Malicious PDF — malware analysis report

Static analysis result for SHA-256 a5b28af21e226956…

MALICIOUS

PDF

33.1 KB Created: 2019-12-09 20:30:19 +03:00 Authoring application: - (via Python PDF Library - http://pybrary.net/pyPdf/)
MD5: 9c90334fd6641a63dcd380613c83adb6 SHA-1: d8b50c70293770690c338d9bbdaaf9bf12cccd68 SHA-256: a5b28af21e2269569d0dc7c0596c05fd52c7672ceb579fce1203a5ab78eea5fd
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF was flagged by a machine learning classifier and contains a large number of embedded external links, indicating a potential SEO spam or content distribution tactic. While no scripts were extracted, the sheer volume of links suggests a malicious intent to redirect users to potentially harmful content hosted on the linked domains. The attack pattern is likely a form of SEO poisoning or a lure to download further malicious content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8313

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/ruby-no-1-vandercook-trombone-gem-series-by-h-a.pdf
    • http://www.gorillawalker.com/biostatistical-analysis-4th-edition.pdf
    • http://www.gorillawalker.com/a-people-s-history-of-the-hmong.pdf
    • http://www.gorillawalker.com/failure-analysis-a-practical-guide-for-manufacturers-of-electronic-components.pdf
    • http://www.gorillawalker.com/totally-100-per-cent-unofficial-leonardo-dicaprio-special-1999.pdf
    • http://www.gorillawalker.com/a-karenina-companion.pdf
    • http://www.gorillawalker.com/now-we-can-speak-a-journey-through-the-new-nicaragua.pdf
    • http://www.gorillawalker.com/call-to-action-secret-formulas-to-improve-online-results.pdf
    • http://www.gorillawalker.com/home-care-for-the-client-who-has-had-a-cerebrovascular.pdf
    • http://www.gorillawalker.com/tibetan-ayurveda-health-secrets-from-the-roof-of-the-world.pdf
    • http://www.gorillawalker.com/travels-and-researches-in-chaldaea-and-susiana.pdf
    • http://www.gorillawalker.com/the-globalisation-of-school-choice-oxford-studies-in-comparative-education.pdf
    • http://www.gorillawalker.com/las-artesanias-serie-raices-nueve-pececitos-spanish-edition.pdf
    • http://www.gorillawalker.com/classical-sheet-music-asturias-i-albeniz-solo-piano-kindle-edition.pdf
    • http://www.gorillawalker.com/prince-of-ireland-and-the-three-magic-stallions.pdf
    • http://www.gorillawalker.com/dark-guardian-the-carpathians-dark-series-book-8.pdf
    • http://www.gorillawalker.com/the-trigger-an-agent-dallas-thriller-an-agent-dallas-series.pdf
    • http://www.gorillawalker.com/three-thousand-years-of-chinese-painting-the-culture-civilization-of.pdf
    • http://www.gorillawalker.com/artificial-seawaters-formulas-and-methods.pdf
    • http://www.gorillawalker.com/tricolore-total-1-copymasters-and-assessment.pdf
    • http://www.gorillawalker.com/chanting-the-psalms-a-practical-guide-with-instructional-cd.pdf
    • http://www.gorillawalker.com/sheet-metal-worker-passbooks-c-736.pdf
    • http://www.gorillawalker.com/electrical-steels-for-rotating-machines-iee-power-and-energy-series.pdf
    • http://www.gorillawalker.com/the-fastest-way-to-improve-memory-master-speed-reading-and.pdf
    • http://www.gorillawalker.com/subjectivity-and-identity-between-modernity-and-postmodernity-bloomsbury-studies-in.pdf
    • http://www.gorillawalker.com/death-to-einstein-exposing-special-relativity-s-fatal-flaws.pdf
    • http://www.gorillawalker.com/beautiful-moon-bella-luna.pdf
    • http://www.gorillawalker.com/the-anatomy-of-courage-the-classic-wwi-study-of-the.pdf
    • http://www.gorillawalker.com/from-spin-to-spin-a-history-of-nettle-fibre.pdf
    • http://www.gorillawalker.com/switchmode-rf-power-amplifiers-communications-engineering.pdf
    • http://www.gorillawalker.com/the-new-best-of-black-crowes-for-guitar-easy-tab.pdf
    • http://www.gorillawalker.com/the-fall-of-america.pdf
    • http://www.gorillawalker.com/the-american-medical-association-home-medical-encyclopedia-vol-2.pdf
    • http://www.gorillawalker.com/ingles-comunicar-idiomas-larousse-spanish-edition.pdf
    • http://www.gorillawalker.com/russian-spring.pdf
    • http://www.gorillawalker.com/commentary-critical-and-explanatory-book-of-daniel-annotated-commentary-critical.pdf
    • http://www.gorillawalker.com/vegetable-smoothie-recipes-all-natural-low-carb-high-fiber-weightloss.pdf
    • http://www.gorillawalker.com/atlas-of-american-migration.pdf
    • http://www.gorillawalker.com/correctional-contexts-contemporary-and-classical-readings.pdf
    • http://www.gorillawalker.com/fuzzy-control-systems-mathematics-research-developments.pdf
    • http://pybrary.net/pyPdf/
    • http://www.gorillawalker.com/the-globalisation-of-
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    +1 more URL(s)

Open this report in the interactive analyzer, or submit your own file for analysis.