Malicious PDF — malware analysis report

Static analysis result for SHA-256 475c9b4e82a7eec5…

MALICIOUS

PDF

47.0 KB Created: 2019-01-06 08:24:25 +03:00 Authoring application: Acrobat 5.0 Image Conversion Plug-in for Windows
MD5: 72e33ee3c580e98e306fddc05882c074 SHA-1: 3fb2bd45dc3231d2a9a8c2b9b39714edeab18cb9 SHA-256: 475c9b4e82a7eec5d3aa62f7b338bf614d69b1df847b5a654446f8f5feb6bf7a
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF document was flagged by a machine learning classifier and contains a large number of external links, indicating a potential SEO spam or phishing campaign. The primary heuristic identified a link farm with 32 external PDF links, suggesting the document's purpose is to redirect users to various malicious sites. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8518

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/havanas-for-pleasure.pdf
    • http://www.gorillawalker.com/attack-of-the-ship-of-fools-part-1-neurotypical-fundamentalism.pdf
    • http://www.gorillawalker.com/eastern-zhou-ritual-bronzes-from-the-arthur-m-sackler-collections.pdf
    • http://www.gorillawalker.com/elements-of-witchcraft-natural-magick-for-teens-kindle-edition.pdf
    • http://www.gorillawalker.com/a-history-of-the-inquisition-of-the-middle-ages-in.pdf
    • http://www.gorillawalker.com/talking-back-to-ritalin-what-doctors-aren-t-telling-you.pdf
    • http://www.gorillawalker.com/delicate-tapestries-a-step-by-step-guide-to-raising-eastern.pdf
    • http://www.gorillawalker.com/translation-adaptation-and-transformation-bloomsbury-advances-in-translation.pdf
    • http://www.gorillawalker.com/the-amateur-strategist-intuitive-deterrence-theories-and-the-politics-of.pdf
    • http://www.gorillawalker.com/legion-of-super-heroes-vol-1-teenage-revolution.pdf
    • http://www.gorillawalker.com/the-devil-in-the-white-city-murder-magic-madness-and.pdf
    • http://www.gorillawalker.com/investing-for-couch-potatoes-concise-edition-concise-series-volume-1.pdf
    • http://www.gorillawalker.com/sociology-a-brief-introduction-11e-loose-leaf.pdf
    • http://www.gorillawalker.com/social-security-recovery-of-benefits-act-1997-chapter-27-public.pdf
    • http://www.gorillawalker.com/encyclopedia-of-hair-a-cultural-history.pdf
    • http://www.gorillawalker.com/classified-hip-hop-or-i-wanna-blow-up-like-marilyn.pdf
    • http://www.gorillawalker.com/a-rainbow-of-friends.pdf
    • http://www.gorillawalker.com/plague-nation-ashley-parker.pdf
    • http://www.gorillawalker.com/1918-the-german-offensives-rare-photographs-from-wartime-archives-images.pdf
    • http://www.gorillawalker.com/irina-ionesco-r.pdf
    • http://www.gorillawalker.com/basali-stories-by-and-about-women-in-lesotho.pdf
    • http://www.gorillawalker.com/the-fortunes-of-francesca-christmas-theme.pdf
    • http://www.gorillawalker.com/before-she-hits-the-roof.pdf
    • http://www.gorillawalker.com/sevcik-for-cello-op-2-part-5.pdf
    • http://www.gorillawalker.com/the-adoption-of-international-accounting-standards-in-germany.pdf
    • http://www.gorillawalker.com/detox-cleanse-for-fast-weight-loss-anti-aging-holistic-healing.pdf
    • http://www.gorillawalker.com/the-bundy-murders-a-comprehensive-history-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/gender-and-germanness-cultural-productions-of-nation-modern-german-studies.pdf
    • http://www.gorillawalker.com/the-harvard-psychedelic-club-how-timothy-leary-ram-dass-huston.pdf
    • http://www.gorillawalker.com/women-claim-the-vote-the-rise-of-the-women-s.pdf
    • http://www.gorillawalker.com/healing-the-eight-stages-of-life.pdf
    • http://www.gorillawalker.com/the-garden-party-and-other-stories-adaptation-oxford-bookworms-library.pdf
    • http://www.gorillawalker.com/speaking-desires-can-be-dangerous-the-poetics-of-the-unconscious.pdf
    • http://www.gorillawalker.com/rose-book-of-bible-charts-volume-3.pdf
    • http://www.gorillawalker.com/the-primarchs-the-horus-heresy.pdf
    • http://www.gorillawalker.com/zapp-the-lightning-of-empowerment-how-to-improve-quality-productivity.pdf
    • http://www.gorillawalker.com/lo-que-no-te-dice-tu-hija-what-your-daughter.pdf
    • http://www.gorillawalker.com/roald-dahl-s-revolting-rhymes.pdf
    • http://www.gorillawalker.com/gray-s-anatomy-review-1e.pdf
    • http://www.gorillawalker.com/tutankhamun-the-exodus-conspiracy-the-truth-behind-archaeology-s-greatest.pdf
    • http://www.gorillawalker.com/a-history-of-the-inquisition-of-the-middle
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.