Malicious PDF — malware analysis report

Static analysis result for SHA-256 70f612cda14ef4a9…

MALICIOUS

PDF

43.2 KB Created: 2019-03-17 12:30:43 +03:00 Authoring application: PScript5.dll Version 5.2.2 (via Acrobat Distiller 10.1.2 (Windows))
MD5: 43306a0ac80c2ed3ff3def2382adfc14 SHA-1: a5ad19ef92b06b6dcbcf79fcf607d459830a1f67 SHA-256: 70f612cda14ef4a9a0f430a867563c898b8aa8870cb04b8eb339656b743aaa3e
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged the document as malicious. The primary purpose appears to be directing users to a domain that hosts numerous documents, potentially for SEO spam or to distribute further malicious content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9171

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/chinese-traditional-health-care-law-paperback-traditional-chinese-edition.pdf
    • http://www.gorillawalker.com/the-jefferson-bible-the-life-and-morals-of-jesus-of.pdf
    • http://www.gorillawalker.com/ajax-the-complete-reference-kindle-edition.pdf
    • http://www.gorillawalker.com/animal-rights-human-morality3th-third-edition-text-only.pdf
    • http://www.gorillawalker.com/the-bond-king-investment-secrets-from-pimco-s-bill-gross.pdf
    • http://www.gorillawalker.com/proverbs-a-commentary-for-bible-students-wesleyan-bible-study-commentary.pdf
    • http://www.gorillawalker.com/bedside-clinical-pharmacokinetics-simple-techniques-for-individualizing-drug-therapy.pdf
    • http://www.gorillawalker.com/ophthalmology-expert-consult-premium-edition-enhanced-online-features-and-print.pdf
    • http://www.gorillawalker.com/i-ate-the-cosmos-for-breakfast.pdf
    • http://www.gorillawalker.com/kathryn-m-ireland-timeless-interiors.pdf
    • http://www.gorillawalker.com/the-genetics-of-circadian-rhythms-volume-74-advances-in-genetics.pdf
    • http://www.gorillawalker.com/multichannel-marketing-ecosystems-creating-connected-customer-experiences-paperback.pdf
    • http://www.gorillawalker.com/biaxial-multiaxial-fatigue-and-fracture-volume-31-european-structural-integrity.pdf
    • http://www.gorillawalker.com/what-s-the-story-essays-about-art-theater-and-storytelling.pdf
    • http://www.gorillawalker.com/law-mental-health-professionals-new-mexico.pdf
    • http://www.gorillawalker.com/generation-the-imitation-series-book-3-kindle-edition.pdf
    • http://www.gorillawalker.com/jesus-of-nazareth-the-infancy-narratives.pdf
    • http://www.gorillawalker.com/fate-s-crossing-the-black-blood-legacies-volume-1.pdf
    • http://www.gorillawalker.com/anarchism-and-its-aspirations-anarchist-interventions.pdf
    • http://www.gorillawalker.com/points-of-view.pdf
    • http://www.gorillawalker.com/managing-innovation-integrating-technological-market-and-organizational-change-4th-fourth.pdf
    • http://www.gorillawalker.com/reporting-in-tfs.pdf
    • http://www.gorillawalker.com/this-should-not-be-happening-young-adults-with-cancer-kindle.pdf
    • http://www.gorillawalker.com/horror-literature-a-reader-s-guide-garland-reference-library-of.pdf
    • http://www.gorillawalker.com/the-aeneid-2nd-edition-york-notes-advanced.pdf
    • http://www.gorillawalker.com/brojobs.pdf
    • http://www.gorillawalker.com/essential-technique-intermediate-to-advanced-studies-bb-tenor-saxophone-essential.pdf
    • http://www.gorillawalker.com/letterhead-and-logo-design-12.pdf
    • http://www.gorillawalker.com/redirect-changing-the-stories-we-live-by.pdf
    • http://www.gorillawalker.com/deltora-quest-1.pdf
    • http://www.gorillawalker.com/sacred-traces-british-explorations-of-buddhism-in-south-asia-histories.pdf
    • http://www.gorillawalker.com/quotable-sex.pdf
    • http://www.gorillawalker.com/the-angels-portion-a-clergyman-s-whisky-narrative.pdf
    • http://www.gorillawalker.com/breaking-free-masters-of-the-shadowlands-volume-3.pdf
    • http://www.gorillawalker.com/stillwell-a-haunting-on-long-island.pdf
    • http://www.gorillawalker.com/501-essential-backgammon-problems-of-robertie-bill-2nd-second-revised.pdf
    • http://www.gorillawalker.com/the-heart-of-the-buddha-s-teaching-transforming-suffering-into.pdf
    • http://www.gorillawalker.com/cataract-detection-measurement-and-management-in-optometric-practice-1e.pdf
    • http://www.gorillawalker.com/essays-on-the-nature-and-state-of-modern-economics-economics.pdf
    • http://www.gorillawalker.com/recasting-women-essays-in-indian-colonial-history.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.