Malicious PDF — malware analysis report

Static analysis result for SHA-256 a52799b7d155478c…

MALICIOUS

PDF

41.3 KB Created: 2019-04-11 16:13:50 +03:00 Authoring application: - (via ProcessText Group)
MD5: 5ecd0d1635f5922a117dba0f057cebcf SHA-1: caa12838882636e9b315381efaef79ff114193ec SHA-256: a52799b7d155478c75c52131f013e308b346d143c91a963ec5da070a82fefd40
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged this document as malicious. The primary attack pattern appears to be a link farm designed to direct users to a high volume of content on a single domain, potentially for SEO manipulation or to serve as a distribution point for further malicious payloads.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8872

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-boxer-s-heart-lessons-from-the-ring.pdf
    • http://www.gorillawalker.com/couscous-fresh-and-flavorful-contemporary-recipes.pdf
    • http://www.gorillawalker.com/trauma-case-studies-for-the-paramedic.pdf
    • http://www.gorillawalker.com/buried-in-the-bitter-waters-the-hidden-history-of-racial.pdf
    • http://www.gorillawalker.com/making-music-in-the-arab-world-the-culture-and-artistry.pdf
    • http://www.gorillawalker.com/the-planar-head-workbook-kindle-edition.pdf
    • http://www.gorillawalker.com/wordpress-ultimate-beginner-s-guide-to-creating-your-own-website.pdf
    • http://www.gorillawalker.com/john-henry-newman.pdf
    • http://www.gorillawalker.com/yokohama-gaijin-memoir-of-a-foreigner-born-in-japan.pdf
    • http://www.gorillawalker.com/brainsteering-a-better-approach-to-breakthrough-ideas.pdf
    • http://www.gorillawalker.com/el-clan-inugami-the-inugami-clan-bestsellers-spanish-edition.pdf
    • http://www.gorillawalker.com/the-hunt-barcelona-hunt-guides.pdf
    • http://www.gorillawalker.com/blood-n-thunder-2013-14-special-edition.pdf
    • http://www.gorillawalker.com/left-for-dead-a-young-man-s-search-for-justice.pdf
    • http://www.gorillawalker.com/moral-rights-in-the-workplace.pdf
    • http://www.gorillawalker.com/paul-feeley-1957-1962.pdf
    • http://www.gorillawalker.com/a2-french-flash-revise-cards-french-edition.pdf
    • http://www.gorillawalker.com/the-prairie-people-forgotten-anabaptists.pdf
    • http://www.gorillawalker.com/la-gu-a-esencial-para-la-sanidad-equipe-a-todo.pdf
    • http://www.gorillawalker.com/get-with-it-girls-life-is-competition.pdf
    • http://www.gorillawalker.com/my-happy-heart-sweet-hearts.pdf
    • http://www.gorillawalker.com/tractatus-hierographicus-or-a-treatise-of-the-holy-scriptures-1878.pdf
    • http://www.gorillawalker.com/but-i-ll-be-back-again.pdf
    • http://www.gorillawalker.com/php-learn-php-fast-the-ultimate-crash-course-to-learning.pdf
    • http://www.gorillawalker.com/leading-change-in-the-congregation-spiritual-organizational-tools-for-leaders.pdf
    • http://www.gorillawalker.com/symbiotic-mates-6-lane-and-the-lycans-symbiotic-mates-6.pdf
    • http://www.gorillawalker.com/not-just-the-cleaning-lady-a-hygienist-s-guide-to.pdf
    • http://www.gorillawalker.com/dead-is-the-new-black-dead-is-series.pdf
    • http://www.gorillawalker.com/records-management-with-cd-rom.pdf
    • http://www.gorillawalker.com/discontent-and-its-civilizations-dispatches-from-lahore-new-york-and.pdf
    • http://www.gorillawalker.com/aging-process-and-people-with-spinal-cord-injuries.pdf
    • http://www.gorillawalker.com/yamamoto-new-scalp-acupuncture-principles-and-practice.pdf
    • http://www.gorillawalker.com/greek-gods-family-tree-poster-24x36.pdf
    • http://www.gorillawalker.com/mcat-flashcard-study-system-mcat-exam-practice-questions-review-for.pdf
    • http://www.gorillawalker.com/a-guide-to-remembering-japanese-characters.pdf
    • http://www.gorillawalker.com/audit-and-accountancy-pitfalls-a-casebook-for-practising-accountants-lawyers.pdf
    • http://www.gorillawalker.com/the-common-sense-of-baby-and-child-care.pdf
    • http://www.gorillawalker.com/spc-statistical-process-control-in-injection-molding-and-extrusion.pdf
    • http://www.gorillawalker.com/butterflies-of-alabama-glimpses-into-their-lives-gosse-nature-guides.pdf
    • http://www.gorillawalker.com/bodies-from-the-ash-life-and-death-in-ancient-pompeii.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.