Malicious PDF — malware analysis report

Static analysis result for SHA-256 72457424bdf6b932…

MALICIOUS

PDF

41.9 KB Created: 2018-11-23 21:03:29 +03:00 Authoring application: Adobe InDesign CS2 (4.0) (via Adobe PDF Library 7.0)
MD5: 8221bc005c903e4c12862affe4dbe142 SHA-1: 1a0e36e30a4ee9c4b96fabf189ebcd6be3009e8d SHA-256: 72457424bdf6b932f03e2e32c17fe64665abec76536f8bc56779b6107adc6b04
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded external links, identified by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged the document as malicious. The primary purpose appears to be directing users to a link farm, potentially for SEO manipulation or to host further malicious content, rather than direct exploitation.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8698

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-theory-of-capitalist-development-principles-of-marxian-political-economy.pdf
    • http://www.gorillawalker.com/doggin-the-berkshires-the-33-best-places-to-hike-with.pdf
    • http://www.gorillawalker.com/kanji-cards-vol-3.pdf
    • http://www.gorillawalker.com/playing-the-trompowsky.pdf
    • http://www.gorillawalker.com/brazil-and-la-plata-the-personal-record-of-a-cruise.pdf
    • http://www.gorillawalker.com/my-hung-rich-billionaires-three-book-bwwm-bundle.pdf
    • http://www.gorillawalker.com/the-liberators-america-s-witnesses-to-the-holocaust.pdf
    • http://www.gorillawalker.com/pacific-edge-three-californias-triptych-book-3.pdf
    • http://www.gorillawalker.com/dragons-of-the-hourglass-mage-the-lost-chronicles-volume-iii.pdf
    • http://www.gorillawalker.com/animal-instincts-werewolf-gangbang.pdf
    • http://www.gorillawalker.com/confirmation-bias.pdf
    • http://www.gorillawalker.com/series-list-karin-slaughter-in-order-novels-and-books.pdf
    • http://www.gorillawalker.com/morocco-2015-reise-2200.pdf
    • http://www.gorillawalker.com/addicted-unearthly-paradox-book-2-kindle-edition.pdf
    • http://www.gorillawalker.com/this-is-not-available-049868.pdf
    • http://www.gorillawalker.com/a-to-z-guide-to-american-consumers-quick-links-to.pdf
    • http://www.gorillawalker.com/restoration-scotland-1660-1690-royalist-politics-religion-and-ideas-studies.pdf
    • http://www.gorillawalker.com/mariana.pdf
    • http://www.gorillawalker.com/the-surge-operation-enduring-unity-iii.pdf
    • http://www.gorillawalker.com/christmas-in-atlantic-canada-heatwarming-legends-tales-and-traditions-amazing.pdf
    • http://www.gorillawalker.com/gender-and-private-security-in-global-politics-oxford-studies-in.pdf
    • http://www.gorillawalker.com/the-story-of-chaldea-from-the-earliest-times-to-the.pdf
    • http://www.gorillawalker.com/the-archaeology-of-anxiety-the-russian-silver-age-and-its.pdf
    • http://www.gorillawalker.com/being-gardner-dozois.pdf
    • http://www.gorillawalker.com/promoting-health-intervention-strategies-from-social-and-behavioral-research.pdf
    • http://www.gorillawalker.com/mass-casualty-handbook-pre-hospital.pdf
    • http://www.gorillawalker.com/when-i-m-an-old-man-i-ll-wear-mixed.pdf
    • http://www.gorillawalker.com/drizzy-drake-quotes-101-hd-picquotestm-kindle-edition.pdf
    • http://www.gorillawalker.com/elinor-remick-warren-her-life-and-her-music-composers-of.pdf
    • http://www.gorillawalker.com/british-virgin-islands-offshore-tax-guide-world-strategic-and-business.pdf
    • http://www.gorillawalker.com/the-fashion-coloring-book-bargain-price-paperback.pdf
    • http://www.gorillawalker.com/the-five-temptations-of-a-ceo-a-leadership-fable.pdf
    • http://www.gorillawalker.com/rhythm-vocabulary-charts-for-effective-rhythmic-development-book-2.pdf
    • http://www.gorillawalker.com/dead-of-winter-the-arcana-chronicles-book-3-kindle-edition.pdf
    • http://www.gorillawalker.com/the-raw-files-1995.pdf
    • http://www.gorillawalker.com/the-rough-guide-to-russian-dictionary-phrasebook-2-rough-guide.pdf
    • http://www.gorillawalker.com/fracture-and-fracture-mechanics-case-studies-international-series-on-the.pdf
    • http://www.gorillawalker.com/relics-rituals-ii-lost-lore.pdf
    • http://www.gorillawalker.com/the-elements-of-argument-a-text-and-reader.pdf
    • http://www.gorillawalker.com/advances-in-mobile-mapping-technology.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.