Malicious PDF — malware analysis report

Static analysis result for SHA-256 a34837a1846efc06…

MALICIOUS

PDF

44.7 KB Created: 2019-04-08 04:53:23 +03:00 Authoring application: - (via Acrobat Distiller 4.0 for Windows)
MD5: e7fabd878a00a1f4425c357cf6af4252 SHA-1: 7e9c925d2621da47905832602f03796bedac45f5 SHA-256: a34837a1846efc0606dca7d5b1855b81e61962d10636a824636d6e6036b64a79
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged this PDF as malicious. The primary attack pattern appears to be a link farm designed to drive traffic to a specific domain, potentially for SEO manipulation or to host malicious content disguised as legitimate documents.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8600

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/oh-no-gertrude.pdf
    • http://www.gorillawalker.com/contemporary-auditing-real-issues-cases.pdf
    • http://www.gorillawalker.com/a-tale-dark-and-grimm-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/commentary-on-revelation-or-the-apocalypse.pdf
    • http://www.gorillawalker.com/from-9-11-to-the-iraq-war-2003-international-law.pdf
    • http://www.gorillawalker.com/focus-on-phytochemical-pesticides.pdf
    • http://www.gorillawalker.com/how-should-elderly-hypertensive-patients-be-treated-proceedings-of-satellite.pdf
    • http://www.gorillawalker.com/once-upon-a-time-from-east-to-west.pdf
    • http://www.gorillawalker.com/living-with-voices-50-stories-of-recovery.pdf
    • http://www.gorillawalker.com/flipping-cars-for-profit-a-guide-to-tricks-tips-and.pdf
    • http://www.gorillawalker.com/akteure-am-fremden-hof-politische-kommunikation-und-reprasentation-kaiserlicher-gesandter.pdf
    • http://www.gorillawalker.com/diaspo-renga.pdf
    • http://www.gorillawalker.com/switched-currents-an-analogue-technique-for-digital-technology-i-e.pdf
    • http://www.gorillawalker.com/psychology-principles-in-practice-reading-activity-workbook.pdf
    • http://www.gorillawalker.com/more-dreams-alive-prayers-by-teenagers.pdf
    • http://www.gorillawalker.com/presbyopia-therapies-and-further-prospects.pdf
    • http://www.gorillawalker.com/6-romances-op-4-chanson-georgienne-no-4-for-orchestra.pdf
    • http://www.gorillawalker.com/symphony-ii-in-d-op-13-kalmus-edition.pdf
    • http://www.gorillawalker.com/wilderness-survival-living-off-the-land-with-the-clothes-on.pdf
    • http://www.gorillawalker.com/the-viscount-who-loved-me.pdf
    • http://www.gorillawalker.com/cirque-du-freak-3-tunnels-of-blood-book-3-in.pdf
    • http://www.gorillawalker.com/antologia-de-historia-de-san-ramon-150-aniversario-1844-1994.pdf
    • http://www.gorillawalker.com/himachal-pradesh-inside-india.pdf
    • http://www.gorillawalker.com/heart-zones-music-to-boost-vitality.pdf
    • http://www.gorillawalker.com/w23bn-standard-of-excellence-book-3-bassoon.pdf
    • http://www.gorillawalker.com/key-questions-in-rock-mechanics-proceedings-of-the-29th-u.pdf
    • http://www.gorillawalker.com/psychology-from-inquiry-to-understanding-paperback-3rd-edition.pdf
    • http://www.gorillawalker.com/toy-tokyo.pdf
    • http://www.gorillawalker.com/insight-compact-guides-singapore.pdf
    • http://www.gorillawalker.com/spanish-film-under-franco.pdf
    • http://www.gorillawalker.com/building-a-global-learning-organization-using-twi-to-succeed-with.pdf
    • http://www.gorillawalker.com/scoot.pdf
    • http://www.gorillawalker.com/look-closer-suburban-narratives-and-american-values-in-film-and.pdf
    • http://www.gorillawalker.com/virtual-clinical-excursions-3-0-for-foundations-of-maternal-newborn.pdf
    • http://www.gorillawalker.com/pope-john-paul-ii-vatican-city-rome-italy-photo-albums.pdf
    • http://www.gorillawalker.com/the-semiotics-of-animal-representations-nature-culture-and-literature.pdf
    • http://www.gorillawalker.com/michelin-map-no-733-portugal-scale-1-400-000-michelin.pdf
    • http://www.gorillawalker.com/branded-interactions-creating-the-digital-experience.pdf
    • http://www.gorillawalker.com/cape-breton-sydney-diy-city-guide-and-travel-journal-city.pdf
    • http://www.gorillawalker.com/the-evolution-of-the-antorbital-cavity-of-archosaurs-a-study.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.