Malicious PDF — malware analysis report

Static analysis result for SHA-256 4c5422a0e286027d…

MALICIOUS

PDF

46.3 KB Created: 2018-12-15 08:16:34 +03:00 Authoring application: Windows PSCRIPT (via Acrobat Distiller 3.01 for Windows)
MD5: 16b185b386da83353b4999c4eaa07b48 SHA-1: 7d2ffa732f199e7f879b46d22e4636cd14cbff46 SHA-256: 4c5422a0e286027d45820ba912ed7e98437b42ac1958437d71c021e4d6f671ea
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links pointing to external PDF files, as detected by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged this PDF as malicious. The primary attack pattern appears to be a link farm designed to manipulate search engine results or to distribute a large volume of content, potentially malicious, from a single domain.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8518

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/applied-sketching-and-technical-drawing.pdf
    • http://www.gorillawalker.com/a-hittite-glossary-words-of-known-or-conjectured-meaning-with.pdf
    • http://www.gorillawalker.com/machiavelli-s-the-prince-cliffs-notes.pdf
    • http://www.gorillawalker.com/introduction-to-telecom-billing-usage-events-call-detail-records-and.pdf
    • http://www.gorillawalker.com/finite-mathematics-custom-edition-for-south-plains-college.pdf
    • http://www.gorillawalker.com/lady-scarlett.pdf
    • http://www.gorillawalker.com/gef-reaktionen-der-k-rperperipherie-bei-schalleinwirkung-forschungsberichte-des-wirtschafts.pdf
    • http://www.gorillawalker.com/hereditary-bone-and-joint-diseases-in-the-dog-osteochondroses-hip.pdf
    • http://www.gorillawalker.com/joel-osteen-jokes-hilarious-collection-of-joel-osteen-jokes-you.pdf
    • http://www.gorillawalker.com/return-of-the-ripper-an-1890s-scenario-for-call-of.pdf
    • http://www.gorillawalker.com/kohala-kuamo-o-nae-ole-s-race-to-save-a.pdf
    • http://www.gorillawalker.com/einf-hrung-in-die-moderne-strafrechtsgeschichte-springer-lehrbuch-german-edition.pdf
    • http://www.gorillawalker.com/hull-pevsner-city-guide-pevsner-architectural-guides.pdf
    • http://www.gorillawalker.com/jacksonville-the-delaplaine-2015-long-weekend-guide-long-weekend-guides.pdf
    • http://www.gorillawalker.com/from-the-new-deal-to-the-new-right-race-and.pdf
    • http://www.gorillawalker.com/hole-in-my-life-kindle-edition.pdf
    • http://www.gorillawalker.com/science-of-hair-care-and-science-of-wave-permanent-wave.pdf
    • http://www.gorillawalker.com/robert-schumann-and-the-study-of-orchestral-composition-the-genesis.pdf
    • http://www.gorillawalker.com/larousse-diccionario-basico-escolar-basic-spanish-dictionary-spanish-edition.pdf
    • http://www.gorillawalker.com/fractal-creation-2016-mindfuledition.pdf
    • http://www.gorillawalker.com/cinema-sewer-volume-3-the-adults-only-guide-to-history.pdf
    • http://www.gorillawalker.com/passkey-ea-review-part-1-individuals-irs-enrolled-agent-exam.pdf
    • http://www.gorillawalker.com/an-interpretive-guide-to-operatic-arias-a-handbook-for-singers.pdf
    • http://www.gorillawalker.com/the-ultimate-body-book-4-weeks-to-your-best-abs.pdf
    • http://www.gorillawalker.com/russian-american-hymnal-christian-hymns-hymns-both-in-english-and.pdf
    • http://www.gorillawalker.com/reader-rabbit-kindergarten-reader-rabbit-giant-workbooks.pdf
    • http://www.gorillawalker.com/paris-berlitz-pocket-guide-berlitz-pocket-guides.pdf
    • http://www.gorillawalker.com/lights-drama-worship-volume-2-plays-sketches-and-readings-for.pdf
    • http://www.gorillawalker.com/fleet-tactics-and-coastal-combat.pdf
    • http://www.gorillawalker.com/life-of-faith-what-has-god-done-for-you.pdf
    • http://www.gorillawalker.com/bible-based-businesses-biblical-principles-for-true-success-in-business.pdf
    • http://www.gorillawalker.com/web-standards-solutions-the-markup-and-style-handbook-pioneering-series.pdf
    • http://www.gorillawalker.com/was-ist-kunst-aus-dem-russischen-bersetzt-von-dr-alexis.pdf
    • http://www.gorillawalker.com/plumber-s-and-pipe-fitter-s-calculations-manual-mcgraw-hill.pdf
    • http://www.gorillawalker.com/segmentation-revenue-management-and-pricing-analytics.pdf
    • http://www.gorillawalker.com/live-sound-basics-volume-1.pdf
    • http://www.gorillawalker.com/long-gone-girl.pdf
    • http://www.gorillawalker.com/heart-smart-cookbook.pdf
    • http://www.gorillawalker.com/health-and-fitness-for-children.pdf
    • http://www.gorillawalker.com/the-non-designer-s-design-book-design-and-typographic-principles.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.