Malicious PDF — malware analysis report

Static analysis result for SHA-256 ad975769b766b69e…

MALICIOUS

PDF

44.0 KB Created: 2019-03-17 09:53:57 +03:00 Authoring application: PScript5.dll Version 5.2 (via Acrobat Distiller 5.0 (Windows))
MD5: 6583e1b1a887871736f69633e14d6856 SHA-1: f665d01ffaeb1a690fd0eedf659c5a53035db7d5 SHA-256: ad975769b766b69e559101774f5db0b67b9ebd9f88c5a7037e5af1962cbc76ed
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF contains a large number of embedded links, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged this PDF as malicious. The embedded URLs likely serve as a link farm to distribute traffic or potentially lead users to malicious content, although the specific intent beyond link distribution is not clear from the available data.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9171

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/texas-v-johnson-the-flag-burning-case-landmark-supreme-court.pdf
    • http://www.gorillawalker.com/source-of-magic-xanth.pdf
    • http://www.gorillawalker.com/anesthesia-for-trauma-new-evidence-and-new-challenges.pdf
    • http://www.gorillawalker.com/principles-and-applications-of-ion-scattering-spectrometry-surface-chemical-and.pdf
    • http://www.gorillawalker.com/por-que-los-hombres-buenos-se-portan-mal-spanish-edition.pdf
    • http://www.gorillawalker.com/an-introduction-to-mission-design-for-geostationary-satellites-space-technology.pdf
    • http://www.gorillawalker.com/power-sharing-executives-governing-in-bosnia-macedonia-and-northern-ireland.pdf
    • http://www.gorillawalker.com/trace-chemical-sensing-of-explosives.pdf
    • http://www.gorillawalker.com/gesti-n-de-la-innovaci-n-y-la-creatividad-sinecm.pdf
    • http://www.gorillawalker.com/fisherman-s-lodge-gay-manga-160-pages-black-and-white.pdf
    • http://www.gorillawalker.com/don-t-ever-call-me-ma-am.pdf
    • http://www.gorillawalker.com/solar-95-annual-solar-energy-conference-proceedings.pdf
    • http://www.gorillawalker.com/fundamentals-of-molecular-science-physical-science-bsc-bsc-hons-waste.pdf
    • http://www.gorillawalker.com/something-in-my-drink.pdf
    • http://www.gorillawalker.com/hot-links-literature-links-for-the-middle-school-curriculum.pdf
    • http://www.gorillawalker.com/aquaponics-bacteria-importance-of-bacterias-in-aquaponics-system-kindle-edition.pdf
    • http://www.gorillawalker.com/patience-vocal-score-english-a5194.pdf
    • http://www.gorillawalker.com/magnificat-rv610a-rv611-vocal-score.pdf
    • http://www.gorillawalker.com/6-string-chord-and-staff-a-student-manuscript-notebook-from.pdf
    • http://www.gorillawalker.com/glade-and-ivory.pdf
    • http://www.gorillawalker.com/more-extreme-sudoku-200-more-of-the-toughest-sudoku-puzzles.pdf
    • http://www.gorillawalker.com/sundarkaand-triumph-of-hanuman-a-graphic-novel-adaptation-campfire-graphic.pdf
    • http://www.gorillawalker.com/the-challenge-of-global-capitalism-the-world-economy-in-the.pdf
    • http://www.gorillawalker.com/the-chronicle-of-froissart.pdf
    • http://www.gorillawalker.com/targum-neofiti-1-genesis-the-aramaic-bible-volume-1a.pdf
    • http://www.gorillawalker.com/hepatitis-c-cured-paperback-2009-author-johnny-delirious.pdf
    • http://www.gorillawalker.com/how-to-audition-for-the-musical-theatre-a-step-by.pdf
    • http://www.gorillawalker.com/the-theory-of-graphs-and-its-applications.pdf
    • http://www.gorillawalker.com/the-gift-of-dyslexia-why-some-of-the-brightest-people.pdf
    • http://www.gorillawalker.com/common-faults-in-oil-painting-no125.pdf
    • http://www.gorillawalker.com/the-powerscore-lsat-logic-games-setups-encyclopedia-volume-2-powerscore.pdf
    • http://www.gorillawalker.com/kosher-sex-a-recipe-for-passion-and-intimacy.pdf
    • http://www.gorillawalker.com/alzheimer-manual-de-instrucciones-spanish-edition.pdf
    • http://www.gorillawalker.com/trees-shrubs-and-cacti-of-south-texas-revised-edition.pdf
    • http://www.gorillawalker.com/fault-diagnosis-and-reconfiguration-in-flight-control-systems-cooperative-systems.pdf
    • http://www.gorillawalker.com/the-goodnight-train.pdf
    • http://www.gorillawalker.com/2016-horses-mini-calendar.pdf
    • http://www.gorillawalker.com/how-animals-talk-and-other-pleasant-studies-of-birds-and.pdf
    • http://www.gorillawalker.com/prostate-problems-safe-simple-effective-relief.pdf
    • http://www.gorillawalker.com/japanese-grammar-barron-s-grammar-series.pdf
    • http://www.gorilla
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.