Malicious PDF — malware analysis report

Static analysis result for SHA-256 4d8847a308663499…

MALICIOUS

PDF

45.4 KB Created: 2018-11-30 20:31:41 +03:00 Authoring application: Adobe PageMaker 6.5 (via Acrobat Distiller 5.0 (Windows))
MD5: 7d48d24e22c51bdc00fc548455133f2e SHA-1: 9c2e51aa677c1d832f520d6cfbd424f44dfbc4df SHA-256: 4d8847a308663499e94b27b14ef9debb575a40cc15f49c5403ef0a519ad80d79
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged the document as malicious. The primary attack pattern appears to be a link farm designed to manipulate search engine results or to serve as a distribution point for other malicious content, rather than a direct exploit within the PDF itself.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8812

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/roy-clark-big-note-tv-songbook.pdf
    • http://www.gorillawalker.com/volume-26-architecture-of-peace.pdf
    • http://www.gorillawalker.com/one-hundred-years-of-general-relativity-from-genesis-and-empirical.pdf
    • http://www.gorillawalker.com/anatomy-physiology-made-incredibly-visual-incredibly-easy-series.pdf
    • http://www.gorillawalker.com/the-masters-of-nature-photography-wildlife-photographer-of-the-year.pdf
    • http://www.gorillawalker.com/countdown-harlequin-teen.pdf
    • http://www.gorillawalker.com/the-principles-and-practice-of-administrative-management-and-information-technology.pdf
    • http://www.gorillawalker.com/geomorphology-and-river-management-applications-of-the-river-styles-framework.pdf
    • http://www.gorillawalker.com/riding-series-siren-publishing-menage-amour.pdf
    • http://www.gorillawalker.com/mente-zen-mente-de-principiante-zen-mind-beginner-s-mind.pdf
    • http://www.gorillawalker.com/the-mysterious-stranger.pdf
    • http://www.gorillawalker.com/classic-spot-illustrations-from-the-twenties-and-thirties-by-james.pdf
    • http://www.gorillawalker.com/the-laws-of-the-ring.pdf
    • http://www.gorillawalker.com/p-vergilius-maro-aeneis-bibliotheca-tevbneriana-latin-edition.pdf
    • http://www.gorillawalker.com/mate-in-2-chess-puzzles-from-historic-and-modern-games.pdf
    • http://www.gorillawalker.com/logic-circuit-design-saunders-college-publishing-series-in-electrical-engineering.pdf
    • http://www.gorillawalker.com/unbroken-a-world-war-ii-story-of-survival-resilience-and.pdf
    • http://www.gorillawalker.com/new-centers-of-global-evangelicalism-in-latin-america-and-africa.pdf
    • http://www.gorillawalker.com/introduction-to-social-work-social-welfare-critical-thinking-perspectives.pdf
    • http://www.gorillawalker.com/crucible-of-fate.pdf
    • http://www.gorillawalker.com/encyclopedia-of-american-history-revolution-and-new-nation-1761-1812.pdf
    • http://www.gorillawalker.com/requiem-op-48-vocal-score-latin-edition.pdf
    • http://www.gorillawalker.com/artgerecht-das-andere-baby-buch-nat-rliche-bed-rfnisse-stillen.pdf
    • http://www.gorillawalker.com/destination-mexico-planning-a-cruise-to-mexico.pdf
    • http://www.gorillawalker.com/i-know-what-you-did-last-wednesday-diamond-brothers.pdf
    • http://www.gorillawalker.com/diary-of-a-wimpy-villager-book-4-an-unofficial-minecraft.pdf
    • http://www.gorillawalker.com/our-new-possessions-four-books-in-one-a-graphic-account.pdf
    • http://www.gorillawalker.com/ichthyo-the-architecture-of-fish.pdf
    • http://www.gorillawalker.com/principles-of-real-estate-syndication.pdf
    • http://www.gorillawalker.com/the-happiness-mindset-12-strategies-for-happiness-success-i-wish.pdf
    • http://www.gorillawalker.com/the-way-of-men-kindle-edition.pdf
    • http://www.gorillawalker.com/let-s-cut-paper-food-fun-kumon-first-steps-workbooks.pdf
    • http://www.gorillawalker.com/bearing-light-flame-relays-and-the-struggle-for-the-olympic.pdf
    • http://www.gorillawalker.com/app-empire-make-money-have-a-life-and-let-technology.pdf
    • http://www.gorillawalker.com/barchester-towers.pdf
    • http://www.gorillawalker.com/bridging-islands-venture-companies-and-the-future-of-japanese-and.pdf
    • http://www.gorillawalker.com/forge-chains-series.pdf
    • http://www.gorillawalker.com/profecia-biblica-en-12-lecciones.pdf
    • http://www.gorillawalker.com/la-f-rmula-almod-var-en-progreso-spanish-edition.pdf
    • http://www.gorillawalker.com/who-owns-the-past-cultural-policy-cultural-property-and-the.pdf
    • http://www.gorillawalker.com/ana
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.