walks-in-the-clwydian-hills-and-welsh.pdf
    • http://www.gorillawalker.com/visual-thinking-how-50-brain-training-puzzles-to-change-the.pdf
    • http://www.gorillawalker.com/fantastic-australians.pdf
    • http://www.gorillawalker.com/among-orangutans-red-apes-and-the-rise-of-human-culture.pdf
    • http://www.gorillawalker.com/the-annual-report-of-the-connecticut-historical-society-volume-1.pdf
    • http://www.gorillawalker.com/backdoor-brat-first-time-forbidden-taboo-kindle-edition.pdf
    • http://www.gorillawalker.com/grounded-in-heels-kindle-edition.pdf
    • http://www.gorillawalker.com/the-big-bang-theory-poster-wall-calendar-2016.pdf
    • http://www.gorillawalker.com/sysml-distilled-a-brief-guide-to-the-systems-modeling-language.pdf
    • http://www.gorillawalker.com/tattoo-arte-black-and-grey-ii-pinturas-dibujos-bocetos-planeta.pdf
    • http://www.gorillawalker.com/pitted-cherries.pdf
    • http://www.gorillawalker.com/state-kid-hero-of-literacy-kindle-edition.pd
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.