Malicious PDF — malware analysis report

Static analysis result for SHA-256 8de5e8d2d096efa1…

MALICIOUS

PDF

41.7 KB Created: 2019-02-14 08:11:29 +03:00 Authoring application: Acrobat PDFMaker 7.0 for Excel (via Acrobat Distiller 7.0 (Windows))
MD5: ee8e152c169b00bba250a1da3656342a SHA-1: 7d71d599de112a8514a28c205feed37ac1a50874 SHA-256: 8de5e8d2d096efa1115547b1180c185f1b8d4848dc591bd7006c83a936de20fa
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF file was flagged by a machine learning classifier as malicious and contains a large number of embedded links to external PDF files, suggesting a link farm or distribution mechanism. While no scripts were extracted, the sheer volume of links and the ML classification indicate a high likelihood of malicious intent, possibly to drive traffic or serve further malicious content. The attack pattern is likely related to SEO manipulation or a phishing lure.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/dottys-topsy-tale-kindle-edition.pdf
    • http://www.gorillawalker.com/the-meeting-emerge-book-2.pdf
    • http://www.gorillawalker.com/private-parts.pdf
    • http://www.gorillawalker.com/the-rough-guide-to-skiing-snowboarding-in-north-america.pdf
    • http://www.gorillawalker.com/ohio-evidence-rules-courtroom-quick-reference-2015.pdf
    • http://www.gorillawalker.com/the-hopi-survival-kit.pdf
    • http://www.gorillawalker.com/eat-away-illness.pdf
    • http://www.gorillawalker.com/raise-the-issues-an-integrated-approach-to-critical-thinking-3rd.pdf
    • http://www.gorillawalker.com/behavioral-interventions-in-cognitive-behavior-therapy-practical-guidance-for-putting.pdf
    • http://www.gorillawalker.com/clifford-s-big-red-ideas.pdf
    • http://www.gorillawalker.com/explorers-of-gor-gorean-saga.pdf
    • http://www.gorillawalker.com/homo-ludens-a-study-of-the-play-element-in-culture.pdf
    • http://www.gorillawalker.com/anarchism-i.pdf
    • http://www.gorillawalker.com/managing-product-management-empowering-your-organization-to-produce-competitive-products.pdf
    • http://www.gorillawalker.com/partial-discharge-detection-in-high-voltage-equipment.pdf
    • http://www.gorillawalker.com/duft-der-angst-german-edition.pdf
    • http://www.gorillawalker.com/mcgraw-hill-s-500-macroeconomics-questions-ace-your-college-exams.pdf
    • http://www.gorillawalker.com/johann-gottfried-herder-on-world-history-an-anthology-sources-and.pdf
    • http://www.gorillawalker.com/a-story-teller-s-story-the-tale-of-an-american.pdf
    • http://www.gorillawalker.com/le-droit-des-gens-ou-principes-de-la-loi-naturelle.pdf
    • http://www.gorillawalker.com/colder-than-here-acting-edition.pdf
    • http://www.gorillawalker.com/financial-reporting-financial-statement-analysis-and-valuation.pdf
    • http://www.gorillawalker.com/the-baker.pdf
    • http://www.gorillawalker.com/if-these-walls-could-talk-stories-from-the-new-york.pdf
    • http://www.gorillawalker.com/teach-me-everyday-hebrew-hebrew-edition-teach-me-series.pdf
    • http://www.gorillawalker.com/confident-for-life.pdf
    • http://www.gorillawalker.com/guidebook-to-dating-waiting-and-choosing-a-mate.pdf
    • http://www.gorillawalker.com/kassya-ballet-music-tuba-part-qty-3-a1406.pdf
    • http://www.gorillawalker.com/marvel-year-by-year.pdf
    • http://www.gorillawalker.com/mystic-keepers-volume-1.pdf
    • http://www.gorillawalker.com/peterson-s-summer-jobs-britain-99-summer-jobs-britain-1999.pdf
    • http://www.gorillawalker.com/conservation-and-development-in-cambodia-exploring-frontiers-of-change-in.pdf
    • http://www.gorillawalker.com/graceful-passages-a-companion-for-living-and-dying-wisdom-of.pdf
    • http://www.gorillawalker.com/provincias-de-jujuy-salta-argentina-spanish-edition.pdf
    • http://www.gorillawalker.com/food-and-farming-then-and-now-from-olden-days-to.pdf
    • http://www.gorillawalker.com/fifty-shades-trilogy-audiobook-bundle-fifty-shades-of-grey-fifty.pdf
    • http://www.gorillawalker.com/a-klassic-kompilation-thanksgiving-kreme-stuffing-month-book-1-kindle.pdf
    • http://www.gorillawalker.com/when-death-is-not-enough-kindle-edition.pdf
    • http://www.gorillawalker.com/intrusion-detection-systems-second-edition.pdf
    • http://www.gorillawalker.com/50-shades-of-brittany-nubile-brittany.pdf
    • http://www.gorillawalker.com/behavioral-interventions-i
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.