Malicious PDF — malware analysis report

Static analysis result for SHA-256 a4734bd78f482e8c…

MALICIOUS

PDF

32.6 KB Created: 2019-12-14 00:20:33 +03:00 Authoring application: Microsoft Word (via Acrobat PDFWriter 4.05 for Windows NT)
MD5: 42aa8d0fbd14631ea1236a256bbbc27e SHA-1: b5c3520b602403c3d56b16f4bd15e934a02b8ae4 SHA-256: a4734bd78f482e8cf31e2de3e0f825a16b3d080614cd75418be50ece39e091d7
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF file was flagged by a machine learning classifier and contains a large number of embedded links to external PDF files, indicating a potential link farm or distribution mechanism. The primary heuristic indicates a 'PDF_SEO_LINK_FARM' which suggests the document's purpose is to manipulate search engine results or distribute other content via these links. While no scripts were extracted, the sheer volume of links points to a malicious intent, likely to redirect users to malicious sites or download further payloads.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8529

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/e-study-guide-for-structural-geology-of-rocks-and-regions.pdf
    • http://www.gorillawalker.com/cuba-the-land-of-miracles-a-journey-through-modern-cuba.pdf
    • http://www.gorillawalker.com/economia-entre-la-ciencia-y-el-poder-libros-de-cambio.pdf
    • http://www.gorillawalker.com/chinglish-tcg-edition.pdf
    • http://www.gorillawalker.com/electronic-noses-sensors-for-the-detection-of-explosives-nato-science.pdf
    • http://www.gorillawalker.com/the-adventures-of-jane-stalwart-book-1-the-rebels-of.pdf
    • http://www.gorillawalker.com/you-wouldn-t-want-to-be-a-crusader-a-war.pdf
    • http://www.gorillawalker.com/comprehensive-curriculum-of-basic-skills-preschool.pdf
    • http://www.gorillawalker.com/my-life-based-on-the-book-gifted-hands.pdf
    • http://www.gorillawalker.com/staging-intercultural-ireland-new-plays-and-practitioner-perspectives.pdf
    • http://www.gorillawalker.com/hockey-sobre-hielo-ice-hockey-deportes-action-sports-spanish-edition.pdf
    • http://www.gorillawalker.com/the-best-of-hook-bullet.pdf
    • http://www.gorillawalker.com/public-housing-myths-perception-reality-and-social-policy.pdf
    • http://www.gorillawalker.com/labor-in-the-global-digital-economy-the-cybertariat-comes-of.pdf
    • http://www.gorillawalker.com/introduction-to-cosmology.pdf
    • http://www.gorillawalker.com/the-spirit-sets-us-free-confirmation-preparation-for-youth.pdf
    • http://www.gorillawalker.com/kaplan-8-practice-tests-for-the-new-sat-2016-kaplan.pdf
    • http://www.gorillawalker.com/copyright-examples-explanations.pdf
    • http://www.gorillawalker.com/in-fine-style-the-dancehall-art-of-wilfred-limonious.pdf
    • http://www.gorillawalker.com/in-a-queer-time-and-place-transgender-bodies-subcultural-lives.pdf
    • http://www.gorillawalker.com/genghis-khan-life-death-and-resurrection.pdf
    • http://www.gorillawalker.com/if-not-for-love-kindle-edition.pdf
    • http://www.gorillawalker.com/naruto-vol-63-world-of-dreams.pdf
    • http://www.gorillawalker.com/reds-at-the-blackboard-communism-civil-rights-and-the-new.pdf
    • http://www.gorillawalker.com/computers-and-chaos-amiga-edition.pdf
    • http://www.gorillawalker.com/busted-the-rise-and-fall-of-art-schlichter.pdf
    • http://www.gorillawalker.com/the-mars-mystery-the-secret-connection-between-earth-and-the.pdf
    • http://www.gorillawalker.com/how-to-draw-maps-and-charts-young-artist.pdf
    • http://www.gorillawalker.com/the-fascinating-world-of-the-sea-circling-the-globe-for.pdf
    • http://www.gorillawalker.com/meditations-in-green.pdf
    • http://www.gorillawalker.com/made-to-order-wife-harlequin-comics.pdf
    • http://www.gorillawalker.com/dna-of-the-gods-the-anunnaki-creation-of-eve-and.pdf
    • http://www.gorillawalker.com/cuckold-watching-my-wife-with-a-younger-man-husband-cuckolded.pdf
    • http://www.gorillawalker.com/chicks-and-balances-chicks-in-chainmail.pdf
    • http://www.gorillawalker.com/wilder-than-the-rest-maclarens-of-fire-mountain-volume-6.pdf
    • http://www.gorillawalker.com/the-summa-theologica-of-st-thomas-aquinas-five-volumes.pdf
    • http://www.gorillawalker.com/the-routledge-companion-to-translation-studies-routledge-companions.pdf
    • http://www.gorillawalker.com/the-pin-up-art-of-jay-scott-pike-hardcover-ed.pdf
    • http://www.gorillawalker.com/linguistic-profiles-going-from-form-to-meaning-via-statistics-cognitive.pdf
    • http://www.gorillawalker.com/a-father-s-memories-to-his-child.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.