Malicious PDF — malware analysis report

Static analysis result for SHA-256 8f07f2cb03189c96…

MALICIOUS

PDF

46.6 KB Created: 2019-04-03 18:18:42 +03:00 Authoring application: Adobe InDesign CS4 (6.0.6) (via Mac OS X 10.9.1 Quartz PDFContext)
MD5: bcf4f6bc04a36745b4e1d73ca145791c SHA-1: bc01181ead9271db08ee550687adcfd59148f531 SHA-256: 8f07f2cb03189c96f5abf02b68137a84a9b7627acbe43089d4d7abf75811a0d0
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF file was flagged by a critical heuristic for containing a large number of external links, suggesting a link farm or SEO manipulation tactic. The ML classifier also strongly indicated maliciousness. While no scripts were extracted, the sheer volume of embedded URLs points to a malicious intent, likely to redirect users to compromised or malicious sites.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9147

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-common-sense-book-of-catholic-prayer-and-meditation.pdf
    • http://www.gorillawalker.com/the-billionaire-s-charity-twilight-dark-submission-reluctant-flogging-punishments.pdf
    • http://www.gorillawalker.com/microbial-ecology-fundamentals-and-applications-4th-edition.pdf
    • http://www.gorillawalker.com/places-linking-nature-and-culture-for-understanding-and-planning-energy.pdf
    • http://www.gorillawalker.com/the-great-antilles-porto-rico-guam-hawaii-panama.pdf
    • http://www.gorillawalker.com/state-of-decay-and-ruin-state-of-decay-book-one.pdf
    • http://www.gorillawalker.com/poisons-from-hemlock-to-botox-and-the-killer-bean-of.pdf
    • http://www.gorillawalker.com/ireland-in-mind.pdf
    • http://www.gorillawalker.com/black-patriots-and-loyalists-fighting-for-emancipation-in-the-war.pdf
    • http://www.gorillawalker.com/b-gen-und-deren-zubeh-r-german-edition.pdf
    • http://www.gorillawalker.com/italian-appetizers.pdf
    • http://www.gorillawalker.com/witch-of-the-palo-duro-tay-bodal-mystery.pdf
    • http://www.gorillawalker.com/the-calorieking-calorie-fat-carbohydrate-counter-2010-by-allan-borushek.pdf
    • http://www.gorillawalker.com/tidal-stream-atlas-the-channel-islands-and-adjacent-coasts-of.pdf
    • http://www.gorillawalker.com/black-coffee-poems-to-get-african-american-women-through-the.pdf
    • http://www.gorillawalker.com/soybean-diseases-and-their-management-soybean-disease-management.pdf
    • http://www.gorillawalker.com/the-crippled-giant-nigeria-since-independence.pdf
    • http://www.gorillawalker.com/the-vision-of-transformation-the-territorial-rhetoric-of-ezekiel-40.pdf
    • http://www.gorillawalker.com/estimating-concrete-buildings.pdf
    • http://www.gorillawalker.com/new-york-london-paris-madrid-rome-the-best-in-sightseeing.pdf
    • http://www.gorillawalker.com/how-to-profit-from-the-art-print-market-2nd-edition.pdf
    • http://www.gorillawalker.com/lodges-the-splintered-werewolf-the-forsaken-hardcover.pdf
    • http://www.gorillawalker.com/cracking-the-ap-statistics-2002-2003-edition-college-test-prep.pdf
    • http://www.gorillawalker.com/sour-puss.pdf
    • http://www.gorillawalker.com/a-directory-of-95-organic-chemical-plants-in-ohio.pdf
    • http://www.gorillawalker.com/keeneland-race-course-images-of-america.pdf
    • http://www.gorillawalker.com/we-might-have-poems-kindle-edition.pdf
    • http://www.gorillawalker.com/jack-nicholson-anatomy-of-an-actor.pdf
    • http://www.gorillawalker.com/cars-on-mars-and-49-other-poems-for-kids-on.pdf
    • http://www.gorillawalker.com/lavender-oil-the-new-guide-to-nature-s-most-versatile.pdf
    • http://www.gorillawalker.com/assessing-and-evaluating-adult-learning-in-career-and-technical-education.pdf
    • http://www.gorillawalker.com/workbook-for-delmar-s-comprehensive-medical-assisting-administrative-and-clinical.pdf
    • http://www.gorillawalker.com/gender-swap-soda-pop-pop-the-top-gender-swap-transformation.pdf
    • http://www.gorillawalker.com/reasoning-and-the-logic-of-things-the-cambridge-conferences-lectures.pdf
    • http://www.gorillawalker.com/the-big-sandy-valley.pdf
    • http://www.gorillawalker.com/33-ways-to-get-rid-of-parasites-how-to-cleanse.pdf
    • http://www.gorillawalker.com/the-building-acts-and-regulations-applied-shops-offices-and-factories.pdf
    • http://www.gorillawalker.com/the-american-prison-imagining-a-different-future.pdf
    • http://www.gorillawalker.com/constantinus-maximus-augustus-herrschaftspropaganda-in-der-zeitgenossischen-uberlieferung-historia-einzelschriften.pdf
    • http://www.gorillawalker.com/the-cambridge-ancient-history-volume-3-part-2-the-assyrian.pdf
    • http://www.gorillawalke
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.