Malicious PDF — malware analysis report

Static analysis result for SHA-256 a2499f4ecb3789fb…

MALICIOUS

PDF

42.5 KB Created: 2018-11-26 20:12:11 +03:00 Authoring application: - (via Acrobat Distiller 7.0 (Windows))
MD5: 9d507816f5976fdde9b231a3ccdc41da SHA-1: 13578bb0a5df1b06e3d147f73397d54e278464bc SHA-256: a2499f4ecb3789fbf8bfaa9cedf419d0f33cc81616b64b7a5fb0596af10954c7
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded URLs pointing to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged this PDF as malicious. The primary attack pattern appears to be a link farm designed to drive traffic or distribute additional malicious content through these external links.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9027

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/starbase-human-a-retrieval-artist-universe-novel-book-seven-of.pdf
    • http://www.gorillawalker.com/who-was-thomas-alva-edison-who-was-pb.pdf
    • http://www.gorillawalker.com/pursuing-the-text-jsot-supplement.pdf
    • http://www.gorillawalker.com/past-continuous-tusk-ivories.pdf
    • http://www.gorillawalker.com/relational-justice-repairing-the-breach-revised-edition.pdf
    • http://www.gorillawalker.com/quantum-chemistry-workbook-basic-concepts-and-procedures-in-the-theory.pdf
    • http://www.gorillawalker.com/automotive-electricity-and-electronics.pdf
    • http://www.gorillawalker.com/solar-air-heater-mounts-on-any-sunny-wall-turning-solar.pdf
    • http://www.gorillawalker.com/gooseberry-patch-cookbook-memory-album-leisure-arts-3371.pdf
    • http://www.gorillawalker.com/introduction-to-geographic-information-systems-with-data-set-cd-rom.pdf
    • http://www.gorillawalker.com/jeremiah-lamentations-understanding-the-bible-commentary-series.pdf
    • http://www.gorillawalker.com/forging-environmentalism-justice-livelihood-and-contested-environments.pdf
    • http://www.gorillawalker.com/a-handbook-of-knots-and-knot-tying.pdf
    • http://www.gorillawalker.com/a-dozen-dozens-easy-to-read-viking.pdf
    • http://www.gorillawalker.com/the-kill-off.pdf
    • http://www.gorillawalker.com/devendra-banhart-i-left-my-noodle-on-ramen-street-drawings.pdf
    • http://www.gorillawalker.com/101-plus-size-women-s-clothing-tips-lifetips-books-paperback.pdf
    • http://www.gorillawalker.com/protein-engineering.pdf
    • http://www.gorillawalker.com/tango-in-madeira-a-dance-of-life-love-and-death.pdf
    • http://www.gorillawalker.com/narrative-of-a-captivity-among-the-mohawk-indians-and-a.pdf
    • http://www.gorillawalker.com/arnold-o-beckman-one-hundred-years-of-excellence-chemical-heritage.pdf
    • http://www.gorillawalker.com/selected-stories.pdf
    • http://www.gorillawalker.com/dancing-shoes-the-shoe-books.pdf
    • http://www.gorillawalker.com/marche-h-ro-que-in-e-flat-major-op-34.pdf
    • http://www.gorillawalker.com/intentional-disciplemaking-cultivating-spiritual-maturity-in-the-local-church.pdf
    • http://www.gorillawalker.com/nobody-s-angel-hard-case-crime-book-65.pdf
    • http://www.gorillawalker.com/keith-haring-31-subway-drawings.pdf
    • http://www.gorillawalker.com/of-beards-and-men-the-revealing-history-of-facial-hair.pdf
    • http://www.gorillawalker.com/for-home-and-country-a-civil-war-scrapbook-young-reader.pdf
    • http://www.gorillawalker.com/don-juan-spanish-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/bolero-piano-solo.pdf
    • http://www.gorillawalker.com/a-conception-of-teaching.pdf
    • http://www.gorillawalker.com/history-as-therapy-alternative-history-and-nationalist-imaginings-in-russia.pdf
    • http://www.gorillawalker.com/cool-african-cooking-fun-and-tasty-recipes-for-kids-cool.pdf
    • http://www.gorillawalker.com/concerto-in-b-flat-for-bassoon-strings-and-basso-continuo.pdf
    • http://www.gorillawalker.com/the-economics-of-discrimination-economic-research-studies.pdf
    • http://www.gorillawalker.com/a-squirrel-s-story-a-true-tale.pdf
    • http://www.gorillawalker.com/shadow-children-boxed-set-among-the-hidden-among-the-impostors.pdf
    • http://www.gorillawalker.com/mr-pusskins-and-little-whiskers-another-love-story.pdf
    • http://www.gorillawalker.com/intellectual-property-patents-trademarks-and-copyrights.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.