Malicious PDF — malware analysis report

Static analysis result for SHA-256 8f8fa31ea8f2b9f4…

MALICIOUS

PDF

42.1 KB Created: 2019-04-08 18:38:15 +03:00 Authoring application: FrameMaker 6.0 (via Acrobat Distiller 6.0.1 for Macintosh)
MD5: 9d490f57b04838e5011d23146725b1ca SHA-1: 015b2e3ccf4f021c1c45abb7d752ab9f726cc3b5 SHA-256: 8f8fa31ea8f2b9f459e332e5eabaf3e21f1ba4592e5d0656884cf12eef579975
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF was flagged by a critical heuristic for containing a large number of external links, suggesting a link farm or distribution mechanism. The ML classifier also indicated a high probability of maliciousness. While no scripts were extracted, the sheer volume of links to other PDFs on the same domain points towards a coordinated effort to host or link to malicious content, likely for SEO manipulation or to lure users to download further malware.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8872

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/basic-guitar-lessons-omnibus-edition-play-guitar-with-happy-traum.pdf
    • http://www.gorillawalker.com/formwork-for-concrete.pdf
    • http://www.gorillawalker.com/audio-amplifier-construction-bernard-babani-publishing-radio-electronics-books.pdf
    • http://www.gorillawalker.com/the-triumph-of-grace-in-deuteronomy-paternoster-biblical-monographs-paternoster.pdf
    • http://www.gorillawalker.com/seismic-design-of-engineering-structures-paperback-chinese-edition.pdf
    • http://www.gorillawalker.com/comprehensive-cytopathology-expert-consult-online-and-print-3e.pdf
    • http://www.gorillawalker.com/wiser-getting-beyond-groupthink-to-make-groups-smarter.pdf
    • http://www.gorillawalker.com/strategic-issues-in-european-aerospace-industry.pdf
    • http://www.gorillawalker.com/cracks-in-my-foundation-bags-trips-make-up-tips-charity.pdf
    • http://www.gorillawalker.com/plunkett-s-airline-hotel-travel-industry-almanac-2005-the-only.pdf
    • http://www.gorillawalker.com/in-god-s-hands-the-archbishop-of-canterbury-s-lent.pdf
    • http://www.gorillawalker.com/shake-it-up-baby.pdf
    • http://www.gorillawalker.com/control-system-design-an-introduction-to-state-space-methods-dover.pdf
    • http://www.gorillawalker.com/the-crisis-of-the-aristocracy-1558-1641-galaxy-books.pdf
    • http://www.gorillawalker.com/caring-for-adults-with-mental-health-problems-wiley-series-in.pdf
    • http://www.gorillawalker.com/little-book-of-tattoos.pdf
    • http://www.gorillawalker.com/advanced-email-marketing.pdf
    • http://www.gorillawalker.com/english-gcse-passcards-keyfacts.pdf
    • http://www.gorillawalker.com/the-history-of-gastroenterology.pdf
    • http://www.gorillawalker.com/tarascon-pediatric-emergency-pocketbook-5th-edition.pdf
    • http://www.gorillawalker.com/gu-a-de-clase-de-sistemas-inform-ticos-monousuario-y.pdf
    • http://www.gorillawalker.com/the-collected-works-of-bram-stoker-32-novels-and-short.pdf
    • http://www.gorillawalker.com/centerstream-publishing-electric-guitar-construction-book.pdf
    • http://www.gorillawalker.com/new-mystudentsuccesslab-valuepack-access-card.pdf
    • http://www.gorillawalker.com/the-photographer-s-eye-graphic-guide-composition-and-design-for.pdf
    • http://www.gorillawalker.com/celtic-woman-songs-from-the-heart-piano-vocal-guitar.pdf
    • http://www.gorillawalker.com/handbook-of-discrete-valued-time-series-chapman-hall-crc-handbooks.pdf
    • http://www.gorillawalker.com/gone-for-the-day-family-fun-in-central-texas.pdf
    • http://www.gorillawalker.com/joel-and-the-day-of-the-lord-kindle-edition.pdf
    • http://www.gorillawalker.com/reading-screenplays-how-to-analyse-and-evaluate-film-scripts-creative.pdf
    • http://www.gorillawalker.com/ruby-writes-a-story-max-and-ruby.pdf
    • http://www.gorillawalker.com/rub-n-dar-o-spanish-edition.pdf
    • http://www.gorillawalker.com/circuit-oriented-electromagnetic-modeling-using-the-peec-techniques.pdf
    • http://www.gorillawalker.com/aviation-mechanic-handbook.pdf
    • http://www.gorillawalker.com/skillmasters-3-minute-assessment.pdf
    • http://www.gorillawalker.com/colonies.pdf
    • http://www.gorillawalker.com/parley-p-pratt-the-apostle-paul-of-mormonism.pdf
    • http://www.gorillawalker.com/baking-breads-muffins-cakes-pies-tarts-cookies-and-bars-over.pdf
    • http://www.gorillawalker.com/the-new-business-road-test-what-entrepreneurs-and-executives-should.pdf
    • http://www.gorillawalker.com/algebra-1-interactive-student-edition-cd-rom.pdf
    • http://www.gorillawalker.com/wiser-ge
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.