Malicious PDF — malware analysis report

Static analysis result for SHA-256 8b7e0b6ba77da41e…

MALICIOUS

PDF

44.9 KB Created: 2019-03-17 11:08:58 +03:00 Authoring application: FrameMaker 8.0 (via Acrobat Distiller 10.0.1 (Windows))
MD5: 1d26d8282e1ddf8a469b2e6b5db75a02 SHA-1: 776b379abaa951be9bc736b531647b592cd3f3a2 SHA-256: 8b7e0b6ba77da41e5e3615a6db1297f9502b1d0661c642d3b09616a4d6055d51
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious File

The PDF file was flagged by a machine learning classifier as malicious. A critical heuristic identified a large number of embedded external links, suggesting a link farm or redirection tactic. The document body was unreadable, but the presence of numerous URLs pointing to seemingly unrelated PDF files on the same domain indicates a likely SEO manipulation or phishing attempt to drive traffic to potentially compromised or malicious content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8396

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/banff-jasper-driving-map.pdf
    • http://www.gorillawalker.com/paula-and-her-multi-coloured-hair.pdf
    • http://www.gorillawalker.com/thinking-about-gis-geographic-information-system-planning-for-managers-fifth.pdf
    • http://www.gorillawalker.com/amazing-space-facts-a-golden-look-look-book.pdf
    • http://www.gorillawalker.com/cold-warrior-number-91-in-series-the-destroyer.pdf
    • http://www.gorillawalker.com/the-art-of-a-wasted-day.pdf
    • http://www.gorillawalker.com/2-you-could-be-a-churchneck-confessions-of-a-church.pdf
    • http://www.gorillawalker.com/what-s-a-mother-in-law-to-do-5-essential.pdf
    • http://www.gorillawalker.com/the-anthropology-of-performance-paj-books.pdf
    • http://www.gorillawalker.com/introduction-to-signal-integrity-a-laboratory-manual.pdf
    • http://www.gorillawalker.com/popular-mechanics-gadget-planet-150-gizmos-inventions-that-changed-the.pdf
    • http://www.gorillawalker.com/thucydides-the-peloponnesian-war-book-ii-cambridge-greek-and-latin.pdf
    • http://www.gorillawalker.com/it-s-not-my-department.pdf
    • http://www.gorillawalker.com/master-realist-techniques-in-colored-pencil-painting-in-4-weeks.pdf
    • http://www.gorillawalker.com/the-last-farmer-an-american-memoir.pdf
    • http://www.gorillawalker.com/green-streak-1000.pdf
    • http://www.gorillawalker.com/kaplan-gre-exam-advanced-verbal-text-only-original-edition-by.pdf
    • http://www.gorillawalker.com/tatshenshini-alsek-river-recreation-survey-summary-of-results.pdf
    • http://www.gorillawalker.com/viagra-sex-and-romance-the-women-who-take-it-reveal.pdf
    • http://www.gorillawalker.com/investing-your-life-in-things-that-matter.pdf
    • http://www.gorillawalker.com/digital-capital-harnessing-the-power-of-business-webs.pdf
    • http://www.gorillawalker.com/angel-diary-vol-11.pdf
    • http://www.gorillawalker.com/cirque-du-freak-7-hunters-of-the-dusk-book-7.pdf
    • http://www.gorillawalker.com/majakovskij-poesie-d-amore-e-di-rivoluzione-2-tutte-le.pdf
    • http://www.gorillawalker.com/l-blank-s-a-tarquin-s-engineering-economy-6th-sixth.pdf
    • http://www.gorillawalker.com/with-axe-and-bible-the-scottish-pioneers-of-new-brunswick.pdf
    • http://www.gorillawalker.com/i-was-a-stranger-a-christian-theology-of-hospitality.pdf
    • http://www.gorillawalker.com/pie-and-other-brilliant-ideas.pdf
    • http://www.gorillawalker.com/analysis-of-excitation-and-ionization-of-atoms-and-molecules-by.pdf
    • http://www.gorillawalker.com/shooting-from-the-hip-photography-masculinity-and-postwar-america.pdf
    • http://www.gorillawalker.com/sediment-and-the-environment-proceedings-of-a-symposium-held-during.pdf
    • http://www.gorillawalker.com/ukrainian-folk-tales.pdf
    • http://www.gorillawalker.com/organized-health-services-in-a-country-of-the-united-states.pdf
    • http://www.gorillawalker.com/understanding-second-temple-and-rabbinic-judaism.pdf
    • http://www.gorillawalker.com/the-best-of-joe-r-lansdale.pdf
    • http://www.gorillawalker.com/warm-words-otherwise-a-blizzard-of-book-reviews-kindle-edition.pdf
    • http://www.gorillawalker.com/new-ways-of-using-computers-in-language-teaching.pdf
    • http://www.gorillawalker.com/on-the-christian-life.pdf
    • http://www.gorillawalker.com/southwestern-cooking.pdf
    • http://www.gorillawalker.com/psych-k-the-missing-peace-in-your-life.pdf
    • http://www.gorillawalker.com/2-you-could-be-a-churchneck-conf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.