Malicious PDF — malware analysis report

Static analysis result for SHA-256 4798745b41f9174a…

MALICIOUS

PDF

42.7 KB Created: 2018-12-15 08:10:17 +03:00 Authoring application: - (via Acrobat Distiller Daemon 3.0 for Solaris 2.3 and later (SPARC))
MD5: 52cd8b67eb7c9d9027d06b746253f86d SHA-1: 5683ed087e6ade8d052d766d222ead851477b812 SHA-256: 4798745b41f9174a1e361522675bd7fa82b822f8bb03fba1e3eccfd1e153830a
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious File

The PDF contains a large number of embedded links to external PDF files, as detected by the PDF_SEO_LINK_FARM heuristic. The ML_NYX_PDF_MALICIOUS classifier also flagged the document with high confidence. The primary attack pattern appears to be a link farm designed to manipulate search engine results or distribute potentially malicious content via numerous PDF links.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8242

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/information-technology-for-csec.pdf
    • http://www.gorillawalker.com/the-companion-guide-to-london-new-edn-companion-guides.pdf
    • http://www.gorillawalker.com/paleo-diet-guide-to-living-a-paleo-diet-paleo-for.pdf
    • http://www.gorillawalker.com/strictly-fish-cookbook.pdf
    • http://www.gorillawalker.com/psychology-and-life.pdf
    • http://www.gorillawalker.com/basic-transport-phenomena-in-biomedical-engineering-by-fournier-ronald-l.pdf
    • http://www.gorillawalker.com/psychological-perspectives-on-childcare-in-indian-indigenous-health-systems.pdf
    • http://www.gorillawalker.com/the-paschal-lamb-an-easter-play-in-four-acts.pdf
    • http://www.gorillawalker.com/trip-to-santa-barbara-on-amtrak-japanese-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/british-woodies-from-the-1920-s-to-the-1950-s.pdf
    • http://www.gorillawalker.com/alexanders-geist-alexander-s-spirit-beitrage-zur-altertumskunde-german-edition.pdf
    • http://www.gorillawalker.com/physical-activity-and-health-an-interactive-approach-3rd-edition-paperback.pdf
    • http://www.gorillawalker.com/maui-revealed-the-ultimate-guidebook-second-edition.pdf
    • http://www.gorillawalker.com/xuxa-the-mega-marketing-of-gender-race-and-modernity.pdf
    • http://www.gorillawalker.com/texes-mathematics-4-8-115-teacher-certification-test-prep-study.pdf
    • http://www.gorillawalker.com/politics-in-time-history-institutions-and-social-analysis.pdf
    • http://www.gorillawalker.com/consuming-passions-feminist-approaches-to-weight-preoccupation-and-eating-disorders.pdf
    • http://www.gorillawalker.com/just-the-way-you-are.pdf
    • http://www.gorillawalker.com/american-cookery-formerly-the-boston-cooking-school-magazine-full-year.pdf
    • http://www.gorillawalker.com/politics-and-banking-ideas-public-policy-and-the-creation-of.pdf
    • http://www.gorillawalker.com/mean-mothers.pdf
    • http://www.gorillawalker.com/chalk-full-of-fun-easy-games.pdf
    • http://www.gorillawalker.com/verses-of-virtue-the-poetry-and-prose-of-christian-womanhood.pdf
    • http://www.gorillawalker.com/getting-started-in-real-estate-investing.pdf
    • http://www.gorillawalker.com/labour-goes-to-war-the-cio-and-the-construction-of.pdf
    • http://www.gorillawalker.com/songs-of-the-1940s-tenor-saxophone-40s-forties-decade-the.pdf
    • http://www.gorillawalker.com/paleodieta-per-il-crossfit-fa-del-tuo-corpo-una-macchina.pdf
    • http://www.gorillawalker.com/suzy-gershman-s-born-to-shop-france.pdf
    • http://www.gorillawalker.com/satsuma-gishiden-volume-2.pdf
    • http://www.gorillawalker.com/comentario-biblico-del-maestro-spanish-edition.pdf
    • http://www.gorillawalker.com/the-day-the-voices-stopped-a-schizophrenic-s-journey-from.pdf
    • http://www.gorillawalker.com/translation-and-the-spanish-empire-in-the-americas-benjamins-translation.pdf
    • http://www.gorillawalker.com/kampuchia-1981-eyewitness-reports.pdf
    • http://www.gorillawalker.com/history-s-vanquished-goddess-asherah-god-s-wife-the-goddess.pdf
    • http://www.gorillawalker.com/cuban-fire-the-story-of-salsa-and-latin-jazz.pdf
    • http://www.gorillawalker.com/requiem-for-battleship-yamato.pdf
    • http://www.gorillawalker.com/el-noviazgo-cristiano-spanish-edition.pdf
    • http://www.gorillawalker.com/loving-hawai-i.pdf
    • http://www.gorillawalker.com/it-s-not-about-the-money-your-coach-in-a.pdf
    • http://www.gorillawalker.com/clinical-management-of-fibromyalgia.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.