Malicious PDF — malware analysis report

Static analysis result for SHA-256 a43aa03f7d1a3d45…

MALICIOUS

PDF

34.4 KB Created: 2020-02-20 04:50:51 +03:00 Authoring application: PScript5.dll Version 5.2 (via Acrobat Distiller 5.0 (Windows))
MD5: 45af5621c22414d666b6765d2ee2ffea SHA-1: 897bbd77bb98a82a41a94d6adfb5153e1e93aa31 SHA-256: a43aa03f7d1a3d4521cad4fde5e9c63cf4f1c353e356146de93cc3c3a5717de7
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF was flagged by a machine learning classifier and contains a large number of embedded URLs pointing to other PDF files on the same domain. This suggests a link farm or a method to distribute further malicious content. The primary attack pattern is to redirect users to a large collection of external PDF documents, likely for SEO manipulation or to host further malicious payloads.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8255

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/aurora-awakening.pdf
    • http://www.gorillawalker.com/here-is-alaska-a-world-background-book.pdf
    • http://www.gorillawalker.com/the-groovy-green-kitchen-weeknight-veggie-slow-cooker-comfort-main.pdf
    • http://www.gorillawalker.com/gis-applications-for-water-wastewater-and-stormwater-systems.pdf
    • http://www.gorillawalker.com/philosophy-of-modern-music-athlone-contemporary-european-thinkers.pdf
    • http://www.gorillawalker.com/bad-samaritans-the-guilty-secrets-of-rich-nations-and-the.pdf
    • http://www.gorillawalker.com/the-coming-of-god-christian-eschatology.pdf
    • http://www.gorillawalker.com/the-devil-that-danced-on-the-water-a-daughter-s.pdf
    • http://www.gorillawalker.com/cakes-le-cordon-bleu-home-collection.pdf
    • http://www.gorillawalker.com/phrases-that-sell-the-ultimate-phrase-finder-to-help-you.pdf
    • http://www.gorillawalker.com/burnon-l-mcdaniel-petitioner-v-union-tank-car-company-u.pdf
    • http://www.gorillawalker.com/advanced-topics-on-radiosensitizers-of-hypoxic-cells-basic-life-sciences.pdf
    • http://www.gorillawalker.com/life-the-science-of-biology-vol-3-plants-and-animals.pdf
    • http://www.gorillawalker.com/senior-index-clerk-passbooks-career-examination.pdf
    • http://www.gorillawalker.com/mayo-healthquest-guide-to-self-care.pdf
    • http://www.gorillawalker.com/canadian-bicycle-tours-twelve-breathtaking-tours-through-quebec-ontario-newfoundland.pdf
    • http://www.gorillawalker.com/anales-de-la-sociedad-espanola-v7-de-historia-natural-1899.pdf
    • http://www.gorillawalker.com/aspects-of-the-novel.pdf
    • http://www.gorillawalker.com/tobey-maguire-high-interest-books.pdf
    • http://www.gorillawalker.com/historical-dictionary-of-ethiopia-historical-dictionaries-of-africa.pdf
    • http://www.gorillawalker.com/lawrence-of-arabia-s-clouds-hill.pdf
    • http://www.gorillawalker.com/the-handbook-of-pragmatics.pdf
    • http://www.gorillawalker.com/the-maccabean-martyrs-as-saviours-of-the-jewish-people-a.pdf
    • http://www.gorillawalker.com/sistemas-de-produccion-production-systems-planeacion-analisis-y-control-planning.pdf
    • http://www.gorillawalker.com/basic-legal-writing-for-paralegals-fourth-edition-aspen-college.pdf
    • http://www.gorillawalker.com/contemporary-british-theatre-breaking-new-ground.pdf
    • http://www.gorillawalker.com/superb-thai-red-curry-rice-and-14-other-quick-and.pdf
    • http://www.gorillawalker.com/pearls-and-pitfalls-in-head-and-neck-and-neuroimaging-variants.pdf
    • http://www.gorillawalker.com/civil-engineering-supervision-and-management.pdf
    • http://www.gorillawalker.com/mix-and-match-word-games.pdf
    • http://www.gorillawalker.com/the-let-s-jam-book-guitar-with-cd-audio-and.pdf
    • http://www.gorillawalker.com/fundamentals-of-nonlinear-digital-filtering-electronic-engineering-systems.pdf
    • http://www.gorillawalker.com/extraterrestrial-archaeology-new-revised-edition.pdf
    • http://www.gorillawalker.com/grace-works.pdf
    • http://www.gorillawalker.com/a-change-of-heart-a-harmony-novel.pdf
    • http://www.gorillawalker.com/oxford-read-imagine-3-activity-book-high-water.pdf
    • http://www.gorillawalker.com/mosby-s-dental-hygiene-by-daniel-rdh-bs-d-a.pdf
    • http://www.gorillawalker.com/inhabited-wilderness-indians-eskimos-and-national-parks-in-alaska-new.pdf
    • http://www.gorillawalker.com/max-weber-s-comparative-historical-sociology-today-major-themes-mode.pdf
    • http://www.gorillawalker.com/derashot-ledorot-genesis-a-commentary-for-the-ages-genesis.pdf
    • http://www.gorillawalker.com/burnon-l-m
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.