Malicious PDF — malware analysis report

Static analysis result for SHA-256 86e63a06bf0f5103…

MALICIOUS

PDF

43.8 KB Created: 2018-11-26 20:06:43 +03:00 Authoring application: AH Formatter V5.3 MR1 for Windows (via Acrobat Distiller 8.1.0 (Windows))
MD5: f377374fbcb263b1c0165ad1cb37ed8d SHA-1: 80887fc9e3864679eddfe568ece67c84127652e3 SHA-256: 86e63a06bf0f5103e9a2d41264c0ff6fa5719633b57cf96f9bdb3da6b598ef21
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged the document as malicious. The primary attack pattern appears to be a link farm designed to manipulate search engine results or distribute malicious content through a large number of seemingly legitimate but externally linked PDFs.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8224

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/vacations-from-hell.pdf
    • http://www.gorillawalker.com/terry-fox-canadian-biographies.pdf
    • http://www.gorillawalker.com/teuflisches-begehren-eves-dritter-fall-german-edition.pdf
    • http://www.gorillawalker.com/excel-university-volume-3-featuring-excel-2013-for-windows-microsoft.pdf
    • http://www.gorillawalker.com/authentic-german-home-style-recipes.pdf
    • http://www.gorillawalker.com/no-hope-why-i-left-the-gop-and-you-should.pdf
    • http://www.gorillawalker.com/thriving-in-ecuador-expat-s-guide-to-visiting-and-living.pdf
    • http://www.gorillawalker.com/insiders-guide-to-greater-richmond.pdf
    • http://www.gorillawalker.com/language-of-medicine-in-english-the-revised-edition.pdf
    • http://www.gorillawalker.com/simply-one-pot-wonders-simply-cookbooks-top-that.pdf
    • http://www.gorillawalker.com/shining-the-story-of-a-lucky-man.pdf
    • http://www.gorillawalker.com/mcdaniel-mcmahon-simmons-and-polsky-s-federal-income-taxation-6th.pdf
    • http://www.gorillawalker.com/volume-2-the-wiley-polymer-networks-group-review.pdf
    • http://www.gorillawalker.com/la-antigua-ciudad-de-quilmes-valle-calchaque-spanish-edition.pdf
    • http://www.gorillawalker.com/wings-over-delft-the-louise-trilogy.pdf
    • http://www.gorillawalker.com/compulsory-automobile-liability-insurance-act-and-regulations-associated-with-selected.pdf
    • http://www.gorillawalker.com/ethics-law-and-society.pdf
    • http://www.gorillawalker.com/sleep-apnea-syndromes-the-kroc-foundation-series-v-11.pdf
    • http://www.gorillawalker.com/the-dairy-gourmet-secret-recipes-from-tastebuds-cafe.pdf
    • http://www.gorillawalker.com/best-of-leon-russell-piano-vocal-guitar.pdf
    • http://www.gorillawalker.com/edmunds-used-cars-and-trucks-buyer-s-guide-2003-edmund.pdf
    • http://www.gorillawalker.com/kaplan-mcat-organic-chemistry-review-book-online-kaplan-test-prep.pdf
    • http://www.gorillawalker.com/army-doctrine-publication-adp-7-0-training-units-and-developing.pdf
    • http://www.gorillawalker.com/so-you-want-to-be-married-second-edition-an-alternative.pdf
    • http://www.gorillawalker.com/bahama-islands-a-boatman-s-guide-to-the-land-and.pdf
    • http://www.gorillawalker.com/research-the-student-s-guide-to-writing-research-papers-4th.pdf
    • http://www.gorillawalker.com/asset-financing.pdf
    • http://www.gorillawalker.com/from-the-hill-to-the-table-meditations.pdf
    • http://www.gorillawalker.com/the-last-hunt-the-unicorn-chronicles-book-4.pdf
    • http://www.gorillawalker.com/the-veterinarians-guide-to-natural-remedies-for-cats-safe-and.pdf
    • http://www.gorillawalker.com/thief-and-the-dogs-the.pdf
    • http://www.gorillawalker.com/encyclopedia-of-theoretical-ecology.pdf
    • http://www.gorillawalker.com/welfare-reform-and-pensions-bill-15th-sitting-tuesday-30-march.pdf
    • http://www.gorillawalker.com/german-vocabulary-quickstudy-academic.pdf
    • http://www.gorillawalker.com/conservation-agriculture-in-subsistence-farming-case-studies-from-south-asia.pdf
    • http://www.gorillawalker.com/prenuptial-investigation-1948-cua-studies-in-canon-law.pdf
    • http://www.gorillawalker.com/ftce-professional-education-test-flashcard-study-system-ftce-test-practice.pdf
    • http://www.gorillawalker.com/alpha-3.pdf
    • http://www.gorillawalker.com/the-sephardic-jews-of-spain-and-portugal-survival-of-an.pdf
    • http://www.gorillawalker.com/sod-house-days-letters-from-a-kansas-homesteader-1877-78.pdf
    • http://www.gorillawalker.com/no-hope-why-i-left-the-gop-and-you-should.p
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.