Malicious PDF — malware analysis report

Static analysis result for SHA-256 81412f581b3d1041…

MALICIOUS

PDF

46.1 KB Created: 2018-11-30 20:49:35 +03:00 Authoring application: AdobePS5.dll Version 5.0.1 (via Acrobat Distiller 4.0 for Windows)
MD5: d38d60daf4bd37772ddd99f15781fb69 SHA-1: 9007c46f0f053ad8a701aa00788d73a1fa8d4d64 SHA-256: 81412f581b3d10418675f534a52f4ef35c3f1fbb4ef5d76667a6b5ce49e5c2bf
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of external links, identified by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged the document as malicious. The embedded URLs point to a variety of topics, suggesting a broad lure strategy. The primary attack pattern appears to be directing users to a link farm, likely for SEO manipulation or to distribute further malicious content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8634

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/drug-testing-at-issue.pdf
    • http://www.gorillawalker.com/the-experience-of-eternity.pdf
    • http://www.gorillawalker.com/at-home-with-madame-chic-becoming-a-connoisseur-of-daily.pdf
    • http://www.gorillawalker.com/wordpress-websites-step-by-step-the-complete-beginner-s-guide.pdf
    • http://www.gorillawalker.com/millionaire-forex-trading-escape-9-5-live-anywhere-and-join.pdf
    • http://www.gorillawalker.com/lean-production-48-success-secrets-48-most-asked-questions-on.pdf
    • http://www.gorillawalker.com/the-4-chord-ukulele-songbook-strum-sing-series.pdf
    • http://www.gorillawalker.com/fodor-s-prague-with-the-best-of-the-czech-republic.pdf
    • http://www.gorillawalker.com/writing-device-drivers-for-sco-unix-a-practical-approach.pdf
    • http://www.gorillawalker.com/vacation-bible-school-vbs-2015-shining-star-teen-student-handbook.pdf
    • http://www.gorillawalker.com/reading-and-writing-in-science-tools-to-develop-disciplinary-literacy.pdf
    • http://www.gorillawalker.com/how-to-prepare-for-the-nursing-school-entrance-exam-barron.pdf
    • http://www.gorillawalker.com/international-security-politics-policy-prospects.pdf
    • http://www.gorillawalker.com/daily-devotional-a-return-to-the-hebrew-roots-of-the.pdf
    • http://www.gorillawalker.com/uncovered-my-half-century-with-the-cia.pdf
    • http://www.gorillawalker.com/chikunousyou-hanano-syujyutu-nikki-japanese-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/supplemente-enthaltend-quellen-zu-h-ndel-s-werken-volume-1.pdf
    • http://www.gorillawalker.com/lebanese-cinema-imagining-the-civil-war-and-beyond-tauris-world.pdf
    • http://www.gorillawalker.com/introduction-to-health-care-delivery-book-a-primer-for-pharmacists.pdf
    • http://www.gorillawalker.com/more-than-a-cowboy-reckless-arizona.pdf
    • http://www.gorillawalker.com/high-stakes-no-prisoners-a-winner-s-tale-of-greed.pdf
    • http://www.gorillawalker.com/snakes-of-the-trans-pecos-a-guide-to-common-notable.pdf
    • http://www.gorillawalker.com/positive-youth-development-through-sport-routledge-studies-in-physical-education.pdf
    • http://www.gorillawalker.com/change-management-process-for-information-technology.pdf
    • http://www.gorillawalker.com/the-green-fire-burning-kindle-edition.pdf
    • http://www.gorillawalker.com/el-rockero-y-la-modelo-que-llegaron-v-rgenes-al.pdf
    • http://www.gorillawalker.com/a-season-for-tending-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/reflections-of-me-girls-and-body-image-what-s-the.pdf
    • http://www.gorillawalker.com/a-baker-s-dozen-13-tales-of-murder-and-more.pdf
    • http://www.gorillawalker.com/the-dead-sea-scrolls-and-the-christian-myth.pdf
    • http://www.gorillawalker.com/muslim-saints-of-south-asia-the-eleventh-to-fifteenth-centuries.pdf
    • http://www.gorillawalker.com/glossary-stage-relationship-that-will-help-in-the-field-term.pdf
    • http://www.gorillawalker.com/art-in-the-white-house-a-nation-s-pride.pdf
    • http://www.gorillawalker.com/troop-leader-the-tank-commander-s-story.pdf
    • http://www.gorillawalker.com/putting-a-name-to-it-diagnosis-in-contemporary-society.pdf
    • http://www.gorillawalker.com/imagine-big-unlock-the-secret-to-living-out-your-dreams.pdf
    • http://www.gorillawalker.com/the-anti-pelagian-imagination-in-political-theory-and-international-relations.pdf
    • http://www.gorillawalker.com/a-guide-to-trance-land-a-practical-handbook-of-ericksonian.pdf
    • http://www.gorillawalker.com/essentials-of-transdisciplinary-research-using-problem-centered-methodologies-qualitative-essentials.pdf
    • http://www.gorillawalker.com/confessions-of-a-d-list-supervillain.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.