Malicious PDF — malware analysis report

Static analysis result for SHA-256 4c3c7ea57faa38b1…

MALICIOUS

PDF

36.9 KB Created: 2020-03-12 17:17:48 +03:00 Authoring application: PScript5.dll Version 5.2.2 (via Acrobat Distiller 10.1.4 (Windows))
MD5: 2d5fe0267161debe0f14b90deaede807 SHA-1: 8126450e8e185b189d9d5d70cd489f1e116215ea SHA-256: 4c3c7ea57faa38b19bb7c47cc3b26467a77f11310c9877978956c2b6499e1e1b
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF contains a large number of embedded links pointing to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged this PDF as malicious. The primary attack pattern appears to be a link farm designed to drive traffic to numerous other documents, potentially for SEO manipulation or to host malicious content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8196

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-virtuous-spiral-a-guide-to-sustainability-for-ngo-s.pdf
    • http://www.gorillawalker.com/spooky-new-england-tales-of-hauntings-strange-happenings-and-other.pdf
    • http://www.gorillawalker.com/the-curability-of-consumption-a-treatise-in-which-are-detailed.pdf
    • http://www.gorillawalker.com/front-office-management-for-the-veterinary-team-1e.pdf
    • http://www.gorillawalker.com/she-bangs-other-hits-recorded-by-ricky-martin-piano-vocal.pdf
    • http://www.gorillawalker.com/poseidon-s-arrow-dirk-pitt-adventures.pdf
    • http://www.gorillawalker.com/malpais-review-vol-4-no-3-winter-2013-2014-malpais.pdf
    • http://www.gorillawalker.com/jet-vengeance-volume-3-kindle-edition.pdf
    • http://www.gorillawalker.com/hot-sweat-friend-fun-married-and-threesome-bi-curious-woman.pdf
    • http://www.gorillawalker.com/dirty-talk-10-xxx-porn-star-interviews-volume-1-kindle.pdf
    • http://www.gorillawalker.com/printreading-for-heavy-commercial-construction-part-3.pdf
    • http://www.gorillawalker.com/do-emotions-help-or-hurt-decision-making-a-hedgefoxian-perspective.pdf
    • http://www.gorillawalker.com/carbs-from-heaven-carbs-from-hell-discover-the-carbs-that.pdf
    • http://www.gorillawalker.com/captured-by-t-rex-dinosaur-erotica.pdf
    • http://www.gorillawalker.com/the-making-of-the-indian-atomic-bomb-science-secrecy-and.pdf
    • http://www.gorillawalker.com/ultimate-psychometric-tests-over-1000-verbal-numerical-diagrammatic-and-iq.pdf
    • http://www.gorillawalker.com/how-to-do-financial-asset-investigations-a-practical-guide-for.pdf
    • http://www.gorillawalker.com/infrared-and-raman-spectra-of-inorganic-and-coordination-compounds-theory.pdf
    • http://www.gorillawalker.com/happiness-a-to-z-the-gleeful-guide-to-finding-and.pdf
    • http://www.gorillawalker.com/american-society-of-hematology-self-assessment-program-third-edition-textbook.pdf
    • http://www.gorillawalker.com/brunschwig-fils-up-close-from-grand-rooms-to-your-rooms.pdf
    • http://www.gorillawalker.com/air-gear-vol-3.pdf
    • http://www.gorillawalker.com/edgar-kennedy.pdf
    • http://www.gorillawalker.com/oxford-handbook-of-public-health-practice-oxford-handbooks-series.pdf
    • http://www.gorillawalker.com/german-banking-system-an-introduction-to-the-german-banking-system.pdf
    • http://www.gorillawalker.com/modelling-molecules-and-crystals-with-chonx-stix.pdf
    • http://www.gorillawalker.com/ali-and-liston-the-boy-who-would-be-king-and.pdf
    • http://www.gorillawalker.com/nikon-d750-from-snapshots-to-great-shots.pdf
    • http://www.gorillawalker.com/human-factors-in-the-maritime-domain.pdf
    • http://www.gorillawalker.com/the-endocrine-system-human-body-how-it-works.pdf
    • http://www.gorillawalker.com/lafcadio-hearn-s-japan-an-anthology-of-his-writings-on.pdf
    • http://www.gorillawalker.com/divine-misdemeanors-a-novel-a-merry-gentry-novel-book-8.pdf
    • http://www.gorillawalker.com/a-workbook-for-differential-equations.pdf
    • http://www.gorillawalker.com/atom-chips.pdf
    • http://www.gorillawalker.com/2014-prosthodontics-national-health-professional-and-technical-qualification-examinations-guidance.pdf
    • http://www.gorillawalker.com/handbook-of-psychopharmacology-volume-16-neuropeptides.pdf
    • http://www.gorillawalker.com/7-decisiones-que-decidir.pdf
    • http://www.gorillawalker.com/sealy-and-worthington-s-cases-and-materials-in-company-law.pdf
    • http://www.gorillawalker.com/engineering-embedded-systems-physics-programs-circuits.pdf
    • http://www.gorillawalker.com/prestige-pen-projects-diy-gimmicks-flash-smoke-psi-other-writing.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.