Malicious PDF — malware analysis report

Static analysis result for SHA-256 481615e5f991496c…

MALICIOUS

PDF

44.2 KB Created: 2019-04-10 12:10:10 +03:00 Authoring application: Adobe PageMaker 6.52 (via Acrobat Distiller 3.01 for Windows)
MD5: d96a3cb155778256c49f68ecc1b409f8 SHA-1: a1be5b3dc1b85bb53af84a84a75f3a6422caecb3 SHA-256: 481615e5f991496c3826806f081a894b4bb8545a08bb203a85ac88e9118f900a
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Phishing: Spearphishing Attachment T1204.002 Malicious Link

The PDF file was flagged by a machine learning classifier as malicious and contains a large number of external links, indicating a potential SEO poisoning or phishing attack. The embedded links point to various PDF documents hosted on the same domain, suggesting a link farm designed to manipulate search engine results or lure users to malicious content. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9171

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/a-cup-of-water-under-my-bed-a-memoir.pdf
    • http://www.gorillawalker.com/personalizing-evaluation.pdf
    • http://www.gorillawalker.com/the-morganville-vampires-omnibus-vol-1-glass-houses-the-dead.pdf
    • http://www.gorillawalker.com/guide-to-peripheral-and-cerebrovascular-intervention.pdf
    • http://www.gorillawalker.com/a-confederate-englishman-the-civil-war-letters-of-henry-wemyss.pdf
    • http://www.gorillawalker.com/porsche-the-fine-art-of-the-sports-car-hardcover.pdf
    • http://www.gorillawalker.com/charles-and-amanda-the-adventuresome-frogs.pdf
    • http://www.gorillawalker.com/against-the-vietnam-war-writings-by-activists.pdf
    • http://www.gorillawalker.com/the-map-to-everywhere.pdf
    • http://www.gorillawalker.com/clases-de-literatura-berkeley-1980-spanish-edition.pdf
    • http://www.gorillawalker.com/recycled-materials-in-pavement-design.pdf
    • http://www.gorillawalker.com/the-civil-code-of-the-german-empire-as-enacted-on.pdf
    • http://www.gorillawalker.com/home-care-for-the-stroke-patient-living-in-a-pattern.pdf
    • http://www.gorillawalker.com/winter-promise-seasons-of-the-heart.pdf
    • http://www.gorillawalker.com/internal-taxation-in-the-philippines-the-johns-hopkins-university-studies.pdf
    • http://www.gorillawalker.com/perception-politics-and-security-in-south-asia-the-compound-crisis.pdf
    • http://www.gorillawalker.com/obsession-year-of-fire.pdf
    • http://www.gorillawalker.com/battle-cruiser.pdf
    • http://www.gorillawalker.com/asian-american-literature-an-introduction-to-the-writings-and-their.pdf
    • http://www.gorillawalker.com/criteria-for-divisibility-popular-lectures-in-mathematics.pdf
    • http://www.gorillawalker.com/nowhere-to-hide-the-story-of-royale-racing-cars.pdf
    • http://www.gorillawalker.com/burnt-bones-special-x-thriller-book-7-kindle-edition.pdf
    • http://www.gorillawalker.com/the-eleanor-roosevelt-papers-the-human-rights-years-1949-1952.pdf
    • http://www.gorillawalker.com/understanding-muhammad-and-muslims.pdf
    • http://www.gorillawalker.com/where-s-the-soda-tub.pdf
    • http://www.gorillawalker.com/construction-contracts-law-and-management.pdf
    • http://www.gorillawalker.com/rambles-in-yucatan-or-notes-of-travel-through-the-peninsula.pdf
    • http://www.gorillawalker.com/the-golden-ei8ht-kindle-edition.pdf
    • http://www.gorillawalker.com/comparative-public-policy.pdf
    • http://www.gorillawalker.com/healing-grace-finding-a-freedom-from-the-performance-trap.pdf
    • http://www.gorillawalker.com/rest-in-pizza-pizza-lovers-mysteries.pdf
    • http://www.gorillawalker.com/construction-technology-student-text.pdf
    • http://www.gorillawalker.com/saudi-arabia-construction-contract-award-for-planned-33-000-000.pdf
    • http://www.gorillawalker.com/aspects-of-semidefinite-programming-interior-point-algorithms-and-selected-applications.pdf
    • http://www.gorillawalker.com/the-oxford-companion-to-twentieth-century-poetry-in-english-oxford.pdf
    • http://www.gorillawalker.com/3-department-of-prosthesis-pediatric-dentistry-orthodontics-dental-country-test.pdf
    • http://www.gorillawalker.com/una-ciudad-hist-rica-antigua-guatemala-su-pasado-y-su.pdf
    • http://www.gorillawalker.com/analytical-models-for-decision-making-understanding-public-health.pdf
    • http://www.gorillawalker.com/the-attraction-principle-finding-keeping-and-teaming-passionate-people.pdf
    • http://www.gorillawalker.com/quest-for-decisive-victory-from-stalemate-to-blitzkrieg-in-europe.pdf
    • http://www.gorillawalker.com/recycled-materials-in-pavemen
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.