Malicious PDF — malware analysis report

Static analysis result for SHA-256 a3650c2486393c25…

MALICIOUS

PDF

46.0 KB Created: 2018-11-30 20:02:36 +03:00 Authoring application: QuarkXPress: pictwpstops filter 1.0 (via Acrobat Distiller 6.0 for Macintosh)
MD5: 960e680701dcb851f80768343d409018 SHA-1: 74b41732e2025b80a6846ec866a693cd90eac924 SHA-256: a3650c2486393c25c3f3f7144fb12cdd50fbf48f4be1339d24acf01a30baad90
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged this PDF as malicious. The primary attack pattern appears to be SEO manipulation or a link farm designed to direct users to a high volume of content on a single domain, potentially for distributing malware or phishing. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8634

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/disturbing-the-universe-power-and-repression-in-adolescent-literature.pdf
    • http://www.gorillawalker.com/werner-herzog-of-walking-in-ice-munich-paris-23-november.pdf
    • http://www.gorillawalker.com/genius-genes-how-asperger-talents-changed-the-world.pdf
    • http://www.gorillawalker.com/farm-animal-behaviour-and-welfare.pdf
    • http://www.gorillawalker.com/nist-sp-800-44-guidelines-on-securing-public-web-servers.pdf
    • http://www.gorillawalker.com/how-hearing-loss-impacts-relationships-motivating-your-loved-one.pdf
    • http://www.gorillawalker.com/the-middle-works-of-john-dewey-volume-2-1899-1924.pdf
    • http://www.gorillawalker.com/tomart-s-4th-edition-disneyana-guide-to-pin-trading.pdf
    • http://www.gorillawalker.com/lunch-boxes-vinyl-plastic.pdf
    • http://www.gorillawalker.com/pharmacology-made-insanely-easy-3th-third-edition.pdf
    • http://www.gorillawalker.com/metabolism-of-sulfur-compounds-volume-vii.pdf
    • http://www.gorillawalker.com/a-photographic-view-of-crime-and-punishment-past-in-pictures.pdf
    • http://www.gorillawalker.com/vine-s-concise-dictionary-of-the-bible.pdf
    • http://www.gorillawalker.com/geography-and-geographers-6th-edition-anglo-american-human-geography-since.pdf
    • http://www.gorillawalker.com/my-t-girl-a-transgender-story-of-love.pdf
    • http://www.gorillawalker.com/one-piece-dition-originale-tome-69-french-edition.pdf
    • http://www.gorillawalker.com/creative-nursing-leadership-management.pdf
    • http://www.gorillawalker.com/respiratory-physiology-the-essentials-respiratory-physiology-the-essentials-west.pdf
    • http://www.gorillawalker.com/graphic-guide-to-frame-construction-completely-revised-and-updated-revised.pdf
    • http://www.gorillawalker.com/sugarmill.pdf
    • http://www.gorillawalker.com/herbal-tea-your-practical-guide-to-herbal-tea-remedies-for.pdf
    • http://www.gorillawalker.com/mac-for-dummies-with-mac-os-x-terminal-cheatsheet.pdf
    • http://www.gorillawalker.com/the-theory-of-good-and-evil-a-treatise-on-moral.pdf
    • http://www.gorillawalker.com/monkey-island.pdf
    • http://www.gorillawalker.com/finite-mathematics-for-business-economics-life-sciences-and-social-sciences.pdf
    • http://www.gorillawalker.com/the-dinosaur-dealers-mission-to-uncover-international-fossil-smuggling.pdf
    • http://www.gorillawalker.com/handbook-of-clinical-techniques-in-pediatric-dentistry-digital.pdf
    • http://www.gorillawalker.com/marvel-s-ant-man-the-amazing-adventures-of-ant-man.pdf
    • http://www.gorillawalker.com/the-rough-guide-to-the-usa.pdf
    • http://www.gorillawalker.com/finance-and-economics-discussion-series-does-the-community-reinvestment-act.pdf
    • http://www.gorillawalker.com/ancient-irish-tales.pdf
    • http://www.gorillawalker.com/financial-commercial-and-mortgage-mathematics-and-their-applications-revised-and.pdf
    • http://www.gorillawalker.com/the-simple-guide-to-judgment-recovery-texas-edition-don-t.pdf
    • http://www.gorillawalker.com/natural-gas-vehicles-vehicle-operations-pt-4-utilization-procedures.pdf
    • http://www.gorillawalker.com/sniper-play-1-g6-bg7-and-c5-everyman-chess-paperback.pdf
    • http://www.gorillawalker.com/nystce-atas-assessment-of-teaching-assistant-skills-095.pdf
    • http://www.gorillawalker.com/general-relativity-cosmology-2nd-edition.pdf
    • http://www.gorillawalker.com/cinco-d-as-en-londres-mayo-de-1940-churchill-solo.pdf
    • http://www.gorillawalker.com/small-animal-ophthalmology-a-problem-oriented-approach-a-saunders-veterinary.pdf
    • http://www.gorillawalker.com/jehovah-jesus-the-oneness-of-god.pdf
    • http://www.gorillawalker.com/how-hearing-loss-impacts-relations
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.