Malicious PDF — malware analysis report

Static analysis result for SHA-256 581ca1f6607e041d…

MALICIOUS

PDF

42.2 KB Created: 2018-12-14 20:01:09 +03:00 Authoring application: - (via Acrobat Distiller 7.0.5 (Windows))
MD5: 19b5451e843d2cd2bcd22c9053fbf6f3 SHA-1: 24f13cc08226e4df2e144a585a06ebd2cac77745 SHA-256: 581ca1f6607e041d8ea2b774d9195a0d1c8994e20bcd1d69f0a6a8dba8b7d5e7
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged this document as malicious. The primary attack pattern appears to be a link farm designed to drive traffic to external content, likely for SEO manipulation or to host malicious payloads. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/power-electronics.pdf
    • http://www.gorillawalker.com/shirley-muldowney-s-tales-from-the-track.pdf
    • http://www.gorillawalker.com/no-cook-paleo-dessert-and-smoothie-cookbook-ultimate-caveman-cookbook.pdf
    • http://www.gorillawalker.com/snatch-the-shooting-script-newmarket-shooting-script.pdf
    • http://www.gorillawalker.com/toltecas-del-nuevo-milenio-spanish-edition.pdf
    • http://www.gorillawalker.com/a-voyage-into-nevv-england-begun-in-1623-and-ended.pdf
    • http://www.gorillawalker.com/ab-hof-direct-from-the-farm-a-culinary-journey-to.pdf
    • http://www.gorillawalker.com/stedman-s-pocket-medical-abbreviations.pdf
    • http://www.gorillawalker.com/nigeria-and-the-crisis-of-the-nation-state-agenda-for.pdf
    • http://www.gorillawalker.com/the-next-killing.pdf
    • http://www.gorillawalker.com/crisis-of-catholic-authority-faith-and-power-in-the-diocese.pdf
    • http://www.gorillawalker.com/the-visitor-s-guide-to-norway.pdf
    • http://www.gorillawalker.com/banff-and-lake-louise-history-explorer-an-altitude-superguide-culture.pdf
    • http://www.gorillawalker.com/afoot-and-afield-in-los-angeles-country.pdf
    • http://www.gorillawalker.com/black-forest.pdf
    • http://www.gorillawalker.com/rescuing-our-roots-the-african-anglo-caribbean-diaspora-in-contemporary.pdf
    • http://www.gorillawalker.com/the-immobile-empire.pdf
    • http://www.gorillawalker.com/one-bugle-no-drums-the-marines-at-chosin-reservoir-1.pdf
    • http://www.gorillawalker.com/the-pastor-s-ex-s-series-one.pdf
    • http://www.gorillawalker.com/neurologic-interventions-for-physical-therapy-2e.pdf
    • http://www.gorillawalker.com/sadopaideia-kindle-edition.pdf
    • http://www.gorillawalker.com/gold-usage.pdf
    • http://www.gorillawalker.com/bach-again-for-guitar-guitar-solo-guitar-book.pdf
    • http://www.gorillawalker.com/the-new-articulate-executive-look-act-and-sound-like-a.pdf
    • http://www.gorillawalker.com/social-literacy-citizenship-education-and-the-national-curriculum.pdf
    • http://www.gorillawalker.com/life-on-earth-and-beyond-an-astrobiologist-s-quest.pdf
    • http://www.gorillawalker.com/new-staff-abby-s-camp-days-volume-5.pdf
    • http://www.gorillawalker.com/ethics-and-epics-volume-ii-the-collected-essays-of-bimal.pdf
    • http://www.gorillawalker.com/heroes-or-zeros-the-media-s-perceptions-of-paralympic-sport.pdf
    • http://www.gorillawalker.com/a-handbook-for-correctional-psychologists-guidance-for-the-prison-practitioner.pdf
    • http://www.gorillawalker.com/beginning-racquetball-book-instructor-s-manual.pdf
    • http://www.gorillawalker.com/residential-mortgage-loan-origination-made-easy.pdf
    • http://www.gorillawalker.com/burnsville-lake-safety-book-the-essential-lake-safety-guide-for.pdf
    • http://www.gorillawalker.com/ebay-to-the-max-be-a-trading-post-owner-trading.pdf
    • http://www.gorillawalker.com/mother-lode-the-ultimate-collection-of-ideas-for-keeping-kids.pdf
    • http://www.gorillawalker.com/meteorology-today-8th-edition.pdf
    • http://www.gorillawalker.com/presidential-government-the-crucible-of-leadership.pdf
    • http://www.gorillawalker.com/studyguide-for-neuroanatomy-an-atlas-of-structures-sections-and-systems.pdf
    • http://www.gorillawalker.com/conversational-medical-spanish.pdf
    • http://www.gorillawalker.com/tithing-hodder-christian-paperbacks.pdf
    • http://www.gorillawalker.com/a-voyage-into-nevv-england-begun-in-1623-and-en
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.