Malicious PDF — malware analysis report

Static analysis result for SHA-256 466fe37dd5f24d30…

MALICIOUS

PDF

38.5 KB Created: 2019-03-17 11:37:08 +03:00 Authoring application: - (via Acrobat Distiller 4.0 for Windows)
MD5: 397ec9e442df37b15340b7dc0dc367b7 SHA-1: e5b37e50ed35a929bd5be19825521e0b37fefd35 SHA-256: 466fe37dd5f24d30eaff5378e44e679226ff3b073c517967ba20d9aabb28147c
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged this PDF as malicious. The embedded URLs point to a website that appears to host a link farm, suggesting a potential SEO manipulation or content distribution scheme. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8702

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/2-portraits-op-5-trumpet-1-and-2-parts-qty.pdf
    • http://www.gorillawalker.com/policy-analysis-concepts-and-practice-4th-edition.pdf
    • http://www.gorillawalker.com/mycenae-a-guide-to-its-ruins-and-history-ekdotike-athenon.pdf
    • http://www.gorillawalker.com/wie-sie-als-tagesmutter-in-einer-gro-tagespflegestelle-t-tig.pdf
    • http://www.gorillawalker.com/to-the-ends-of-the-earth-100-maps-that-changed.pdf
    • http://www.gorillawalker.com/workbook-for-tonal-harmony-with-an-introduction-to-twentieth-century.pdf
    • http://www.gorillawalker.com/the-night-in-question.pdf
    • http://www.gorillawalker.com/dragons-mythologies.pdf
    • http://www.gorillawalker.com/william-whiteway-of-dorchester.pdf
    • http://www.gorillawalker.com/a-lifetime-in-the-eye-of-the-storm.pdf
    • http://www.gorillawalker.com/nolan-s-labor-and-employment-arbitration-in-a-nutshell-2d.pdf
    • http://www.gorillawalker.com/russian-cooking-golden-cooking-card-bk.pdf
    • http://www.gorillawalker.com/acts-the-church-ignited-part-1-wisdom-of-the-word.pdf
    • http://www.gorillawalker.com/guide-to-the-heartman-manuscripts-on-slavery.pdf
    • http://www.gorillawalker.com/writing-meaningful-teacher-evaluations-right-now-the-principal-s-quick.pdf
    • http://www.gorillawalker.com/marmosets-and-tamarins-pocket-identification-guide-conservation-international-pocket-guide.pdf
    • http://www.gorillawalker.com/mermaid-saga-vol-3.pdf
    • http://www.gorillawalker.com/christmas-decorations-from-williamsburg.pdf
    • http://www.gorillawalker.com/stephen-biesty-s-cross-sections-castle.pdf
    • http://www.gorillawalker.com/the-prayer-factor.pdf
    • http://www.gorillawalker.com/sietera-ratones-ciegos-seven-blind-mice-spanish-edition.pdf
    • http://www.gorillawalker.com/popular-potato-recipes.pdf
    • http://www.gorillawalker.com/airport-planning-and-management-6-e.pdf
    • http://www.gorillawalker.com/insider-s-guide-act-2nd-ed.pdf
    • http://www.gorillawalker.com/soul-catcher.pdf
    • http://www.gorillawalker.com/the-houstorian-dictionary.pdf
    • http://www.gorillawalker.com/when-love-calls-a-novel-the-gregory-sisters.pdf
    • http://www.gorillawalker.com/nothing-to-fear-jesus-walks-on-water-me-too-readers.pdf
    • http://www.gorillawalker.com/permissible-dose-a-history-of-radiation-protection-in-the-twentieth.pdf
    • http://www.gorillawalker.com/tuscany-tour-atlas.pdf
    • http://www.gorillawalker.com/africa-grades-5-8.pdf
    • http://www.gorillawalker.com/studies-in-classical-hebrew-studia-judaica.pdf
    • http://www.gorillawalker.com/more.pdf
    • http://www.gorillawalker.com/advances-in-parasitology-volume-9-apl-volume-9.pdf
    • http://www.gorillawalker.com/tikki-tikki-tembo-spanish.pdf
    • http://www.gorillawalker.com/ein-herz-und-ein-sinn-op-323-harp-part-qty.pdf
    • http://www.gorillawalker.com/a-birthday-for-ben-children-with-hearing-difficulty-moonbeam-childrens.pdf
    • http://www.gorillawalker.com/woe-unto-death.pdf
    • http://www.gorillawalker.com/la-ciudad-maya-un-escenario-sagrado-the-mayan-city-a.pdf
    • http://www.gorillawalker.com/bloodborne-vampiress-thrillogy-book-1-kindle-edition.pdf
    • http://www.gorillawalker
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.