Malicious PDF — malware analysis report

Static analysis result for SHA-256 a97135ff19ff32e2…

MALICIOUS

PDF

46.3 KB Created: 2019-04-29 19:59:28 +03:00 Authoring application: Adobe Acrobat Pro 10.0.0 (via ESP Ghostscript 7.07)
MD5: 281e4b037d26ec3a9f4aebb8900e9720 SHA-1: de78e9eede2050e56e7814af658495349eb6a22d SHA-256: a97135ff19ff32e283496dcd4157feec978c5c8e88019e2fc3e01348488776bc
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of external links, identified by the PDF_SEO_LINK_FARM heuristic. While the document body is heavily obfuscated, the presence of numerous links suggests a malicious intent, possibly for SEO manipulation or to redirect users to malicious content. The ML_NYX_PDF_MALICIOUS heuristic also flagged the document as malicious. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8026

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/handbook-of-global-optimization-nonconvex-optimization-and-its-applications.pdf
    • http://www.gorillawalker.com/copp-d-hills-towards-heaven-shakespeare-and-the-classical-polity.pdf
    • http://www.gorillawalker.com/hiddenness-uncertainty-surprise-three-generative-energies-of-poetry-newcastle-bloodaxe.pdf
    • http://www.gorillawalker.com/a-history-of-england-before-the-norman-conquest.pdf
    • http://www.gorillawalker.com/jesus-calling-enjoying-peace-in-his-presence.pdf
    • http://www.gorillawalker.com/supplementary-despatches-and-memoranda-of-field-marshal-arthur-duke-of.pdf
    • http://www.gorillawalker.com/broadway-hits-for-alto-sax-instrumental-play-along-book-cd.pdf
    • http://www.gorillawalker.com/origins-of-the-women-s-rights-movement-finding-a-voice.pdf
    • http://www.gorillawalker.com/joseph-butler-five-sermons-hackett-classics.pdf
    • http://www.gorillawalker.com/practice-resurrection-study-guide.pdf
    • http://www.gorillawalker.com/electronic-warfare-receivers-and-receiving-systems-artech-house-electronic-warfare.pdf
    • http://www.gorillawalker.com/alcamo-s-fundamentals-of-microbiology-body-systems-edition-2nd-12.pdf
    • http://www.gorillawalker.com/de-profundis-and-other-prison-writings-penguin-classics.pdf
    • http://www.gorillawalker.com/combined-edition-the-awakened-books-one-through-three-kindle-edition.pdf
    • http://www.gorillawalker.com/tobacco-smuggling-tax-paid.pdf
    • http://www.gorillawalker.com/to-have-and-to-hold-victorian-trilogy.pdf
    • http://www.gorillawalker.com/the-independent-traveller-s-guide-to-tropical-getaways-the-independent.pdf
    • http://www.gorillawalker.com/inside-youth-church-souled-out-youll-find-two-leadership-training.pdf
    • http://www.gorillawalker.com/everyday-carry-5-11-tactical-push-pack.pdf
    • http://www.gorillawalker.com/by-slow-boat-to-egypt.pdf
    • http://www.gorillawalker.com/saving-the-lost-tribe-the-rescue-and-redemption-of-the.pdf
    • http://www.gorillawalker.com/infinity-walk-preparing-your-mind-to-learn.pdf
    • http://www.gorillawalker.com/mini-portraitstudio-f-r-die-jackentasche-german-edition.pdf
    • http://www.gorillawalker.com/algebra-and-trigonometry-graphs-and-models-and-graphing-calculator-manual.pdf
    • http://www.gorillawalker.com/little-black-book-special-gift-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/the-martian-engineer-s-notebook-volume-2-kindle-edition.pdf
    • http://www.gorillawalker.com/basic-half-track-vehicles-m2-m3-technical-manual.pdf
    • http://www.gorillawalker.com/introduction-to-thermal-systems-engineering-thermodynamics-fluid-mechanics-and-heat.pdf
    • http://www.gorillawalker.com/the-vaccine-court-the-dark-truth-of-america-s-vaccine.pdf
    • http://www.gorillawalker.com/starting-with-god-a-guide-for-new-believers.pdf
    • http://www.gorillawalker.com/america-s-first-crisis-the-war-of-1812.pdf
    • http://www.gorillawalker.com/heart-failure-a-companion-to-braunwald-s-heart-disease-3e.pdf
    • http://www.gorillawalker.com/escape-from-hangtown-a-lucas-fume-western.pdf
    • http://www.gorillawalker.com/world-of-cthulhu-4-worlds-of-cthulhu.pdf
    • http://www.gorillawalker.com/crash-a-pepper-pace-novella.pdf
    • http://www.gorillawalker.com/anomalies-and-curiosities-of-medicine-being-an-encyclopedic-collection-of.pdf
    • http://www.gorillawalker.com/photocopiable-key-stage-2-photocopiable-weekly-spellings-lists-based-on.pdf
    • http://www.gorillawalker.com/touchy-feely-123-touchy-feely-board-books.pdf
    • http://www.gorillawalker.com/spurring-him-on-claiming-my-cowboy-collection-standalone-short-story.pdf
    • http://www.gorillawalker.com/thank-you-for-smoking-a-novel.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.