Malicious PDF — malware analysis report

Static analysis result for SHA-256 939fb682ab1fee9b…

MALICIOUS

PDF

42.5 KB Created: 2018-11-23 21:08:48 +03:00 Authoring application: PScript5.dll Version 5.2.2 (via Acrobat Distiller 5.0.5 (Windows))
MD5: 210dbbd39d4c31f7e3057caa2f067a66 SHA-1: 89946bbd067ba7e6c4964f2cce24748ac12f7e5b SHA-256: 939fb682ab1fee9bc3e3a6ccfc65593f0103ab5a3dbd27832a2df0e1a96ce188
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious File

The PDF file was flagged by a machine learning classifier as malicious and contains a large number of embedded URLs. The heuristic 'PDF_SEO_LINK_FARM' indicates that these URLs are likely part of a link farm, a common tactic for SEO manipulation or distributing malicious payloads. No scripts were extracted, and the document body was not fully parsable, but the sheer volume of external links points to a malicious intent, possibly to direct users to compromised websites or download further malware.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9027

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/procedures-2010-coders-desk-reference.pdf
    • http://www.gorillawalker.com/montana-on-fire-summer-of-2000.pdf
    • http://www.gorillawalker.com/taken-at-the-tennis-club-explicit-mfm-menage.pdf
    • http://www.gorillawalker.com/the-journal-of-olof-eriksson-willman-from-his-voyage-to.pdf
    • http://www.gorillawalker.com/hawk-nelson-letters-to-the-president.pdf
    • http://www.gorillawalker.com/pantone-35-inspirational-color-palletes-pantone.pdf
    • http://www.gorillawalker.com/harry-morgan-s-way-biography-of-sir-henry-morgan-1635.pdf
    • http://www.gorillawalker.com/how-prophets-fail.pdf
    • http://www.gorillawalker.com/patient-education-an-issue-of-nursing-clinics-1e-the-clinics.pdf
    • http://www.gorillawalker.com/kind-awareness-guided-meditations-for-an-inner-revolution.pdf
    • http://www.gorillawalker.com/beautiful-pigs-notecard-set.pdf
    • http://www.gorillawalker.com/robert-e-lee-duty-and-honor-cobblestone-the-civil-war.pdf
    • http://www.gorillawalker.com/how-to-really-love-your-teenager.pdf
    • http://www.gorillawalker.com/pushed-into-submission-part-3.pdf
    • http://www.gorillawalker.com/the-international-encyclopedia-of-physical-chemistry-and-chemical-physics-topic.pdf
    • http://www.gorillawalker.com/moirs-guide-north.pdf
    • http://www.gorillawalker.com/the-campaign-of-trafalgar-1803-1805-caxton-pictorial-histories.pdf
    • http://www.gorillawalker.com/all-england-law-reports-annual-review-1996.pdf
    • http://www.gorillawalker.com/from-the-desert-to-the-book.pdf
    • http://www.gorillawalker.com/italia-detectives-de-viaje-spanish-edition.pdf
    • http://www.gorillawalker.com/the-melting-of-maggie-bean.pdf
    • http://www.gorillawalker.com/hello-fear-kirk-franklin.pdf
    • http://www.gorillawalker.com/government-in-america-people-politics-and-policy-13th-edition.pdf
    • http://www.gorillawalker.com/moving-to-tampa-the-un-tourist-guide-kindle-edition.pdf
    • http://www.gorillawalker.com/toward-psychologies-of-liberation.pdf
    • http://www.gorillawalker.com/the-preceptor-s-handbook-for-supervising-physician-assistants.pdf
    • http://www.gorillawalker.com/firm-abs-flat-tummy-in-only-30-days-pyramid-health.pdf
    • http://www.gorillawalker.com/democracy-in-america-abridged-with-an-introduction-by-michael-kammen.pdf
    • http://www.gorillawalker.com/adoptive-families-my-family.pdf
    • http://www.gorillawalker.com/advances-in-nuclear-science-and-technology-advances-in-cryogenic-engineering.pdf
    • http://www.gorillawalker.com/klaus-zinser-per.pdf
    • http://www.gorillawalker.com/a-manual-of-midwifery-for-midwives-by-fancourt-barnes.pdf
    • http://www.gorillawalker.com/adolescent-psychiatry-v-4-developmental-and-clinical-studies.pdf
    • http://www.gorillawalker.com/2015-2016-managing-contraception-for-your-pocket.pdf
    • http://www.gorillawalker.com/one-hundred-years-of-the-souls-of-black-folk-a.pdf
    • http://www.gorillawalker.com/fundamentals-of-organizational-communication-8th-edition.pdf
    • http://www.gorillawalker.com/mammals-of-europe-status-and-repartition-cartography.pdf
    • http://www.gorillawalker.com/the-singing-thing-a-case-for-congregational-song-g5510.pdf
    • http://www.gorillawalker.com/the-vikings-and-america.pdf
    • http://www.gorillawalker.com/beginning-arimaa-chess-reborn-beyond-computer-comprehension.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.