Malicious PDF — malware analysis report

Static analysis result for SHA-256 90325d4ce14373ec…

MALICIOUS

PDF

42.0 KB Created: 2018-11-23 21:00:54 +03:00 Authoring application: AH XSL Formatter V6.1 MR1 for Linux64 : 6.1.6.12100 (via Antenna House PDF Output Library 6.1.420 (Linux64); modified using iText 2.1.7 by 1T3XT)
MD5: 7a643e85242b89431ae709db20911c75 SHA-1: c3fb4179b1859b465003376138994ecb625ad94e SHA-256: 90325d4ce14373ec504bc3e68cdd67202313e2179b6aa5f08b6e590346513e6c
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious File

The PDF was flagged by a critical heuristic for containing a large number of external links, suggesting a link farm or SEO manipulation tactic. The ML classifier also strongly indicated maliciousness. While no scripts were extracted, the sheer volume of links points to a malicious intent, likely to drive traffic or distribute further payloads via these external resources.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9027

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/online-learning-and-teaching-in-higher-education.pdf
    • http://www.gorillawalker.com/the-shot-heard-round-the-world.pdf
    • http://www.gorillawalker.com/rethinking-sitting.pdf
    • http://www.gorillawalker.com/modelling-command-and-control-human-factors-in-defence.pdf
    • http://www.gorillawalker.com/creating-business-plans-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/shaffer-and-elkins-legal-interviewing-and-counseling-in-a-nutshell.pdf
    • http://www.gorillawalker.com/the-bruce-jenner-decathlon-suite-10-original-lithographs.pdf
    • http://www.gorillawalker.com/the-bridge-harlequin-intrigue-brody-law.pdf
    • http://www.gorillawalker.com/cengage-advantage-books-introduction-to-research-in-education.pdf
    • http://www.gorillawalker.com/the-sisters-of-the-spinning-wheel-and-other-sikh-poems.pdf
    • http://www.gorillawalker.com/i-m-sure-we-will-do-well-the-war-letters.pdf
    • http://www.gorillawalker.com/journey-to-freedom-a-bible-study-on-identity-for-teen.pdf
    • http://www.gorillawalker.com/regional-cooking-of-china-300-recipes-from-the-north-south.pdf
    • http://www.gorillawalker.com/iso-13731-2001-ergonomics-of-the-thermal-environment-vocabulary-and.pdf
    • http://www.gorillawalker.com/hot-wife-shared-bundle-hot-wives-cuckolds-collection-shared-wife.pdf
    • http://www.gorillawalker.com/premier-quatuor-op-10-for-saxophone-quartet.pdf
    • http://www.gorillawalker.com/la-catedral-ebook-epub-gran-angular-spanish-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/touching-all-the-bases-poems-from-baseball.pdf
    • http://www.gorillawalker.com/street-art-2013.pdf
    • http://www.gorillawalker.com/sixty-years-in-gospel-song-music-and-testimony.pdf
    • http://www.gorillawalker.com/completing-the-union-alaska-hawai-i-and-the-battle-for.pdf
    • http://www.gorillawalker.com/jack-welch-and-the-ge-way-management-insights-and-leadership.pdf
    • http://www.gorillawalker.com/statistical-methods-in-bioinformatics-statistics-for-biology-and-health.pdf
    • http://www.gorillawalker.com/common-core-fifth-grade-4-today-daily-skill-practice-common.pdf
    • http://www.gorillawalker.com/together-in-rhythm-a-facilitator-s-guide-to-drum-circle.pdf
    • http://www.gorillawalker.com/what-men-don-t-tell-women-about-business-opening-up.pdf
    • http://www.gorillawalker.com/satan-s-revenge-a-satan-s-sons-mc-novel-volume.pdf
    • http://www.gorillawalker.com/clare-beaton-s-animal-rhymes.pdf
    • http://www.gorillawalker.com/my-summer-of-hate.pdf
    • http://www.gorillawalker.com/five-six-seven-nate-better-nate-than-ever.pdf
    • http://www.gorillawalker.com/indian-taste.pdf
    • http://www.gorillawalker.com/army-night-stalkers-u-s-military.pdf
    • http://www.gorillawalker.com/the-lost-beatles-photographs-the-bob-bonis-archive-1964-1966.pdf
    • http://www.gorillawalker.com/physical-chemistry-of-surfaces.pdf
    • http://www.gorillawalker.com/dictionary-of-tlingit.pdf
    • http://www.gorillawalker.com/the-creative-city-vision-and-execution-digital.pdf
    • http://www.gorillawalker.com/david-carr-glover-method-for-piano-theory-primer-l.pdf
    • http://www.gorillawalker.com/the-final-blessing-kindle-edition.pdf
    • http://www.gorillawalker.com/jaya-s-golden-necklace.pdf
    • http://www.gorillawalker.com/the-dead-wife-s-handbook.pdf
    • http://www.gorillawalker.com/shaffer-and-elkins-legal-interviewing-and-counseling-in-a-nutshell.p
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.