Malicious PDF — malware analysis report

Static analysis result for SHA-256 553e119aeda8770f…

MALICIOUS

PDF

42.3 KB Created: 2019-03-17 01:36:47 +03:00 Authoring application: - (via iText 2.1.0 (by lowagie.com))
MD5: 6d39553fa26fd80eb5a9387be72cfbb3 SHA-1: 9cdc1ac2e39d1c84a989259c7243961b82048570 SHA-256: 553e119aeda8770f0139d6fceb446dc2edd6b1de59849c1de47e8a9b13b5b998
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF was flagged by a machine learning classifier and contains a large number of external links, indicative of a link farm or SEO manipulation tactic. While no scripts were extracted, the sheer volume of links suggests a potential for distributing malicious content or driving traffic to compromised sites. The attack pattern is likely related to SEO poisoning or a phishing lure disguised as legitimate content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/phraseguide-portuguese-thomas-cook-phraseguides.pdf
    • http://www.gorillawalker.com/taken-a-lament-for-a-lost-ethnicity.pdf
    • http://www.gorillawalker.com/islamophobia.pdf
    • http://www.gorillawalker.com/3-29-2015-famous-stocks-buy-sell-hold-ratings-buy.pdf
    • http://www.gorillawalker.com/how-to-run-a-zero-defects-program-kindle-edition.pdf
    • http://www.gorillawalker.com/electr-nica-b-sica-parte-5-spanish-edition.pdf
    • http://www.gorillawalker.com/erotica-sunset-in-georgia-triple-heat-short-story-mmf-bisexual.pdf
    • http://www.gorillawalker.com/text-cases-and-materials-on-sex-based-discrimination-2nd-ed.pdf
    • http://www.gorillawalker.com/regulating-the-closed-corporation-european-company-and-financial-law-review.pdf
    • http://www.gorillawalker.com/the-oxford-dictionary-of-the-jewish-religion.pdf
    • http://www.gorillawalker.com/pocket-guide-to-herbal-medicine.pdf
    • http://www.gorillawalker.com/secret-identity-kindle-edition.pdf
    • http://www.gorillawalker.com/midland-red-style.pdf
    • http://www.gorillawalker.com/lyric-concerto-for-flute-orch-piano-reduction.pdf
    • http://www.gorillawalker.com/discover-the-buddha-53-meditations-to-meet-the-buddha-within.pdf
    • http://www.gorillawalker.com/the-free-world-a-novel.pdf
    • http://www.gorillawalker.com/understanding-julio-cort-zar-understanding-modern-european-and-latin-american.pdf
    • http://www.gorillawalker.com/incidences-de-l-accord-sur-les-adpic-sur-les-traites.pdf
    • http://www.gorillawalker.com/throwing-the-elephant-zen-and-the-art-of-managing-up.pdf
    • http://www.gorillawalker.com/memoirs-of-the-american-academy-in-rome-cosa-iv-the.pdf
    • http://www.gorillawalker.com/plunkett-s-food-industry-almanac-2007-food-industries-market-research.pdf
    • http://www.gorillawalker.com/dirge-for-an-imaginary-world-poems.pdf
    • http://www.gorillawalker.com/by-american-heart-association-bls-for-healthcare-providers-student-manual.pdf
    • http://www.gorillawalker.com/something-special-for-me-turtleback-school-library-binding-edition.pdf
    • http://www.gorillawalker.com/allergies-and-asthma-what-every-parent-needs-to-know.pdf
    • http://www.gorillawalker.com/the-pocket-watch-handbook.pdf
    • http://www.gorillawalker.com/the-evolution-of-organ-systems.pdf
    • http://www.gorillawalker.com/culture-and-leadership-across-the-world-the-globe-book-of.pdf
    • http://www.gorillawalker.com/the-dynamics-of-disability-and-social-inclusion.pdf
    • http://www.gorillawalker.com/the-entertainer-and-the-dybbuk-library.pdf
    • http://www.gorillawalker.com/breaking-the-chains-of-mental-slavery.pdf
    • http://www.gorillawalker.com/doing-business-with-serbia-global-market-briefings.pdf
    • http://www.gorillawalker.com/cantos-de-vampiros-spanish-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/future-lovers-vol-2.pdf
    • http://www.gorillawalker.com/crucifying-a-color-understanding-the-nature-of-our-blackness.pdf
    • http://www.gorillawalker.com/the-monks-of-war-the-military-religious-orders-arkana.pdf
    • http://www.gorillawalker.com/frozen-choral-highlights-series-disney-choral-2-part.pdf
    • http://www.gorillawalker.com/2-000-sure-fire-jokes-for-speakers.pdf
    • http://www.gorillawalker.com/besch-digte-identit-t-dynamiken-des-sexuellen-risikoverhaltens-schwuler-und.pdf
    • http://www.gorillawalker.com/multicultural-counseling-and-psychotherapy-a-lifespan-perspective-4th-edition.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.