Malicious PDF — malware analysis report

Static analysis result for SHA-256 a1fc4779a38fa9f8…

MALICIOUS

PDF

42.8 KB Created: 2019-03-17 13:18:56 +03:00 Authoring application: Adobe InDesign CS3 (5.0.2) (via Adobe PDF Library 8.0)
MD5: 5a47f2230cebb4ab6cec2f1fffb58967 SHA-1: 8ef3cdfdc959ae8cb4eae48b1d81b7216e5fbeb4 SHA-256: a1fc4779a38fa9f8737daba58e1e9ec2a823dac1c194b00ab5d62b044c2c93d9
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded external links, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged this PDF as malicious. The primary purpose appears to be directing users to a link farm, likely for SEO manipulation or to serve as a distribution point for further malicious content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/invisible-terror-the-haunting-the-guardian-the-encounter-forbidden-doors.pdf
    • http://www.gorillawalker.com/trends-in-united-states-trade-with-latin-america-and-the.pdf
    • http://www.gorillawalker.com/the-encyclopedia-of-old-fishing-lures-made-in-north-america.pdf
    • http://www.gorillawalker.com/and-37-piece-choir-masaharu-fukuyama-song-i-would-ocp037.pdf
    • http://www.gorillawalker.com/mind-benders-c2.pdf
    • http://www.gorillawalker.com/lonely-planet-sydney-travel-guide.pdf
    • http://www.gorillawalker.com/advanced-intraoperative-technologies-in-neurosurgery.pdf
    • http://www.gorillawalker.com/primal-song-cajun-heat.pdf
    • http://www.gorillawalker.com/becoming-me-becoming-me-by-caitlin-o-connor-diary-of.pdf
    • http://www.gorillawalker.com/medical-education-in-oklahoma-the-university-of-oklahoma-college-of.pdf
    • http://www.gorillawalker.com/utamaro-kitagawa-2-edo-erotic-art-collection-by-yoshikazu-hayashi.pdf
    • http://www.gorillawalker.com/the-dreadful-truth-building-the-railway.pdf
    • http://www.gorillawalker.com/the-extraterrestrial-encyclopedia-an-alphabetical-reference-to-all-life-in.pdf
    • http://www.gorillawalker.com/from-edi-to-electronic-commerce-a-business-initiative.pdf
    • http://www.gorillawalker.com/powerscore-s-lsat-logic-games-game-type-training-volume-1.pdf
    • http://www.gorillawalker.com/face-to-face-with-jesus-christ-apparitions-to-a-modern.pdf
    • http://www.gorillawalker.com/sholem-aleichem-five-short-stories.pdf
    • http://www.gorillawalker.com/the-fate-of-irish-sons.pdf
    • http://www.gorillawalker.com/the-ethics-of-the-colonization-of-mars-principle-of-continuous.pdf
    • http://www.gorillawalker.com/soil-properties-evaluation-from-centrifugal-models-and-field-performance-proceedings.pdf
    • http://www.gorillawalker.com/robotics-and-automation-in-the-food-industry-current-and-future.pdf
    • http://www.gorillawalker.com/auditing-and-financial-management-an-assessment-of-random-audit-a.pdf
    • http://www.gorillawalker.com/restaurant-bar-design.pdf
    • http://www.gorillawalker.com/body-trauma-tv-the-new-hospital-dramas.pdf
    • http://www.gorillawalker.com/romania-french-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/a-soldier-s-life.pdf
    • http://www.gorillawalker.com/metals-properties.pdf
    • http://www.gorillawalker.com/irrational-numbers-carus-mathematical-monographs.pdf
    • http://www.gorillawalker.com/love-maybe.pdf
    • http://www.gorillawalker.com/handbook-for-australia-new-zealand-including-also-the-fiji-islands.pdf
    • http://www.gorillawalker.com/eisenhorn-a-warhammer-40-000-omnibus.pdf
    • http://www.gorillawalker.com/iso-11632-1998-stationary-source-emissions-determination-of-mass-concentration.pdf
    • http://www.gorillawalker.com/key-west-city-slicker.pdf
    • http://www.gorillawalker.com/light-blastoff-readers-first-science-blastoff-readers-level-4.pdf
    • http://www.gorillawalker.com/the-daodejing-of-laozi.pdf
    • http://www.gorillawalker.com/torah-anchors-volume-1.pdf
    • http://www.gorillawalker.com/zack-files-19-the-boy-who-cried-bigfoot.pdf
    • http://www.gorillawalker.com/catalogue-de-luxe-of-the-department-of-fine-arts-panama.pdf
    • http://www.gorillawalker.com/basics-of-keyboard-theory-preparatory-level.pdf
    • http://www.gorillawalker.com/analysis-and-design-practice-of-hydraulic-concrete-structures-2nd-ed.pdf
    • http://www.gorillawalker.com/advanced-intraoperative-technologies-in-neurosurgery
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.