Malicious PDF — malware analysis report

Static analysis result for SHA-256 4d415bbd1073d25a…

MALICIOUS

PDF

31.8 KB Created: 2020-02-08 18:22:01 +03:00 Authoring application: PageMaker 6.5 (via Acrobat Distiller 3.01 for Windows)
MD5: 77123e5361f01c06a8a8ae8dd935640f SHA-1: c07b40d84c0b6695eb315a7222d6e4958cc8dc7d SHA-256: 4d415bbd1073d25a019f453f65860432cdbf3db3d1eda2e7e13a72f5a71c36ca
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF file was flagged by a machine learning classifier and contains a significant number of external links, indicating a potential SEO poisoning or phishing attack. The primary heuristic identified a 'PDF_SEO_LINK_FARM' with 32 external links, many of which are long and descriptive, suggesting an attempt to manipulate search engine results. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8447

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/traded-the-wilde-brothers-cover-reveal-coming-soon-usa-today.pdf
    • http://www.gorillawalker.com/boots-under-her-bed.pdf
    • http://www.gorillawalker.com/the-putter-s-pocket-companion.pdf
    • http://www.gorillawalker.com/denver-international-airport-lessons-learned.pdf
    • http://www.gorillawalker.com/the-reading-puzzle-spelling-grades-4-8.pdf
    • http://www.gorillawalker.com/montreal-from-a-to-z-an-alphabetical-guide-alphabet-city.pdf
    • http://www.gorillawalker.com/guitar-stories-vol-2-the-histories-of-cool-guitars-guitar.pdf
    • http://www.gorillawalker.com/paul-durand-ruel-discovering-impressionists.pdf
    • http://www.gorillawalker.com/hal-leonard-fiddle-tunes-for-ukulele.pdf
    • http://www.gorillawalker.com/assessments-for-the-science-process-skills-of-inquiry.pdf
    • http://www.gorillawalker.com/in-heaven-everything-is-fine-the-unsolved-life-of-peter.pdf
    • http://www.gorillawalker.com/basic-harmony-workbook-for-finding-the-right-pitch-ii-a.pdf
    • http://www.gorillawalker.com/molecular-dynamics-and-spectroscopy-by-stimulated-emission-pumping-advanced-series.pdf
    • http://www.gorillawalker.com/medea-hackett-classics.pdf
    • http://www.gorillawalker.com/critical-mass-transport-environment-and-society-in-the-21st-century.pdf
    • http://www.gorillawalker.com/topographical-stories-studies-in-landscape-and-architecture-penn-studies-in.pdf
    • http://www.gorillawalker.com/togden-shakya-shri-paperback.pdf
    • http://www.gorillawalker.com/breaking-the-devil.pdf
    • http://www.gorillawalker.com/two-books-on-blackjack-one-third-of-a-shoe-how.pdf
    • http://www.gorillawalker.com/awakening-to-the-dream.pdf
    • http://www.gorillawalker.com/truth-beauty-pictorialism-and-the-photograph-as-art-1845-1945.pdf
    • http://www.gorillawalker.com/amazon-fba-decoded-how-to-make-an-extra-200-per.pdf
    • http://www.gorillawalker.com/diary-of-a-wimpy-kid.pdf
    • http://www.gorillawalker.com/barrons-toefl-cd-korean-edition.pdf
    • http://www.gorillawalker.com/index-and-register-of-seashells-with-cross-references.pdf
    • http://www.gorillawalker.com/cultural-landscapes-in-the-ancient-andes-archaeologies-of-place.pdf
    • http://www.gorillawalker.com/the-himalayan-journal-1996-v-52-vol-52.pdf
    • http://www.gorillawalker.com/facing-the-modern-the-portrait-in-vienna-1900-national-gallery.pdf
    • http://www.gorillawalker.com/dark-knight-system-a-repertoire-with-1-nc6.pdf
    • http://www.gorillawalker.com/the-surrender-of-persephone.pdf
    • http://www.gorillawalker.com/football-stories-bad-boys-hard-men.pdf
    • http://www.gorillawalker.com/commodity-trader-s-almanac-2010-almanac-investor-series.pdf
    • http://www.gorillawalker.com/puszcza-zielonka-przewodnik-polish-edition.pdf
    • http://www.gorillawalker.com/seismic-stratigraphy.pdf
    • http://www.gorillawalker.com/teenage-smoking-programme.pdf
    • http://www.gorillawalker.com/art-of-dreams-2011-wall-calendar-calendar.pdf
    • http://www.gorillawalker.com/medical-office-administration-a-worktext-3e.pdf
    • http://www.gorillawalker.com/a-daughter-s-secret.pdf
    • http://www.gorillawalker.com/fish-physiology-v9b-volume-9b.pdf
    • http://www.gorillawalker.com/celtic-lore-legend.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.