Malicious PDF — malware analysis report

Static analysis result for SHA-256 9ffe381d62f8952a…

MALICIOUS

PDF

39.9 KB Created: 2019-03-17 05:56:06 +03:00 Authoring application: Adobe InDesign CS2 (4.0) (via Adobe PDF Library 7.0)
MD5: 1366fd5a50ccf39dfc84d91489069944 SHA-1: beac85e10c66050ba2f8d7b5c23a2c8625ad3f56 SHA-256: 9ffe381d62f8952af8c89cc2972f4c0c3558e887d8e5c9cb4088f2ed821161bd
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious File

The PDF file was flagged by a machine learning classifier as malicious and contains a large number of external links to other PDF files hosted on the same domain. This behavior is indicative of a link farm, likely intended for SEO manipulation or to serve as a distribution point for further malicious content. No scripts were extracted, and the document body was heavily obfuscated, limiting further analysis of the specific lure.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/josefina-3-book-boxed-set.pdf
    • http://www.gorillawalker.com/how-soccer-works-how-sports-work.pdf
    • http://www.gorillawalker.com/the-games-of-poetics-ludic-criticism-and-postmodern-fiction-american.pdf
    • http://www.gorillawalker.com/slick-as-a-mitten-ezra-meeker-s-klondike-enterprise.pdf
    • http://www.gorillawalker.com/backcountry-skiing-adventures-maine-and-new-hampshire-classic-ski-and.pdf
    • http://www.gorillawalker.com/membrane-trafficking-second-edition-methods-in-molecular-biology.pdf
    • http://www.gorillawalker.com/the-law-of-us-work-visas.pdf
    • http://www.gorillawalker.com/finding-true-magic-transpersonal-hypnosis-and-hypnotherapy-nlp-kindle-edition.pdf
    • http://www.gorillawalker.com/vivaldi-concerto-no-1-in-d-op-3-no-9.pdf
    • http://www.gorillawalker.com/the-essays-francis-bacon.pdf
    • http://www.gorillawalker.com/condoleezza-rice-journey-to-freedom-child-s-world.pdf
    • http://www.gorillawalker.com/numerical-methods-for-nonlinear-optimization.pdf
    • http://www.gorillawalker.com/the-devil-s-moon-brighton-series.pdf
    • http://www.gorillawalker.com/conquering-pain-the-art-of-healing-with-biomagnetism.pdf
    • http://www.gorillawalker.com/the-art-of-mob-control-how-i-almost-learned-to.pdf
    • http://www.gorillawalker.com/ready-to-sing-hymns-and-gospel-songs.pdf
    • http://www.gorillawalker.com/ketek-new-and-approved-an-article-from-family-practice-news.pdf
    • http://www.gorillawalker.com/black-london-the-imperial-metropolis-and-decolonization-in-the-twentieth.pdf
    • http://www.gorillawalker.com/finding-your-management-style-what-it-means-to-you-and.pdf
    • http://www.gorillawalker.com/my-brave-highlander-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/the-outlaws-of-medieval-legend.pdf
    • http://www.gorillawalker.com/crag-survival-handbook-the-unspoken-rules-of-climbing.pdf
    • http://www.gorillawalker.com/telephoning-in-english-audio-cd-cambridge-professional-english.pdf
    • http://www.gorillawalker.com/the-beats-a-literary-reference-paperback.pdf
    • http://www.gorillawalker.com/transportation-in-my-neighborhood.pdf
    • http://www.gorillawalker.com/the-classification-of-obligations-sptl-seminar-series.pdf
    • http://www.gorillawalker.com/the-life-of-james-mcneill-whistler.pdf
    • http://www.gorillawalker.com/business-mathematics-8th-edition.pdf
    • http://www.gorillawalker.com/whitewater-home-companion-southeastern-rivers.pdf
    • http://www.gorillawalker.com/extreme-running.pdf
    • http://www.gorillawalker.com/the-beaver-its-life-and-impact-second-edition.pdf
    • http://www.gorillawalker.com/paradise-of-lead-trilogy-kindle-edition.pdf
    • http://www.gorillawalker.com/fully-engaged-missional-church-in-an-anabaptist-voice.pdf
    • http://www.gorillawalker.com/canoecraft-an-illustrated-guide-to-fine-woodstrip-construction.pdf
    • http://www.gorillawalker.com/the-chamber-music-of-brahms-the-musical-pilgrim-series.pdf
    • http://www.gorillawalker.com/gem-trails-of-northern-california.pdf
    • http://www.gorillawalker.com/tribal-body-art-tattoos-temporary-tattoos-paperback-common.pdf
    • http://www.gorillawalker.com/travis-alluring-indulgence-book-3-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/financial-accounting-theory-6th-edition.pdf
    • http://www.gorillawalker.com/a-picture-book-of-amelia-earhart-picture-book-biographies.pdf
    • http://www.gorillawalker.com/f
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.