Malicious PDF — malware analysis report

Static analysis result for SHA-256 8b5add03a6ed824f…

MALICIOUS

PDF

46.6 KB Created: 2018-11-30 20:02:34 +03:00 Authoring application: SYSTEM400 Rev 16.02 (via Acrobat Distiller 4.05 for Windows, Powered by PDF Polisher Pro 5.01 420)
MD5: ae9e6713d84ab966385359f8169c239a SHA-1: 62a1fe9c74f8cf14f83aa97058a0ccae8ff0fec8 SHA-256: 8b5add03a6ed824f6b35f4463111321f2443bb24ec900ef52e112c2d53b54199
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links to external websites, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML_NYX_PDF_MALICIOUS heuristic also flagged the document as malicious. The primary function appears to be directing users to a link farm, likely for SEO manipulation or to serve as a distribution point for further malicious content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8263

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/a-review-of-the-andaz-hotel-in-west-hollywood-california.pdf
    • http://www.gorillawalker.com/pirates-of-the-relentless-desert-the-clouded-world-series-book.pdf
    • http://www.gorillawalker.com/cross-justice-alex-cross.pdf
    • http://www.gorillawalker.com/a-dance-to-the-music-of-time-3-books-in.pdf
    • http://www.gorillawalker.com/cambridge-latin-course-unit-1-student-s-text-north-american.pdf
    • http://www.gorillawalker.com/connecticut-ma-ri-state-slicker.pdf
    • http://www.gorillawalker.com/temperature-dependence-of-gas-properties-in-polynomial-form.pdf
    • http://www.gorillawalker.com/amst-05-advanced-manufacturing-systems-and-technology-proceedings-of-the.pdf
    • http://www.gorillawalker.com/stories-of-hope-and-spirit.pdf
    • http://www.gorillawalker.com/graph-theory-and-its-applications-east-and-west-proceedings-of.pdf
    • http://www.gorillawalker.com/nfpa-1021-standard-for-fire-officer-professional-qualifications-2014.pdf
    • http://www.gorillawalker.com/funfax-euro-2000-file.pdf
    • http://www.gorillawalker.com/rda-rats-drugs-and-assumptions.pdf
    • http://www.gorillawalker.com/destiny-s-path-2-govannon-of-the-wood.pdf
    • http://www.gorillawalker.com/okra-the-ultimate-recipe-guide.pdf
    • http://www.gorillawalker.com/indian-country-sacred-ground-native-peoples.pdf
    • http://www.gorillawalker.com/confessions-of-an-heiress-a-tongue-in-chic-peek-behind.pdf
    • http://www.gorillawalker.com/willie-mclean-and-the-civil-war-surrender-on-my-own.pdf
    • http://www.gorillawalker.com/start-run-a-landscaping-business-start-and-run-a.pdf
    • http://www.gorillawalker.com/the-all-american-barbecue-book.pdf
    • http://www.gorillawalker.com/ah-6-little-birds-torque-books-military-machines.pdf
    • http://www.gorillawalker.com/elements-of-the-theory-of-computation-2nd-edition.pdf
    • http://www.gorillawalker.com/how-to-power-tune-jaguar-xk-3-4-3-8.pdf
    • http://www.gorillawalker.com/model-based-on-normal-artificial-immune-system-and-its-applications.pdf
    • http://www.gorillawalker.com/topical-times-football-book-1997.pdf
    • http://www.gorillawalker.com/the-greatest-newspaper-dot-to-dot-puzzles-vol-6.pdf
    • http://www.gorillawalker.com/crusader-for-sex-education-elise-ottesen-jensen-1886-1973-in.pdf
    • http://www.gorillawalker.com/islet-cells-organs-vie-for-transplant-priority-endocrinology-an-article.pdf
    • http://www.gorillawalker.com/personal-justice-a-private-investigator-mystery-series-a-jake-annie.pdf
    • http://www.gorillawalker.com/the-man-who-couldn-t-stop-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/trnava-1-10-000-mapa-mesta-s-mapou-okolia-1.pdf
    • http://www.gorillawalker.com/patriotic-favorites-bb-trumpet.pdf
    • http://www.gorillawalker.com/neopoprealism-starz-21st-century-art-compendium-of-new-millennium-contemporary.pdf
    • http://www.gorillawalker.com/building-the-bonds-of-attachment-kindle-edition.pdf
    • http://www.gorillawalker.com/black-bullet-vol-1-manga-black-bullet-manga.pdf
    • http://www.gorillawalker.com/cluster-s-last-stand-on-the-ground-harpsichord-solo.pdf
    • http://www.gorillawalker.com/the-sizzlin-60s-a-decade-of-cars-in-scale-volume.pdf
    • http://www.gorillawalker.com/texes-languages-other-than-english-lote-spanish-613-secrets-study.pdf
    • http://www.gorillawalker.com/franklin-has-the-hiccups-kids-can-read.pdf
    • http://www.gorillawalker.com/contrapunteo-cubano-del-tabaco-y-el-azucar-cuban-counterpoint-of.pdf
    • http://www.gorillawalker.com/cambridge-latin-course-unit-1-student-s-text-no
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.