Malicious PDF — malware analysis report

Static analysis result for SHA-256 891132d6dbd91225…

MALICIOUS

PDF

44.9 KB Created: 2018-11-15 18:31:34 +03:00 Authoring application: ScanSnap Manager (via Acrobat Distiller 10.1.7 (Windows))
MD5: b4e91216e6678c4f7c31c01c1275741d SHA-1: 267a28b5d015607cf7f950073b1429da2a9a2915 SHA-256: 891132d6dbd9122587af53c694779ea00e6240e7ee5b0ce66de4f5ee67c8f58b
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF was flagged by a machine learning classifier and contains a large number of embedded external links, characteristic of a link farm. The primary heuristic indicates a 'PDF_SEO_LINK_FARM' with 32 external links, suggesting the document's purpose is to manipulate search engine rankings or to serve as a distribution point for other malicious content. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8812

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/classic-male-nudes-in-charcoal-vol-3-kindle-edition.pdf
    • http://www.gorillawalker.com/voices-of-melancholy-studies-in-literary-treatments-of-melancholy-in.pdf
    • http://www.gorillawalker.com/pottery-analysis-second-edition-a-sourcebook.pdf
    • http://www.gorillawalker.com/how-to-build-a-cathedral.pdf
    • http://www.gorillawalker.com/discovering-the-great-south-land.pdf
    • http://www.gorillawalker.com/insideout-paris-city-guide-insideout-city-guide-paris.pdf
    • http://www.gorillawalker.com/the-joy-of-the-gospel-evangelii-gaudium-apostolic-exhortation-kindle.pdf
    • http://www.gorillawalker.com/german-for-kids-power-glide-children-s-german-levels-1.pdf
    • http://www.gorillawalker.com/enemies-of-choice-the-right-to-life-movement-and-its.pdf
    • http://www.gorillawalker.com/managed-care-what-it-is-and-how-it-works-managed.pdf
    • http://www.gorillawalker.com/hypnosis-and-the-treatment-of-depressions-strategies-for-change.pdf
    • http://www.gorillawalker.com/traditional-classics-on-leadership-the-international-library-of-leadership-elgar.pdf
    • http://www.gorillawalker.com/dachshund-puppies-2015-square-12x12-multilingual-edition.pdf
    • http://www.gorillawalker.com/interview-with-jim-plunkett-interviews.pdf
    • http://www.gorillawalker.com/you-can-defeat-hepatitis-b-chinese-edition.pdf
    • http://www.gorillawalker.com/medical-illuminations-using-evidence-visualization-and-statistical-thinking-to-improve.pdf
    • http://www.gorillawalker.com/naturalizing-phenomenology-issues-in-contemporary-phenomenology-and-cognitive-science-writing.pdf
    • http://www.gorillawalker.com/mythic-monsters-bugs-volume-26.pdf
    • http://www.gorillawalker.com/a-cup-of-comfort-for-sisters-stories-that-celebrate-the.pdf
    • http://www.gorillawalker.com/interviewing-for-journalists-how-to-research-and-conduct-interviews-you.pdf
    • http://www.gorillawalker.com/gps-quick-course-2nd-edition-systems-technology-and-operation.pdf
    • http://www.gorillawalker.com/12-concerti-grossi-op-6-concerto-no-12-in-f.pdf
    • http://www.gorillawalker.com/man-against-machine-guitar-tab.pdf
    • http://www.gorillawalker.com/reference-books-of-american-business-southeast-region-second-quarter.pdf
    • http://www.gorillawalker.com/groups-interaction-and-performance.pdf
    • http://www.gorillawalker.com/wisdom-s-way-101-tales-of-chinese-wit.pdf
    • http://www.gorillawalker.com/tsutsumu-traditional-japanese-packaging-japanese-edition.pdf
    • http://www.gorillawalker.com/someday-a-tree-turtleback-school-library-binding-edition.pdf
    • http://www.gorillawalker.com/study-guide-and-student-workbook-to-accompany-kamien-fifth-brief.pdf
    • http://www.gorillawalker.com/deep-sky-companions-hidden-treasures.pdf
    • http://www.gorillawalker.com/inestimable-blessings.pdf
    • http://www.gorillawalker.com/as-the-crow-flies.pdf
    • http://www.gorillawalker.com/machiavelli-146-s-art-of-politics-value-inquiry.pdf
    • http://www.gorillawalker.com/laser-surface-processing-and-characterization-proceedings-of-symposium-e-on.pdf
    • http://www.gorillawalker.com/mpls-network-management-mibs-tools-and-techniques-the-morgan-kaufmann.pdf
    • http://www.gorillawalker.com/governing-international-watercourses-river-basin-organizations-and-the-sustainable-governance.pdf
    • http://www.gorillawalker.com/mercury-poisoning-it-s-not-in-our-heads-anymore-true.pdf
    • http://www.gorillawalker.com/a-practical-approach-to-quantitative-metal-analysis-of-organic-matrices.pdf
    • http://www.gorillawalker.com/the-bipolar-disorder-survival-guide-how-to-prevent-mood-swings.pdf
    • http://www.gorillawalker.com/a-virginia-raid-in-1906.pdf
    • http://www.gorillawalker.com/enemies-o
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.