Malicious PDF — malware analysis report

Static analysis result for SHA-256 95d816e9219ce53f…

MALICIOUS

PDF

42.1 KB Created: 2019-04-07 18:02:35 +03:00 Authoring application: FrameMaker 12.0.4 (via Acrobat Distiller 11.0 (Windows))
MD5: 2e020410af823e0304e2e13b16133669 SHA-1: 8cb13d811e121f455f2a78eae3a4cd8b841398fa SHA-256: 95d816e9219ce53ff546488d9c79d39a463069ff7a0d5be8f6139702404c1389
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious File

The PDF was flagged by a critical heuristic for containing a large number of external links, suggesting a link farm or SEO abuse. The ML classifier also indicated a high probability of maliciousness. While no scripts were extracted, the sheer volume of embedded URLs pointing to other PDF documents indicates a likely attempt to distribute content or manipulate search engine rankings, potentially as a lure for further malicious activity.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/atlas-of-surgery-of-the-facial-nerve-kindle-edition.pdf
    • http://www.gorillawalker.com/les-feux-d-automne-french-edition.pdf
    • http://www.gorillawalker.com/speaking-the-truth-in-love.pdf
    • http://www.gorillawalker.com/the-right-spouse-preferential-marriages-in-tamil-nadu.pdf
    • http://www.gorillawalker.com/genesis-37-50-a-commentary.pdf
    • http://www.gorillawalker.com/teaching-student-centered-mathematics-developmentally-appropriate-instruction-for-grades-6.pdf
    • http://www.gorillawalker.com/q-machines-pure-applied-physics.pdf
    • http://www.gorillawalker.com/roger-federer-spirit-of-a-champion.pdf
    • http://www.gorillawalker.com/basic-black-26-edgy-essentials-for-the-modern-wardrobe.pdf
    • http://www.gorillawalker.com/god-owns-my-business.pdf
    • http://www.gorillawalker.com/the-hidden-gender-of-law.pdf
    • http://www.gorillawalker.com/platypuses-australian-animals.pdf
    • http://www.gorillawalker.com/historia-tradiciones-y-leyendas-de-calles-de-mexico-tomo-ii.pdf
    • http://www.gorillawalker.com/vegetarian-s-carnival-a-collection-of-15-very-special-vegetarian.pdf
    • http://www.gorillawalker.com/tom-brady-heart-of-the-huddle-football-s-new-wave.pdf
    • http://www.gorillawalker.com/the-telecommunications-act-1984.pdf
    • http://www.gorillawalker.com/a-cry-from-the-streets-rescuing-brazil-s-forgotten-children.pdf
    • http://www.gorillawalker.com/bausteine-f-r-eine-neue-lernkultur-german-edition.pdf
    • http://www.gorillawalker.com/training-for-rock-climbing-pelham-practical-sports.pdf
    • http://www.gorillawalker.com/cengage-advantage-books-literature-and-the-child.pdf
    • http://www.gorillawalker.com/the-new-orleans-guidebook-a-1920-s-sourcebook-for-the.pdf
    • http://www.gorillawalker.com/principles-of-chemical-sedimentology-mcgraw-hill-international-series-in-the.pdf
    • http://www.gorillawalker.com/istvan-horvath-thomas-5-fantasien-for-guitar-and-soprano-recorder.pdf
    • http://www.gorillawalker.com/the-gettysburg-campaign-a-study-in-command-volume-i.pdf
    • http://www.gorillawalker.com/children-s-interview-for-psychiatric-syndromes-chips.pdf
    • http://www.gorillawalker.com/portland-city-pearl-map-laminated.pdf
    • http://www.gorillawalker.com/brandenburg-concerto-2-bwv-1047.pdf
    • http://www.gorillawalker.com/oahu-and-honolulu-popout-map.pdf
    • http://www.gorillawalker.com/hyena-reaktion-books-animal.pdf
    • http://www.gorillawalker.com/the-swire-travel-encyclopaedia-or-how-to-enjoy-your-home.pdf
    • http://www.gorillawalker.com/an-introduction-to-harmonic-analysis-on-semisimple-lie-groups-cambridge.pdf
    • http://www.gorillawalker.com/come-and-see-el-evangelio-seg-n-san-juan-spanish.pdf
    • http://www.gorillawalker.com/experience-reading-book-1.pdf
    • http://www.gorillawalker.com/the-bully-book-a-novel.pdf
    • http://www.gorillawalker.com/banged-by-the-football-team-public-group-humiliation-story-4.pdf
    • http://www.gorillawalker.com/protection-for-hire-a-novel.pdf
    • http://www.gorillawalker.com/the-gates-of-hell-shall-not-prevail-the-attack-on.pdf
    • http://www.gorillawalker.com/women-law-and-human-rights-an-african-perspective.pdf
    • http://www.gorillawalker.com/submodular-functions-and-optimization-second-edition.pdf
    • http://www.gorillawalker.com/cats-a-very-peculiar-history-153.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.