Malicious PDF — malware analysis report

Static analysis result for SHA-256 9ecb35a05ca52466…

MALICIOUS

PDF

44.2 KB Created: 2018-12-15 20:02:08 +03:00 Authoring application: Adobe InDesign CS5 (7.0.3) (via Adobe PDF Library 9.9)
MD5: 047d913e1fba39d8e542a6492c331f9a SHA-1: 4b08bab0ef27a35549f4e87485198d9bf9caf04b SHA-256: 9ecb35a05ca52466a893123ac72da7d4e678ab3eb9137b2f1c4d03eadbec4be8
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged this PDF as malicious. The primary attack pattern appears to be SEO manipulation or hosting a link farm to distribute potentially malicious content, rather than a direct user-facing lure within the document body itself.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8439

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/low-back-pain-a-self-care-guide.pdf
    • http://www.gorillawalker.com/beautiful-province-yale-drama-series-paperback.pdf
    • http://www.gorillawalker.com/beginning-perl-for-bioinformatics.pdf
    • http://www.gorillawalker.com/egypt-the-sudan-lonely-planet-egypt.pdf
    • http://www.gorillawalker.com/lo-sobrenatural-lo-que-la-b-blia-tiene-que-decir.pdf
    • http://www.gorillawalker.com/the-50-best-low-salt-recipes-tasty-fresh-and-easy.pdf
    • http://www.gorillawalker.com/betrayal-the-betrayal-the-secret-the-burning-fear-street-saga.pdf
    • http://www.gorillawalker.com/crunchtime-lessons-to-help-students-blow-the-roof-off-writing.pdf
    • http://www.gorillawalker.com/examination-of-histology-and-embryology-guide.pdf
    • http://www.gorillawalker.com/frank-wood-s-business-accounting-volume-2.pdf
    • http://www.gorillawalker.com/the-nature-of-design-ecology-culture-and-human-intention.pdf
    • http://www.gorillawalker.com/environmental-apocalypse-in-science-and-art-designing-nightmares.pdf
    • http://www.gorillawalker.com/kegley-s-virginia-frontier-the-beginning-of-the-southwest-the.pdf
    • http://www.gorillawalker.com/online-collaborative-learning-theory-and-practice.pdf
    • http://www.gorillawalker.com/dead-and-gone-an-inspector-luke-thanet-novel-inspector-thanet.pdf
    • http://www.gorillawalker.com/saxon-phonics-1-homeschool-teaching-tools-first-edition.pdf
    • http://www.gorillawalker.com/the-new-successful-coin-hunting.pdf
    • http://www.gorillawalker.com/the-image-taker-the-selected-stories-and-photographs-of-edward.pdf
    • http://www.gorillawalker.com/italian-iv-comprehensive-learn-to-speak-and-understand-italian-with.pdf
    • http://www.gorillawalker.com/child-law-children-s-rights-and-collective-obligations.pdf
    • http://www.gorillawalker.com/chicken-soup-for-the-soul-presents-the-fearless-flightkit-the.pdf
    • http://www.gorillawalker.com/all-in-a-thought-between-ignorance-and-enlightenment.pdf
    • http://www.gorillawalker.com/graphis-typography-2-v-2.pdf
    • http://www.gorillawalker.com/foundations-readings-in-pre-confederation-canadian-history-vol-1-2nd.pdf
    • http://www.gorillawalker.com/alfred-just-for-fun-swing-jazz-banjo-book.pdf
    • http://www.gorillawalker.com/milk-food-heinemann-hardcover.pdf
    • http://www.gorillawalker.com/dumbth-the-lost-art-of-thinking-with-101-ways-to.pdf
    • http://www.gorillawalker.com/in-fed-we-trust-ben-bernanke-s-war-on-the.pdf
    • http://www.gorillawalker.com/the-secret-is-out-true-spy-stories.pdf
    • http://www.gorillawalker.com/breaking-seas-an-overweight-middle-aged-computer-nerd-buys-his.pdf
    • http://www.gorillawalker.com/soil-physics-and-management.pdf
    • http://www.gorillawalker.com/the-merchant-u-boat-adventures-of-the-deutschland-1916-1918.pdf
    • http://www.gorillawalker.com/german-for-singers-a-textbook-of-diction-and-phonetics-second.pdf
    • http://www.gorillawalker.com/i-see.pdf
    • http://www.gorillawalker.com/the-polynesian-tattoo-handbook.pdf
    • http://www.gorillawalker.com/camino-oral.pdf
    • http://www.gorillawalker.com/the-reverse-mortgage-advantage-the-tax-free-house-rich-way.pdf
    • http://www.gorillawalker.com/english-legal-system-concentrate.pdf
    • http://www.gorillawalker.com/horsewomen-2015-wall-calendar.pdf
    • http://www.gorillawalker.com/lithography-iste-hardcover-2010-author-stefan-landis.pdf
    • http://www.gorillawalker.com/betrayal-the-betrayal-the-secret-the-burning-fear-
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.