Malicious PDF — malware analysis report

Static analysis result for SHA-256 85f2e205691054cc…

MALICIOUS

PDF

40.3 KB Created: 2018-11-30 20:34:28 +03:00 Authoring application: Adobe Acrobat 8.3 Combine Files (via Adobe Acrobat 8.31 Paper Capture Plug-in)
MD5: f60678e9a7df22837d33b5c49560fe21 SHA-1: 913292a10db84534ae748e88bd3cfa0753296e15 SHA-256: 85f2e205691054cc0fc88f9f1f19502c83c1d895ef89e20533e9d61d0aed62bd
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious File

The PDF file was flagged by a machine learning classifier as malicious. It contains a large number of embedded URLs pointing to other PDF documents hosted on the same domain, indicating a potential link farm or a distribution mechanism for further malicious content. The heuristic 'PDF_SEO_LINK_FARM' specifically calls out this behavior, suggesting a non-standard use of PDF documents for SEO manipulation or as a lure.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9002

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-book-of-job-and-the-immanent-genesis-of-transcendence.pdf
    • http://www.gorillawalker.com/seven-levels-of-intimacy.pdf
    • http://www.gorillawalker.com/pediatric-respiratory-disease-clinical-practice-guidelines-chinese-edition.pdf
    • http://www.gorillawalker.com/the-executive-protection-professional-s-manual.pdf
    • http://www.gorillawalker.com/assessing-mathematical-proficiency-mathematical-sciences-research-institute-publications.pdf
    • http://www.gorillawalker.com/hematology-national-veterinary-medical-series-for-independent-study.pdf
    • http://www.gorillawalker.com/morocco.pdf
    • http://www.gorillawalker.com/the-bosses.pdf
    • http://www.gorillawalker.com/magic-words-a-dictionary.pdf
    • http://www.gorillawalker.com/by-deborah-phillips-longman-complete-course-for-the-toefl-test.pdf
    • http://www.gorillawalker.com/the-taker-and-the-keeper-red-monocle-book-1-kindle.pdf
    • http://www.gorillawalker.com/reaction-kinetics-and-reactor-design-second-edition-chemical-industries-kindle.pdf
    • http://www.gorillawalker.com/a-boy-s-guide-to-discovering-his-bible.pdf
    • http://www.gorillawalker.com/prayer-and-prophecy-the-essential-kenneth-leech.pdf
    • http://www.gorillawalker.com/texts-from-jane-eyre-and-other-conversations-with-your-favorite.pdf
    • http://www.gorillawalker.com/hildegard-of-bingen-an-anthology.pdf
    • http://www.gorillawalker.com/valiant-zeroes-origins-volume-1-tp.pdf
    • http://www.gorillawalker.com/five-great-innovators-of-photography-eadweard-muybridge-daido-moriyama-eugene.pdf
    • http://www.gorillawalker.com/un-ballo-maschera-vo-sc-paper.pdf
    • http://www.gorillawalker.com/la-familia-es-primero-la-estrategia-ganadora-para-crear-una.pdf
    • http://www.gorillawalker.com/cellar-full-of-cole-a-cole-sage-mystery-2.pdf
    • http://www.gorillawalker.com/the-fourth-genre-contemporary-writers-of-on-creative-nonfiction-4th.pdf
    • http://www.gorillawalker.com/michelin-in-your-pocket-amsterdam-1e.pdf
    • http://www.gorillawalker.com/civil-war-naval-chronology-1861-1865.pdf
    • http://www.gorillawalker.com/order-in-the-court-a-mock-trial-simulation-an-interactive.pdf
    • http://www.gorillawalker.com/finlande-pays-des-mille-lacs-un-voyage-photographique-en-finlande.pdf
    • http://www.gorillawalker.com/density-functional-theory-an-advanced-course-theoretical-and-mathematical-physics.pdf
    • http://www.gorillawalker.com/the-making-of-modern-immigration-2-volumes-an-encyclopedia-of.pdf
    • http://www.gorillawalker.com/the-mode-of-information-poststructuralism-and-social-context.pdf
    • http://www.gorillawalker.com/microwave-properties-of-graphene-focus-series.pdf
    • http://www.gorillawalker.com/michelin-the-green-guide-spain-balearic-and-canary-islands.pdf
    • http://www.gorillawalker.com/card-tricks-and-card-playing-the-complete-guide-to-games.pdf
    • http://www.gorillawalker.com/density-matrix-theory-and-applications-physics-of-atoms-and-molecules.pdf
    • http://www.gorillawalker.com/performance-benchmarking-management-for-professionals.pdf
    • http://www.gorillawalker.com/disney-mickey-mouse-2012-desk-pad-calendar.pdf
    • http://www.gorillawalker.com/butterfly-kisses-gifts-of-wisdom-and-laughter-from-our-children.pdf
    • http://www.gorillawalker.com/inorganic-chemistry-with-the-elements-of-physical-and-theoretical-chemistry.pdf
    • http://www.gorillawalker.com/how-personal-internet-security-works.pdf
    • http://www.gorillawalker.com/dries-van-noten-shape-print-and-fabric-the-cutting-edge.pdf
    • http://www.gorillawalker.com/yuvi-s-candy-tree-kindle-edition.pdf
    • http://www.gorillawalker.com/magic-words-a-dictionary
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.