Malicious PDF — malware analysis report

Static analysis result for SHA-256 880a9510fee04d77…

MALICIOUS

PDF

40.4 KB Created: 2018-11-30 20:33:47 +03:00 Authoring application: PScript5.dll Version 5.2.2 (via Acrobat Distiller 11.0 (Windows))
MD5: 253d2d8e43b47e1a2d1e7849b24d9602 SHA-1: 4547bf1dfcc69d027328976dcbe94c598c048925 SHA-256: 880a9510fee04d77fb03c4aa405fdd9991d0a35b071bc955ca308bdc12f176ba
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded external links, identified by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged this PDF as malicious. The primary attack pattern appears to be a link farm, potentially for SEO manipulation or to redirect users to malicious content hosted on the linked domains. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/parexel-biopharmaceutical-statistical-sourcebook-2012-2013-pharmaceutical-r-d-statistical.pdf
    • http://www.gorillawalker.com/islands-of-profit-in-a-sea-of-red-ink-why.pdf
    • http://www.gorillawalker.com/juices-and-smoothies-food-lovers-simply.pdf
    • http://www.gorillawalker.com/babe-ruth-one-of-baseball-s-greatest.pdf
    • http://www.gorillawalker.com/gymnastics-textbook-ed-2-gimnastika-uchebnik-izd-2.pdf
    • http://www.gorillawalker.com/student-s-solutions-manual-to-accompany-elementary-number-theory.pdf
    • http://www.gorillawalker.com/foundations-of-synergetics-volume-1-distributed-active-systems-springer-series.pdf
    • http://www.gorillawalker.com/on-the-most-ancient-wisdom-of-the-italians-unearthed-from.pdf
    • http://www.gorillawalker.com/options-as-a-strategic-investment-study-guide-paperback-common.pdf
    • http://www.gorillawalker.com/hathor-s-mega-awesome-book-of-in-your-face-breastfeeding.pdf
    • http://www.gorillawalker.com/2006-new-orleans-restaurants-with-bonus-nightlife-section-zagat-survey.pdf
    • http://www.gorillawalker.com/ma-tutt-s-donut-hut-a-mack-the-magical-cat.pdf
    • http://www.gorillawalker.com/the-barcelona-file-a-novel.pdf
    • http://www.gorillawalker.com/20th-century-handful-of-dust-twentieth-century-classics.pdf
    • http://www.gorillawalker.com/ebola-don-t-panic-prepare-kindle-edition.pdf
    • http://www.gorillawalker.com/the-lives-of-the-twelve-caesars-emperors-of-rome-in.pdf
    • http://www.gorillawalker.com/fantasias-en-tu-cabello-spanish-edition.pdf
    • http://www.gorillawalker.com/best-bed-breakfast-england-scotland-wales-2007-2008.pdf
    • http://www.gorillawalker.com/diary-of-a-minecraft-sheep-an-unofficial-minecraft-novel.pdf
    • http://www.gorillawalker.com/biomedical-signal-analysis-contemporary-methods-and-applications.pdf
    • http://www.gorillawalker.com/wendy-weds-the-werewolf-howl-at-the-moon.pdf
    • http://www.gorillawalker.com/jim-an-australian-hero-the-story-of-james-percy-collett.pdf
    • http://www.gorillawalker.com/italy-2015.pdf
    • http://www.gorillawalker.com/killer-camera-rigs-that-you-can-build-how-to-build.pdf
    • http://www.gorillawalker.com/haunted-temples-map-pack-a-4th-edition-dungeons-dragons-accessory.pdf
    • http://www.gorillawalker.com/la-evangelizaci-n-de-los-cat-licos-mundo-y-cristianismo.pdf
    • http://www.gorillawalker.com/all-you-need-is-love-13-lennon-mccartney-classics-1st.pdf
    • http://www.gorillawalker.com/essential-elements-e-flat-alto-saxophone-book-1.pdf
    • http://www.gorillawalker.com/three-goals-my-peace-corps-experience-in-haiti-kindle-edition.pdf
    • http://www.gorillawalker.com/game-gun.pdf
    • http://www.gorillawalker.com/security-interests-in-personal-property-university-casebook-series.pdf
    • http://www.gorillawalker.com/happy-easter.pdf
    • http://www.gorillawalker.com/an-economic-history-of-film-routledge-explorations-in-economic-history.pdf
    • http://www.gorillawalker.com/echo-aqa-gcse-german-assessment-pack-higher-and-foundation.pdf
    • http://www.gorillawalker.com/seven-years-in-tibet-paladin-books.pdf
    • http://www.gorillawalker.com/soul-ties.pdf
    • http://www.gorillawalker.com/the-late-bird-kindle-edition.pdf
    • http://www.gorillawalker.com/rihlaat-al-sindibad-al-bahri-al-sab-ah-fi-alf.pdf
    • http://www.gorillawalker.com/the-best-of-mijikai-haiku-paperback.pdf
    • http://www.gorillawalker.com/lattice-path-combinatorics-with-statistical-applications-mathematical-expositions-ser.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.