Malicious PDF — malware analysis report

Static analysis result for SHA-256 88720f545219c053…

MALICIOUS

PDF

34.8 KB Created: 2019-05-31 14:17:17 +03:00 Authoring application: Adobe InDesign CS6 (Macintosh) (via Adobe PDF Library 10.0.1)
MD5: ff77c9fe00287bc489f68a747310caf9 SHA-1: ba859a6cde40e4d8a920ac028a7cf68d39007702 SHA-256: 88720f545219c05367298079b2562b38cb6e9e3914347df1f7862d227c50bf39
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded external links, identified by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged the document as malicious. The primary purpose appears to be directing users to a vast collection of URLs, likely for SEO manipulation or to serve as a distribution point for further malicious content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8263

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/randy-and-walter-american-wasteland-randy-and-walter-trilogy-volume.pdf
    • http://www.gorillawalker.com/the-canonization-of-islamic-law-a-social-and-intellectual-history.pdf
    • http://www.gorillawalker.com/cytokines-in-animal-health-and-disease.pdf
    • http://www.gorillawalker.com/variational-methods-in-nonlinear-field-equations-solitary-waves-hylomorphic-solitons.pdf
    • http://www.gorillawalker.com/journeyman-plumber-s-exam-secrets-study-guide-plumber-s-test.pdf
    • http://www.gorillawalker.com/buddhist-practice-of-concentration.pdf
    • http://www.gorillawalker.com/business-development-united-states-government-contracting.pdf
    • http://www.gorillawalker.com/simple-solutions-to-energy-calculations-fourth-edition.pdf
    • http://www.gorillawalker.com/customer-relationship-management-briefcase-books-series.pdf
    • http://www.gorillawalker.com/tribal-tattoo-designs-from-the-pacific.pdf
    • http://www.gorillawalker.com/worlds-apart-a-postcolonial-reading-of-post-1945-east-central.pdf
    • http://www.gorillawalker.com/case-closed.pdf
    • http://www.gorillawalker.com/foodie-west-coast-favourite-recipes.pdf
    • http://www.gorillawalker.com/natural-object-recognition-springer-series-in-perception-engineering.pdf
    • http://www.gorillawalker.com/competing-with-knowledge-the-information-professional-in-the-knowledge-management.pdf
    • http://www.gorillawalker.com/dangerous-heartbeat-french-edition.pdf
    • http://www.gorillawalker.com/diabetes-mellitus-una-guia-practica-spanish-edition.pdf
    • http://www.gorillawalker.com/perceval-s-narrative-a-patient-s-account-of-his-own.pdf
    • http://www.gorillawalker.com/der-betrieb-von-spielbanken-im-spannungsverh-ltnis-zwischen-grundrechtlicher-berufsfreiheit.pdf
    • http://www.gorillawalker.com/what-a-question-opening-doors-to-conversation-and-windows-of.pdf
    • http://www.gorillawalker.com/orbiting-the-giant-hairball-a-corporate-fool-s-guide-to.pdf
    • http://www.gorillawalker.com/displaying-the-marvelous-marcel-duchamp-salvador-dal-and-surrealist-exhibition.pdf
    • http://www.gorillawalker.com/the-grief-club-the-secret-to-getting-through-all-kinds.pdf
    • http://www.gorillawalker.com/bmw-z3-service-manual-1996-1997-1998-1999-2000-2001.pdf
    • http://www.gorillawalker.com/functional-atlas-of-the-human-fascial-system-1e.pdf
    • http://www.gorillawalker.com/letters-from-the-coffin-trenches-kindle-edition.pdf
    • http://www.gorillawalker.com/elements-of-engineering-electromagnetics-6e.pdf
    • http://www.gorillawalker.com/the-quest-for-meaning-developing-a-philosophy-of-pluralism.pdf
    • http://www.gorillawalker.com/the-pirates-of-penzance-vocal-score-dover-vocal-scores-paperback.pdf
    • http://www.gorillawalker.com/todo-por-estar-junto-a-ti-solo-es-una-aventura.pdf
    • http://www.gorillawalker.com/wiener-blut-op-354-full-score-a2108.pdf
    • http://www.gorillawalker.com/improve-your-practice-instrumental-grade-5-intermediate.pdf
    • http://www.gorillawalker.com/for-all-of-us-one-today-an-inaugural-poet-s.pdf
    • http://www.gorillawalker.com/cinderellis-and-the-glass-hill-princess-tales.pdf
    • http://www.gorillawalker.com/winter-ornamentals-cascadia-gardening-series.pdf
    • http://www.gorillawalker.com/anonymous-communication-networks-protecting-privacy-on-the-web.pdf
    • http://www.gorillawalker.com/i-m-tempted-to-stop-acting-randomly-a-dilbert-book.pdf
    • http://www.gorillawalker.com/us-army-technical-manual-tm-5-5420-208-12-p.pdf
    • http://www.gorillawalker.com/assessment-accommodations-for-classroom-teachers-of-culturally-and-linguistically-diverse.pdf
    • http://www.gorillawalker.com/iron-kin-a-novel-of-the-half-light-city.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.