Malicious PDF — malware analysis report

Static analysis result for SHA-256 4ae71aaddddcfedb…

MALICIOUS

PDF

34.7 KB Created: 2020-02-08 21:01:20 +03:00 Authoring application: - (via Acrobat Distiller Daemon 3.0 for Solaris 2.3 and later (SPARC))
MD5: a3cfc075969b31939f446db531d73679 SHA-1: df242e4aaeb339a622fae2ad54c6f4881543e466 SHA-256: 4ae71aaddddcfedb933bd31005fb5fbadd818a56a7af9b8ab7ed635ed81b6199
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links to external PDF files hosted on the same domain. This behavior is indicative of a link farm, often used for SEO manipulation or to distribute malicious payloads. The ML classifier also flagged this PDF as malicious.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8315

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/how-to-win-at-squash.pdf
    • http://www.gorillawalker.com/x-treme-cuisine-an-adrenaline-charged-cookbook-for-the-young.pdf
    • http://www.gorillawalker.com/david-busch-s-compact-field-guide-for-the-nikon-d3100.pdf
    • http://www.gorillawalker.com/life-these-days-stories-from-lake-wobegon.pdf
    • http://www.gorillawalker.com/meta-barons-tarot.pdf
    • http://www.gorillawalker.com/3-plays-by-plautus.pdf
    • http://www.gorillawalker.com/stories-for-amanda.pdf
    • http://www.gorillawalker.com/african-calliope-a-journey-to-the-sudan-1981.pdf
    • http://www.gorillawalker.com/the-new-york-stock-exchange-a-guide-to-information-sources.pdf
    • http://www.gorillawalker.com/timed-release-a-detroit-metropolitan-love-story-timed-duet-part.pdf
    • http://www.gorillawalker.com/way-of-cross-sign-of-contradiction.pdf
    • http://www.gorillawalker.com/real-justice-convicted-for-being-mi-kmaq-the-story-of.pdf
    • http://www.gorillawalker.com/sham-how-the-self-help-movement-made-america-helpless-unabridged.pdf
    • http://www.gorillawalker.com/como-ver-en-el-esp-ritu-una-gu-a-pr.pdf
    • http://www.gorillawalker.com/robbers.pdf
    • http://www.gorillawalker.com/a-nation-of-millionaires.pdf
    • http://www.gorillawalker.com/dr-ruth-talks-about-grandparents-advice-for-kids-on-making.pdf
    • http://www.gorillawalker.com/national-parks-and-seashores-of-the-east-the-complete-guide.pdf
    • http://www.gorillawalker.com/gaining-interest-uk-s-wildlife-wealth-and-the-law.pdf
    • http://www.gorillawalker.com/cassirer-panofsky-and-warburg-symbol-art-and-history.pdf
    • http://www.gorillawalker.com/ferrari-p-series-the-rear-engined-v-12-cars-1963.pdf
    • http://www.gorillawalker.com/duck-for-a-day.pdf
    • http://www.gorillawalker.com/new-york-post-scary-su-doku.pdf
    • http://www.gorillawalker.com/the-great-civil-war-draft-riot-cornerstones-of-freedom-second.pdf
    • http://www.gorillawalker.com/the-ultimate-guide-to-collectible-lego-sets-identification-and-price.pdf
    • http://www.gorillawalker.com/just-jesus-the-evidence-of-history.pdf
    • http://www.gorillawalker.com/universal-abandon-the-politics-of-postmodernism-studies-in-classical-philology.pdf
    • http://www.gorillawalker.com/famous-japanese-swordsmen-the-period-of-unification.pdf
    • http://www.gorillawalker.com/serials-mgmt-frontiers-of-access-to-library-materials.pdf
    • http://www.gorillawalker.com/knowing-yourself-the-true-in-the-false.pdf
    • http://www.gorillawalker.com/cuentos-de-costumbres-folklore-stories-mis-favoritos-20-anos-de.pdf
    • http://www.gorillawalker.com/persecuted-i-will-not-be-silent.pdf
    • http://www.gorillawalker.com/tiger-woods-an-unauthorized-biography-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/getawayx-create-wealth-and-income-with-vacation-real-estate.pdf
    • http://www.gorillawalker.com/beyond-actions-psychology-of-action-research-for-mindful-educational-improvement.pdf
    • http://www.gorillawalker.com/be-a-successful-property-manager.pdf
    • http://www.gorillawalker.com/helen-keller-timeline-for-kids.pdf
    • http://www.gorillawalker.com/solar-energy-handbook.pdf
    • http://www.gorillawalker.com/engineering-construction-and-operations-in-space-ii.pdf
    • http://www.gorillawalker.com/storm-of-the-century-an-original-screenplay.pdf
    • http://www.gorillawalker.com/timed-release-a-detroit-metropolita
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.