Malicious PDF — malware analysis report

Static analysis result for SHA-256 89f27641650cef57…

MALICIOUS

PDF

41.9 KB Created: 2018-11-15 19:35:15 +03:00 Authoring application: - (via Acrobat Distiller 5.0.5 (Windows))
MD5: 1a87fb4d5650a769811766192592a83f SHA-1: 6efb0403103e62319e592a0f3ca381c5607542b9 SHA-256: 89f27641650cef57c21692ce246b8580b8cea2f28b1306242b933a75cd0bd05b
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded external links, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged the document as malicious. The primary attack pattern appears to be a link farm designed to manipulate search engine results or direct users to potentially malicious content hosted on external sites.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8698

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/new-pathways-for-organic-synthesis-practical-applications-of-transition-metals.pdf
    • http://www.gorillawalker.com/meat-free-meals-weight-watchers.pdf
    • http://www.gorillawalker.com/heaven-in-his-arms-kindle-edition.pdf
    • http://www.gorillawalker.com/hailstones-and-halibut-bones-adventures-in-color.pdf
    • http://www.gorillawalker.com/the-ab-guide-to-music-theory-vol-1-by-taylor.pdf
    • http://www.gorillawalker.com/the-phylogenetic-handbook-a-practical-approach-to-phylogenetic-analysis-and.pdf
    • http://www.gorillawalker.com/baring-it-all.pdf
    • http://www.gorillawalker.com/god-s-invitation-meditations-on-a-covenant-relationship.pdf
    • http://www.gorillawalker.com/who-was-roald-dahl-paperback.pdf
    • http://www.gorillawalker.com/skinned-skinned-trilogy.pdf
    • http://www.gorillawalker.com/veterans-rebuild-america.pdf
    • http://www.gorillawalker.com/doing-business-in-russia-basic-facts-for-the-pioneering-entrepreneur.pdf
    • http://www.gorillawalker.com/the-genesis-of-lachmann-s-method.pdf
    • http://www.gorillawalker.com/period-costume-for-stage-and-screen-dominos-dolmans-coats-pelisses.pdf
    • http://www.gorillawalker.com/marketing-plan-for-a-nanny-agency-professional-fill-in-the.pdf
    • http://www.gorillawalker.com/sequoia-amigo-de-los-animales-spanish-edition.pdf
    • http://www.gorillawalker.com/god-only-knows.pdf
    • http://www.gorillawalker.com/exploring-isabella-part-one.pdf
    • http://www.gorillawalker.com/teaching-2030-what-we-must-do-for-our-students-and.pdf
    • http://www.gorillawalker.com/british-buses-and-trolleybuses-1950s-1970s-the-midlands-1-the.pdf
    • http://www.gorillawalker.com/ged-demystified.pdf
    • http://www.gorillawalker.com/employment-and-labor-law-fifth-edition-5th-edition.pdf
    • http://www.gorillawalker.com/bhutan-land-of-the-thunder-dragon.pdf
    • http://www.gorillawalker.com/creations-of-the-mind-theories-of-artifacts-and-their-representation.pdf
    • http://www.gorillawalker.com/beautiful-joe-an-autobiography-of-a-dog.pdf
    • http://www.gorillawalker.com/treasures-of-prehistoric-art.pdf
    • http://www.gorillawalker.com/the-twilight-of-the-american-enlightenment-the-1950s-and-the.pdf
    • http://www.gorillawalker.com/leading-the-churchs-song-with-cd-leading-congregational-song.pdf
    • http://www.gorillawalker.com/the-manager-as-change-leader.pdf
    • http://www.gorillawalker.com/best-practices-in-occupational-therapy-education.pdf
    • http://www.gorillawalker.com/dyslipidemia-pipeline-review-q4-2010-download-pdf-digital.pdf
    • http://www.gorillawalker.com/the-ernest-tubb-songbook-piano-vocal-guitar-artist-songbook.pdf
    • http://www.gorillawalker.com/first-cases.pdf
    • http://www.gorillawalker.com/atlas-of-normal-roentgen-variants-that-may-simulate-disease.pdf
    • http://www.gorillawalker.com/20-pack-hucow-ultrabundle.pdf
    • http://www.gorillawalker.com/adobe-photoshop-cs3-a-z-tools-and-features-illustrated-ready.pdf
    • http://www.gorillawalker.com/hunting-season-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/colds-it-s-catching.pdf
    • http://www.gorillawalker.com/conoces-el-oceano-ocean-facts-spanish-edition.pdf
    • http://www.gorillawalker.com/investing-in-bits-and-bytes-strategies-for-making-money-with.pdf
    • http://www.gorillawalker.com/the
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.