Malicious PDF — malware analysis report

Static analysis result for SHA-256 a906354f502e20bf…

MALICIOUS

PDF

45.4 KB Created: 2019-01-06 08:09:34 +03:00 Authoring application: Adobe InDesign CS5 (7.0) (via Acrobat Distiller 9.5.3 (Macintosh))
MD5: 37b1dc1d6400277f84b89aac7ca30610 SHA-1: dd77d045563ea80c74c7e36ad653640b3155300c SHA-256: a906354f502e20bfa3e7b30d50d58c0b3d624b569f5c64c59b77bbb450c7b6b0
98 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of external links, identified by the PDF_SEO_LINK_FARM heuristic, suggesting a link farm or redirection tactic. The ML_NYX_PDF_MALICIOUS heuristic also flagged the document with high confidence. While no scripts were extracted, the sheer volume of links points to a malicious intent to redirect users to potentially harmful content, likely for SEO manipulation or to host further malicious payloads.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8439

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
    Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/hermes-lyre-italian-poetic-self-commentary-from-dante-to-tommaso.pdf
    • http://www.gorillawalker.com/lonely-planet-seattle-city-guide.pdf
    • http://www.gorillawalker.com/a-journey-into-gravity-and-spacetime-scientific-american-library.pdf
    • http://www.gorillawalker.com/the-sword-of-calandra-book-two-wizard-s-destiny-volume.pdf
    • http://www.gorillawalker.com/lifepac-science-10th-grade.pdf
    • http://www.gorillawalker.com/eres-m-o-ser-s-m-o-para-siempre-n.pdf
    • http://www.gorillawalker.com/the-arrivants-a-new-world-trilogy-rights-of-passage-islands.pdf
    • http://www.gorillawalker.com/nuclear-energy-facility-siting-and-waste-storage-public-attitudes-and.pdf
    • http://www.gorillawalker.com/stargate-atlantis-impressions.pdf
    • http://www.gorillawalker.com/the-essays-penguin-classics.pdf
    • http://www.gorillawalker.com/new-trends-in-basic-and-clinical-research-of-glaucoma-a.pdf
    • http://www.gorillawalker.com/everything-i-need-to-know-about-bullies-i-learned-in.pdf
    • http://www.gorillawalker.com/land-rover-discovery-diesel-service-and-repair-manual-haynes-service.pdf
    • http://www.gorillawalker.com/naughty-norton-pony-tales.pdf
    • http://www.gorillawalker.com/borrowing-heather-s-body-the-trilogy-body-swap-erotica.pdf
    • http://www.gorillawalker.com/a-gentleman-of-means-a-steampunk-adventure-novel-magnificent-devices.pdf
    • http://www.gorillawalker.com/zig-zag-the-surprising-path-to-greater-creativity.pdf
    • http://www.gorillawalker.com/the-maudsley-prescribing-guidelines-in-psychiatry-by-david-taylor-mar.pdf
    • http://www.gorillawalker.com/galapagos-2013-square-12x12-wall-calendar.pdf
    • http://www.gorillawalker.com/catch-a-wave.pdf
    • http://www.gorillawalker.com/showdown-at-widow-creek-hardy-boys-adventures.pdf
    • http://www.gorillawalker.com/discovering-indigenous-lands-the-doctrine-of-discovery-in-the-english.pdf
    • http://www.gorillawalker.com/ib-physics-print-and-online-course-book-pack-2014-edition.pdf
    • http://www.gorillawalker.com/gotta-headache.pdf
    • http://www.gorillawalker.com/cross-cultural-connections-in-crime-fictions.pdf
    • http://www.gorillawalker.com/close-to-the-bone-the-treatment-of-painful-musculoskeletal-disorders.pdf
    • http://www.gorillawalker.com/el-padrino-punto-de-lectura-spanish-edition.pdf
    • http://www.gorillawalker.com/mwh-s-water-treatment-principles-and-design-kindle-edition.pdf
    • http://www.gorillawalker.com/the-andes-mountains-around-the-world.pdf
    • http://www.gorillawalker.com/how-to-import-from-china-a-practical-guide-asian-business.pdf
    • http://www.gorillawalker.com/home-health-aide-on-the-go-in-service-lessons-volume.pdf
    • http://www.gorillawalker.com/a-younger-man-s-game-the-adventures-of-captain-hawker.pdf
    • http://www.gorillawalker.com/postpartum-depression-and-anxiety-a-self-help-guide-for-mothers.pdf
    • http://www.gorillawalker.com/the-less-than-perfect-rider-overcoming-common-riding-problems.pdf
    • http://www.gorillawalker.com/the-life-and-revelations-of-anne-catherine-emmerich-2-volume.pdf
    • http://www.gorillawalker.com/kicsi-vagyok-philipp-winterberg-s-nadja-wichmann-k-pes-mes.pdf
    • http://www.gorillawalker.com/good-mushrooms-and-bad-toadstools-rookie-read-about-science.pdf
    • http://www.gorillawalker.com/the-distressing-damsel-book-2-of-the-dragon-kin.pdf
    • http://www.gorillawalker.com/the-melting-pot-drama-in-four-acts.pdf
    • http://www.gorillawalker.com/to-freedom-born-the-r-c-lewter-jr-m-d.pdf
    • http://www.gorillawalker.com/lifepac-
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.