Malicious PDF — malware analysis report

Static analysis result for SHA-256 54880c809b3e5bc1…

MALICIOUS

PDF

43.0 KB Created: 2018-12-15 08:10:53 +03:00 Authoring application: FrameMaker 7.0 (via Acrobat Distiller 5.0.5 (Windows))
MD5: a99b04a118fecbfd4602c6e9b2b30d12 SHA-1: e415ebd2fe2a050cf6a5f1f5d946c5785cae4f9e SHA-256: 54880c809b3e5bc112174a5a0aa48262704c92f6f0290e900882a957a8039a23
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF heuristic 'PDF_SEO_LINK_FARM' indicates the presence of 32 external links, with the first being http://www.gorillawalker.com/pathfinder-campaign-setting-irrisen-land-of-eternal-winter.pdf. This suggests the document's primary purpose is to act as a link farm, likely for SEO manipulation or to distribute malicious content. The ML classifier also flagged the PDF as malicious with a high score. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8872

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/pathfinder-campaign-setting-irrisen-land-of-eternal-winter.pdf
    • http://www.gorillawalker.com/textbook-of-neurointensive-care.pdf
    • http://www.gorillawalker.com/engineering-supersonic-aerodynamics.pdf
    • http://www.gorillawalker.com/easy-go.pdf
    • http://www.gorillawalker.com/instalment-credit.pdf
    • http://www.gorillawalker.com/dynamic-kerr-effect-the-use-and-limits-of-the-smoluchowski.pdf
    • http://www.gorillawalker.com/diez-mil-millones-argumentos-spanish-edition.pdf
    • http://www.gorillawalker.com/jeux-d-eau-a-score-for-solo-piano-1901.pdf
    • http://www.gorillawalker.com/five-symphonies-for-piano-four-hands-nos-35-36-38.pdf
    • http://www.gorillawalker.com/the-malacca-conspiracy.pdf
    • http://www.gorillawalker.com/death-poetry-death-be-not-proud-pure-poetry.pdf
    • http://www.gorillawalker.com/creative-visualization-korean-text.pdf
    • http://www.gorillawalker.com/the-creeps-a-samuel-johnson-tale-kindle-edition.pdf
    • http://www.gorillawalker.com/metal-roofing-book-1-metal-roofing-instruction-manuals-volume-1.pdf
    • http://www.gorillawalker.com/the-science-of-supervillains-kindle-edition.pdf
    • http://www.gorillawalker.com/shingles-update-common-questions-in-caring-for-a-patient-with.pdf
    • http://www.gorillawalker.com/diane-phalen-quilts-from-a-painter-s-art-calendar.pdf
    • http://www.gorillawalker.com/basic-nutrition-and-diet-therapy-third-edition.pdf
    • http://www.gorillawalker.com/less-accomplishing-more-by-doing-less.pdf
    • http://www.gorillawalker.com/the-invertebrates-function-and-form-a-laboratory-guide-first-edition.pdf
    • http://www.gorillawalker.com/mcbroom-s-ghost-adventures-of-mcbroom.pdf
    • http://www.gorillawalker.com/whales-of-the-arctic-brrr-polar-animals.pdf
    • http://www.gorillawalker.com/lahore-with-love-growing-up-with-girlfriends-pakistani-style.pdf
    • http://www.gorillawalker.com/mac-n-cheese-to-the-rescue-101-easy-ways-to.pdf
    • http://www.gorillawalker.com/the-mantra-book-chant-your-way-to-health-wealth-and.pdf
    • http://www.gorillawalker.com/satyr-s-passion-kindle-edition.pdf
    • http://www.gorillawalker.com/billiards-in-easy-stages.pdf
    • http://www.gorillawalker.com/dr-wang-s-pmp-exam-2.pdf
    • http://www.gorillawalker.com/science-and-social-science-in-bram-stoker-s-fiction.pdf
    • http://www.gorillawalker.com/ebene-fl-chentragwerke-grundlagen-der-modellierung-und-berechnung-von-scheiben.pdf
    • http://www.gorillawalker.com/cardiovascular-phase-ii-course-syllabus-1980-81.pdf
    • http://www.gorillawalker.com/daily-pose-1007.pdf
    • http://www.gorillawalker.com/tourist-in-copenhagen-and-environs.pdf
    • http://www.gorillawalker.com/password-log-book-internet-password-organizer.pdf
    • http://www.gorillawalker.com/la-serva-padrona-intermzzo-primo-aria-stizzoso-mio-stizzoso-soprano.pdf
    • http://www.gorillawalker.com/java-official-guide-to-java-apa-photo-guides.pdf
    • http://www.gorillawalker.com/user-s-guide-to-glucosamine-and-chondroitin-don-t-be.pdf
    • http://www.gorillawalker.com/anarchism-and-the-advent-of-paris-dada-art-and-criticism.pdf
    • http://www.gorillawalker.com/el-poder-del-inconsciente-accede-a-la-inspiracion-la-creatividad.pdf
    • http://www.gorillawalker.com/janowski-indian-defense-a-chess-works-publication.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.