Malicious PDF — malware analysis report

Static analysis result for SHA-256 44017b8007e4f11d…

MALICIOUS

PDF

42.9 KB Created: 2019-04-04 23:04:23 +03:00 Authoring application: Adobe Illustrator CS5.1 (via GPL Ghostscript 9.10)
MD5: f449e0034c87b9cf25b179e81b4c5597 SHA-1: 195d8bf2d0fcd390c1bc6adb0acd1e14d57ccee3 SHA-256: 44017b8007e4f11d4350d7d454897a204678ec4e228e1891e9bd1a45999dfe13
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF file was flagged by a critical heuristic for containing a large number of external links, suggesting a link farm for SEO manipulation or to distribute malicious content. The ML classifier also strongly indicated maliciousness. While no scripts were extracted, the sheer volume of links points to a deceptive or malicious intent, likely to lure users to external sites.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/anti-monopoly-law-and-practice-in-china.pdf
    • http://www.gorillawalker.com/the-suit-a-machiavellian-approach-to-men-s-style.pdf
    • http://www.gorillawalker.com/fortran.pdf
    • http://www.gorillawalker.com/guide-to-normandy-brittany-their-celtic-monuments-ancient-churches-and.pdf
    • http://www.gorillawalker.com/the-casualty-issue-in-american-military-practice-the-impact-of.pdf
    • http://www.gorillawalker.com/preaching-islamic-revival-amr-khaled-mass-media-and-social-change.pdf
    • http://www.gorillawalker.com/the-goodnight-kiss-collectors-edition-fear-street-includes-2-super.pdf
    • http://www.gorillawalker.com/liderazgo-101-lo-que-todo-l.pdf
    • http://www.gorillawalker.com/sanshiro-a-novel.pdf
    • http://www.gorillawalker.com/easter-1916-the-irish-rebellion.pdf
    • http://www.gorillawalker.com/living-with-the-hawk.pdf
    • http://www.gorillawalker.com/felicia-s-journey-a-novel.pdf
    • http://www.gorillawalker.com/eiskunstlauf-basics-german-edition.pdf
    • http://www.gorillawalker.com/introduction-to-medical-surgical-nursing-3e.pdf
    • http://www.gorillawalker.com/a-priest-in-the-home.pdf
    • http://www.gorillawalker.com/accumulation-on-a-world-scale-a-critique-of-the-theory.pdf
    • http://www.gorillawalker.com/environments-for-multi-agent-systems-iv-4th-international-workshop-e4mas.pdf
    • http://www.gorillawalker.com/children-s-art-therapy-2007-engagement-calendar.pdf
    • http://www.gorillawalker.com/changing-the-conversation-the-17-principles-of-conflict-resolution.pdf
    • http://www.gorillawalker.com/awareness-through-movement-easy-to-do-health-exercises-to-improve.pdf
    • http://www.gorillawalker.com/little-house-on-the-highway-a-story-of-a-homeless.pdf
    • http://www.gorillawalker.com/leafing-four-decades-of-books-and-publications-of-spanish-artists.pdf
    • http://www.gorillawalker.com/rising-from-deep-places-women-s-lives-and-the-ecology.pdf
    • http://www.gorillawalker.com/introduction-to-business-analysis-and-valuation.pdf
    • http://www.gorillawalker.com/what-is-god-an-investigation-of-the-perfections-of-god.pdf
    • http://www.gorillawalker.com/tarot-a-beginners-guide-kindle-edition.pdf
    • http://www.gorillawalker.com/visceral-and-obstetric-osteopathy-1e-by-caroline-stone-dec-28.pdf
    • http://www.gorillawalker.com/the-official-queen-2016-a3-calendar.pdf
    • http://www.gorillawalker.com/budapest-webster-s-specialty-crossword-puzzles.pdf
    • http://www.gorillawalker.com/lucinda-la-gansa-y-la-venta-de-patio-spanish-edition.pdf
    • http://www.gorillawalker.com/the-invitation-only-zone-the-true-story-of-north-korea.pdf
    • http://www.gorillawalker.com/human-capital-management-achieving-added-value-through-people.pdf
    • http://www.gorillawalker.com/murphy-s-sleep-to-get-you-get-rich-money-and.pdf
    • http://www.gorillawalker.com/chosen-buffy-the-vampire-slayer.pdf
    • http://www.gorillawalker.com/lip-flexibilities-for-all-brass-instruments-by-bai-lin-1996.pdf
    • http://www.gorillawalker.com/la-trilogie-des-celibataires-d-honore-de-balzac-french-edition.pdf
    • http://www.gorillawalker.com/the-psychology-of-politicians.pdf
    • http://www.gorillawalker.com/a-body-of-doctrinal-divinity-baptist-faith.pdf
    • http://www.gorillawalker.com/brunello-cucinelli-spa-italian-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/clinical-aspects-of-sexual-harassment-and-gender-discrimination-psychological-consequences.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.