Malicious PDF — malware analysis report

Static analysis result for SHA-256 8a44875fb54005c9…

MALICIOUS

PDF

44.1 KB Created: 2019-02-14 08:13:35 +03:00 Authoring application: dvips 5.72 Copyright 1997 Radical Eye Software (www.radicaleye.com) (via Acrobat Distiller 5.0.5 (Windows))
MD5: 6a2e3fc8bed247db44b7dea4c0c59ec6 SHA-1: 5549ecaf5b796492be4252c99a1d7274f5dd45dd SHA-256: 8a44875fb54005c929bb61b9ac624d306e53a8f2733f5193f837726c2cb33212
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged this PDF as malicious. The document body is heavily obfuscated, preventing a clear understanding of its direct user-facing purpose, but the link farm strongly suggests a malicious intent, likely for SEO manipulation or to distribute further malware. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9016

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-small-business-start-up-kit-for-california.pdf
    • http://www.gorillawalker.com/jane-austen-classic-bbc-radio-full-cast-drama.pdf
    • http://www.gorillawalker.com/soul-seekers-our-call-to-people-and-the-13-challenges.pdf
    • http://www.gorillawalker.com/junior-encyclopedia-scientific-discoveries.pdf
    • http://www.gorillawalker.com/knee-deep-in-claret-celebration-of-wine-and-scotland.pdf
    • http://www.gorillawalker.com/blood-type-a-food-beverage-and-supplemental-lists-kindle-edition.pdf
    • http://www.gorillawalker.com/bromine-elements.pdf
    • http://www.gorillawalker.com/members-of-one-body-prophets-priests-and-kings-an-ecclesiology.pdf
    • http://www.gorillawalker.com/cry-the-beloved-country-cliffs-notes.pdf
    • http://www.gorillawalker.com/elementary-and-intermediate-algebra-graphs-and-models-vol-1-custom.pdf
    • http://www.gorillawalker.com/als-ich-dich-fand-german-edition.pdf
    • http://www.gorillawalker.com/own-province-travel-the-south-coast-issue-2-korean-edition.pdf
    • http://www.gorillawalker.com/phonics-made-plain-wall-chart-and-flashcards.pdf
    • http://www.gorillawalker.com/mother-courage-and-her-children-adapted-by-david-hare.pdf
    • http://www.gorillawalker.com/supercritical-fluid-extraction-technology-applications-and-limitations-materials-science-and.pdf
    • http://www.gorillawalker.com/horse-tamer-s-bride-the.pdf
    • http://www.gorillawalker.com/patmos-speaks-today-understanding-the-new-testament.pdf
    • http://www.gorillawalker.com/history-of-the-31st-canadian-infantry-battalion-c-e-f.pdf
    • http://www.gorillawalker.com/snow-in-july.pdf
    • http://www.gorillawalker.com/mortal-arts-a-lady-darby-mystery.pdf
    • http://www.gorillawalker.com/el-holandes-errante-y-otros-poemas-de-luis-angel-casas.pdf
    • http://www.gorillawalker.com/a-confidence-carol-kindle-edition.pdf
    • http://www.gorillawalker.com/traveling-to-america-discover-the-top-3-places-you-must.pdf
    • http://www.gorillawalker.com/golf-basics-a-pyramid-sport-paperback.pdf
    • http://www.gorillawalker.com/tappan-s-handbook-of-massage-therapy-blending-art-with-science.pdf
    • http://www.gorillawalker.com/cravings-a-catholic-wrestles-with-food-self-image-and-god.pdf
    • http://www.gorillawalker.com/the-business-of-athletic-training.pdf
    • http://www.gorillawalker.com/contemporary-class-piano-5th-edition.pdf
    • http://www.gorillawalker.com/atlas-de-rutas-firestone-argentina-sur-de-brasil-chile-paraguay.pdf
    • http://www.gorillawalker.com/we-own-the-night-way-of-the-vampire-kindle-edition.pdf
    • http://www.gorillawalker.com/modern-small-arms-illustrated-encyclopaedia-of-famous-military-firearms-from.pdf
    • http://www.gorillawalker.com/the-ten-original-systems-of-yoga.pdf
    • http://www.gorillawalker.com/engineering-geology-for-civil-engineers.pdf
    • http://www.gorillawalker.com/the-premature-menopause-book-when-the-change-of-life-comes.pdf
    • http://www.gorillawalker.com/musculoskeletal-and-congenital-deformities-atlas-of-the-newborn-v-2.pdf
    • http://www.gorillawalker.com/when-is-no-treatment-best-for-prostate-cancer-active-surveillance.pdf
    • http://www.gorillawalker.com/california-rules-of-court-federal-district-courts-2011-ed-vol.pdf
    • http://www.gorillawalker.com/ohio-public-contract-law-hardcover.pdf
    • http://www.gorillawalker.com/homological-algebra-pms-19.pdf
    • http://www.gorillawalker.com/how-to-draw-sea-creatures-pbk-paperback.pdf
    • http://www.gorillawalker.com/knee-deep-in-claret-celebration-of-wine-
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.