Malicious PDF — malware analysis report

Static analysis result for SHA-256 a34f0d9519c1441a…

MALICIOUS

PDF

41.7 KB Created: 2019-03-17 10:59:02 +03:00 Authoring application: - (via Acrobat Distiller 15.0 (Windows))
MD5: 3526d25691a22041f9f8616de7c2e00d SHA-1: af04c1b92b75ba1b81bf0682efbb8dc32a80ed40 SHA-256: a34f0d9519c1441a112452a080fab2ce1871e79a854377585c04bf27d615e451
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links to external websites, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged this PDF as malicious. The document body is heavily obfuscated and does not provide clear user-facing text, but the sheer volume of links suggests a malicious intent, possibly for SEO manipulation or to redirect users to malicious content hosted on the linked domains.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9027

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-triathlete-s-training-guide-a-complete-toolkit-with-workouts.pdf
    • http://www.gorillawalker.com/profiting-from-teespring-a-simple-guide-to-making-money-with.pdf
    • http://www.gorillawalker.com/workaholics-mad-libs-adult-mad-libs.pdf
    • http://www.gorillawalker.com/culture-clash.pdf
    • http://www.gorillawalker.com/refinery-process-modeling.pdf
    • http://www.gorillawalker.com/the-erotica-megabundle-eight-stories-of-billionaires-threesomes-humiliation-and.pdf
    • http://www.gorillawalker.com/a-new-approach-for-modeling-of-residential-energy-consumption-a.pdf
    • http://www.gorillawalker.com/advances-in-treatment-of-bipolar-disorders.pdf
    • http://www.gorillawalker.com/boat-ship-building-ultimate-library-on-cd-26-books-homemade.pdf
    • http://www.gorillawalker.com/seduced-by-the-billionaire-s-wife-first-time-lesbian-erotica.pdf
    • http://www.gorillawalker.com/nine-2003-edition-vocal-selections-piano-series.pdf
    • http://www.gorillawalker.com/man-in-marxist-theory-and-the-psychology-of-personality-marxist.pdf
    • http://www.gorillawalker.com/the-multivitamin-lie-how-and-why-you-only-need-food.pdf
    • http://www.gorillawalker.com/the-mis-education-of-the-negro-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/dan-kiley-landscapes-the-poetry-of-space.pdf
    • http://www.gorillawalker.com/yo-decido-spanish-edition.pdf
    • http://www.gorillawalker.com/case-studies-in-japanese-management.pdf
    • http://www.gorillawalker.com/the-invisible-hand-do-all-things-really-work-for-good.pdf
    • http://www.gorillawalker.com/ftce-general-knowledge-test-secrets-study-guide-ftce-exam-review.pdf
    • http://www.gorillawalker.com/a-grain-of-wheat-african-writers-series.pdf
    • http://www.gorillawalker.com/seedlings-penguins.pdf
    • http://www.gorillawalker.com/material-stone.pdf
    • http://www.gorillawalker.com/l-argent-money.pdf
    • http://www.gorillawalker.com/reclaiming-sodom.pdf
    • http://www.gorillawalker.com/stop-forgetting.pdf
    • http://www.gorillawalker.com/revolution-in-poetic-language-european-perspectives-series.pdf
    • http://www.gorillawalker.com/club-56-activity-zone-galatians-order-one-per-student-paperback.pdf
    • http://www.gorillawalker.com/moon-called-mercy-thompson-book-1-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/to-love-honor-and-perish-squeaky-clean-mysteries.pdf
    • http://www.gorillawalker.com/management-of-disease-in-wild-mammals.pdf
    • http://www.gorillawalker.com/the-real-story-of-the-creation.pdf
    • http://www.gorillawalker.com/wanted-virgin-bride.pdf
    • http://www.gorillawalker.com/black-fairy-tales.pdf
    • http://www.gorillawalker.com/priests-of-the-celestial-sun-fading-suns-rpg.pdf
    • http://www.gorillawalker.com/the-new-entrepreneurs-making-a-living-making-a-life-through.pdf
    • http://www.gorillawalker.com/unterwerfung-am-fkk-strand-gay-german-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/myth-identity-and-conflict-a-comparative-analysis-of-romanian-and.pdf
    • http://www.gorillawalker.com/the-hundred-years-war.pdf
    • http://www.gorillawalker.com/how-to-get-every-contract-calculation-question-right-on-the.pdf
    • http://www.gorillawalker.com/treasury-of-christmas-stories.pdf
    • http://www.gorillawalker.com/the-erotica-megabundle-eight-stories-of-billionaires-threesomes-hu
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.