Malicious PDF — malware analysis report

Static analysis result for SHA-256 935d88ff1f489bea…

MALICIOUS

PDF

43.5 KB Created: 2018-11-14 11:30:11 +03:00 Authoring application: ScanSnap Manager (via Acrobat Distiller 10.1.7 (Windows))
MD5: f3436d38a4a2714e956b662e95639ca2 SHA-1: dac09b3054f41ef5f0069c8f182a6d449e21b166 SHA-256: 935d88ff1f489bea6b7d4ad1c8f11d1009b52b4027b1f1844e05d4c890ce1b25
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious File

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged the document as malicious. The primary attack pattern appears to be a link farm designed to manipulate search engine results or distribute additional malicious content via the linked PDFs.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8223

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/belly-fat-breakthrough.pdf
    • http://www.gorillawalker.com/property-and-casualty-insurance-covering-the-risk-of-accidents-and.pdf
    • http://www.gorillawalker.com/finite-element-simulations-using-ansys-digital.pdf
    • http://www.gorillawalker.com/previs-and-brunchhead-albanian-edition.pdf
    • http://www.gorillawalker.com/dangerous-precincts-mystery-of-the-wakeford-case.pdf
    • http://www.gorillawalker.com/humane-livestock-handling-understanding-livestock-behavior-and-building-facilities-for.pdf
    • http://www.gorillawalker.com/disaster-hurricane-katrina-and-the-failure-of-homeland-security.pdf
    • http://www.gorillawalker.com/freedom-from-strokes-what-everyone-ought-to-know-about-strokes.pdf
    • http://www.gorillawalker.com/making-the-most-of-appleworks.pdf
    • http://www.gorillawalker.com/birding-in-new-brunswick.pdf
    • http://www.gorillawalker.com/little-blue-truck-kindle-edition.pdf
    • http://www.gorillawalker.com/the-kama-sutra-of-vatsyayana-the-kama-sutra.pdf
    • http://www.gorillawalker.com/el-esplendor-del-purgatorio-spanish-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/kuldetesem-tortenete-itinerarium-1708-1709-bibliotheca-saeculorum-hungarian-edition.pdf
    • http://www.gorillawalker.com/transexual-erotic-encounters-3-erotica-erotic-literature-free-erotica-books.pdf
    • http://www.gorillawalker.com/shadow-alpha-alpha-3-kindle-edition.pdf
    • http://www.gorillawalker.com/great-writers-on-organizations.pdf
    • http://www.gorillawalker.com/good-grief-50th-anniversary-edition.pdf
    • http://www.gorillawalker.com/superworm.pdf
    • http://www.gorillawalker.com/mostly-magic.pdf
    • http://www.gorillawalker.com/las-mejores-recetas-de-comidas-para-generar-masa-muscular-para.pdf
    • http://www.gorillawalker.com/couture-the-great-designers.pdf
    • http://www.gorillawalker.com/talmud-yerushalmi-tractate-demai.pdf
    • http://www.gorillawalker.com/vernon-lee-aesthetics-history-victorian-female-intellectual-hardcover.pdf
    • http://www.gorillawalker.com/quantum-jumps-an-extraordinary-science-of-happiness-and-prosperity.pdf
    • http://www.gorillawalker.com/heating-ventilating-air-conditioning-guide-1946-ashve-24th-edition.pdf
    • http://www.gorillawalker.com/cooking-with-the-masterchef-food-for-your-family-friends.pdf
    • http://www.gorillawalker.com/fractions-decimals-percents-grade-5-practice-makes-perfect-teacher-created.pdf
    • http://www.gorillawalker.com/la-provence-2009-square-wall-calendar-multilingual-edition.pdf
    • http://www.gorillawalker.com/sedimentary-geology-international-journal-of-applied-and-regional-sedimentology-1990.pdf
    • http://www.gorillawalker.com/vegetarian-bible.pdf
    • http://www.gorillawalker.com/critical-thinking-skills-developing-effective-analysis-and-argument-palgrave-study.pdf
    • http://www.gorillawalker.com/foundations-of-mems-2nd-edition.pdf
    • http://www.gorillawalker.com/75-explicit-xxx-sex-stories-a-mega-collection-of-erotic.pdf
    • http://www.gorillawalker.com/pesticides-lectures-held-at-the-iupac-3-internat-congress-of.pdf
    • http://www.gorillawalker.com/ethyl-a-history-of-the-corporation-and-the-people-who.pdf
    • http://www.gorillawalker.com/principles-and-practice-of-chromatography-chrom-ed-book-series-kindle.pdf
    • http://www.gorillawalker.com/el-arte-po-tica-spanish-edition.pdf
    • http://www.gorillawalker.com/the-complete-textbook-of-phlebotomy-medical-lab-technician-solutions-to.pdf
    • http://www.gorillawalker.com/daggers-and-fighting-knives-of-the-western-world.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.