Malicious PDF — malware analysis report

Static analysis result for SHA-256 8216b797c8684b26…

MALICIOUS

PDF

45.0 KB Created: 2019-03-18 08:33:47 +03:00 Authoring application: PDFCreator Version 0.8.0 (via AFPL Ghostscript 8.14)
MD5: d8f0bdfad9e339e0668b952923c858bc SHA-1: 880ad2e9e902b73d13a742f15712a9ae57997622 SHA-256: 8216b797c8684b2682f58a38698235ab6b50b7525cd8e597fcd1f880db7ab852
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded URLs pointing to external PDF files, a technique often used for SEO manipulation or to distribute malicious content. The ML classifier also flagged this PDF as malicious. The primary attack pattern observed is the creation of a link farm, likely to drive traffic or distribute further payloads.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8439

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/baby-blues-2010-day-to-day-calendar.pdf
    • http://www.gorillawalker.com/harry-potter-collector-s-handbook-kindle-edition.pdf
    • http://www.gorillawalker.com/fodor-s-california-2002-the-guide-for-all-budgets-updated.pdf
    • http://www.gorillawalker.com/basic-attainments-programme-pb-special-education.pdf
    • http://www.gorillawalker.com/informe-que-se-dio-al-excmo-sr-presidente-de-la.pdf
    • http://www.gorillawalker.com/the-calculus-of-consent-collected-works-of-james-m-buchanan.pdf
    • http://www.gorillawalker.com/the-fame-equation-a-cat-enright-equestrian-mystery.pdf
    • http://www.gorillawalker.com/formation-of-conscience-br-a-moral-theological-problem-a-study.pdf
    • http://www.gorillawalker.com/le-secret-des-huiles-essentielles-french-edition.pdf
    • http://www.gorillawalker.com/aliens-rogue.pdf
    • http://www.gorillawalker.com/personal-shorthand-for-the-journalist.pdf
    • http://www.gorillawalker.com/heroes-of-telemark.pdf
    • http://www.gorillawalker.com/ah-mi-diosa-21-oh-my-goddess-21-cofre-de.pdf
    • http://www.gorillawalker.com/art-collecting-requires-more-than-cash-rms-told-alternative-risk.pdf
    • http://www.gorillawalker.com/supporting-children-with-autism-in-mainstream-schools.pdf
    • http://www.gorillawalker.com/winterdance-fine-madness-of-running-the-iditarod-1995-publication.pdf
    • http://www.gorillawalker.com/each-moment-is-the-universe-zen-and-the-way-of.pdf
    • http://www.gorillawalker.com/power-and-wisdom-the-new-path-for-women.pdf
    • http://www.gorillawalker.com/body-intelligence-harness-your-body-s-energies-for-your-best.pdf
    • http://www.gorillawalker.com/losing-to-win-the-1996-elections-and-american-politics-studies.pdf
    • http://www.gorillawalker.com/papi-largo-recorrido-spanish-edition.pdf
    • http://www.gorillawalker.com/renegade-dreams-living-through-injury-in-gangland-chicago.pdf
    • http://www.gorillawalker.com/freedom-from-pain-the-breakthrough-method-of-pain-relief-based.pdf
    • http://www.gorillawalker.com/miles-from-tomorrowland-mighty-merc.pdf
    • http://www.gorillawalker.com/techniques-in-countersurveillance-the-fine-art-of-bug-extermination-in.pdf
    • http://www.gorillawalker.com/algebra-ii-set-eureka-math.pdf
    • http://www.gorillawalker.com/requiem-vocal-score.pdf
    • http://www.gorillawalker.com/at-the-forks-of-the-delaware-1794-1811-chronicles-of.pdf
    • http://www.gorillawalker.com/oy-joy.pdf
    • http://www.gorillawalker.com/study-guide-for-steinberg-s-development-infancy-through-adolescence.pdf
    • http://www.gorillawalker.com/interventions-for-amphetamine-misuse-addiction-press.pdf
    • http://www.gorillawalker.com/wishes-lies-and-dreams.pdf
    • http://www.gorillawalker.com/the-contemporary-torah-a-gender-sensitive-adaptation-of-the-jps.pdf
    • http://www.gorillawalker.com/american-folk-rhapsody.pdf
    • http://www.gorillawalker.com/prayers-that-cite-scripture-biblical-quotation-in-jewish-prayers-from.pdf
    • http://www.gorillawalker.com/teaching-gifted-kids-in-the-regular-classroom-strategies-and-techniques.pdf
    • http://www.gorillawalker.com/horace-walpole-s-library.pdf
    • http://www.gorillawalker.com/catalogue-of-the-fossil-mammalia-in-the-british-museum-part.pdf
    • http://www.gorillawalker.com/the-threshold-grace-meditations-in-the-psalms.pdf
    • http://www.gorillawalker.com/pottery-in-archaeology-cambridge-manuals-in-archaeology.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.