Malicious PDF — malware analysis report

Static analysis result for SHA-256 5da919e1c875c44b…

MALICIOUS

PDF

42.2 KB Created: 2018-12-15 20:02:31 +03:00 Authoring application: Adobe Acrobat Pro 11.0.18 (via Adobe PDF Library 11.0)
MD5: 17499175f93608130c0943081f5c0212 SHA-1: e9c0cc0f8571164c26a40f25b8951bf9febd3284 SHA-256: 5da919e1c875c44bab8b7c8c5a9b278be5be19caeb4e852488812eb9d640382b
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded links to external PDF files, indicating a link farm or redirection strategy. The ML classifier also flagged this PDF as malicious. The primary purpose appears to be directing users to a website hosting numerous documents, likely as a form of SEO manipulation or to distribute further malicious content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9027

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/genealogy-of-the-shumway-family-in-the-united-states-of.pdf
    • http://www.gorillawalker.com/brigid-s-cloak-an-ancient-irish-story.pdf
    • http://www.gorillawalker.com/adolescence-and-body-image-from-development-to-prevention-adolescence-and.pdf
    • http://www.gorillawalker.com/unleashed-the-deepest-fears-lie-within-secrets-of-the-makai.pdf
    • http://www.gorillawalker.com/the-voices-of-the-saints-a-year-of-readings.pdf
    • http://www.gorillawalker.com/sins-of-the-soul.pdf
    • http://www.gorillawalker.com/design-tech.pdf
    • http://www.gorillawalker.com/culturing-nerve-cells-second-edition-cellular-and-molecular-neuroscience.pdf
    • http://www.gorillawalker.com/a-comprehensive-textbook-of-obstetrics-and-gynecology.pdf
    • http://www.gorillawalker.com/masteringengineering-without-pearson-etext-standalone-access-card-for-engineering-mechanics.pdf
    • http://www.gorillawalker.com/natural-pet-cures-dog-cat-care-the-natural-way.pdf
    • http://www.gorillawalker.com/recorder-book-of-medieval-and-renaissance-music-by-zeidler-franz.pdf
    • http://www.gorillawalker.com/growth-hacker-marketing-a-primer-on-the-future-of-pr.pdf
    • http://www.gorillawalker.com/songwriters-with-a-touch-of-gold-paperback.pdf
    • http://www.gorillawalker.com/lonely-planet-nicaragua-travel-guide-kindle-edition.pdf
    • http://www.gorillawalker.com/yesodot-halashon-part-2-hebrew-edition.pdf
    • http://www.gorillawalker.com/swastika-nation-fritz-kuhn-and-the-rise-and-fall-of.pdf
    • http://www.gorillawalker.com/wedged-elephant.pdf
    • http://www.gorillawalker.com/symphony-no-2-parts-for-full-orchestra.pdf
    • http://www.gorillawalker.com/firestone-rings-the-two-moons-of-rehnor-book-4-kindle.pdf
    • http://www.gorillawalker.com/easy-guide-to-five-card-majors.pdf
    • http://www.gorillawalker.com/the-macmillan-visual-dictionary-english-spanish-french-german-multilingual.pdf
    • http://www.gorillawalker.com/writing-with-style-apa-style-for-social-work-social-work.pdf
    • http://www.gorillawalker.com/william-billings-of-boston-eighteenth-century-composer.pdf
    • http://www.gorillawalker.com/the-norton-scores-an-anthology-for-listening-volume-2-schubert.pdf
    • http://www.gorillawalker.com/bipolar-an-unorthodox-common-sense-explanation.pdf
    • http://www.gorillawalker.com/powers-of-horror-an-essay-on-abjection-european-perspectives-series.pdf
    • http://www.gorillawalker.com/parable-for-solo-trombone.pdf
    • http://www.gorillawalker.com/hitler-s-berlin-a-third-reich-tourist-guide.pdf
    • http://www.gorillawalker.com/apple-pro-training-series-final-cut-server-1-5.pdf
    • http://www.gorillawalker.com/managerial-accounting-an-introduction-to-concepts-methods-and-uses-9th.pdf
    • http://www.gorillawalker.com/holland-south-amsterdam-to-rotterdam-1-50-000-cycling-map.pdf
    • http://www.gorillawalker.com/euthanasia-and-other-aspects-of-life-and-death-by-harry.pdf
    • http://www.gorillawalker.com/fun-things-to-make-and-do-farmers-market-let-s.pdf
    • http://www.gorillawalker.com/god-s-love-letters-overcoming-adversity.pdf
    • http://www.gorillawalker.com/arcanum-imperii-a-script-for-cthulhu-live-3rd-edition.pdf
    • http://www.gorillawalker.com/notes-of-a-war-correspondent.pdf
    • http://www.gorillawalker.com/the-aftermath-the-joneses-2-kindle-edition.pdf
    • http://www.gorillawalker.com/the-early-coptic-papacy-the-egyptian-church-and-its-leadership.pdf
    • http://www.gorillawalker.com/a-little-giant-book-card-tricks-little-giant-books.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.