Malicious PDF — malware analysis report

Static analysis result for SHA-256 ada445f0b1e7b749…

MALICIOUS

PDF

43.2 KB Created: 2018-12-28 08:08:56 +03:00 Authoring application: C2 v4.2.0220 build 670 - c2_rendition_config : Techlit_Active (via Acrobat Distiller 10.0.0 (Windows); modified using iText 2.1.7 by 1T3XT)
MD5: b579c8ab5e92ec5e646344550c4c6484 SHA-1: 15d75a4c066babe2ec96c996d025bdef8fdb5be5 SHA-256: ada445f0b1e7b749cbef8f68772ba87c95db116a1e0ec6ff505b76716c9e67f5
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF file was flagged by a machine learning classifier and contains a large number of external links, indicating a potential link farm or SEO manipulation tactic. The document body is heavily obfuscated and does not provide clear textual content, but the presence of numerous links to other PDF documents on the same domain suggests a coordinated effort to distribute content or manipulate search engine results. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8859

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/stage-fright-animals-and-other-theatrical-problems-theatre-and-performance.pdf
    • http://www.gorillawalker.com/schizophrenia-new-pharmacological-and-clinical-developments-international-congress-symposium.pdf
    • http://www.gorillawalker.com/night-visions-11.pdf
    • http://www.gorillawalker.com/the-wizard-of-oz-abcs.pdf
    • http://www.gorillawalker.com/defending-america-the-case-for-limited-national-missile-defense.pdf
    • http://www.gorillawalker.com/guide-mook-blister-of-travel-of-the-taiwan-2000-isbn.pdf
    • http://www.gorillawalker.com/el-espejo-se-rajo-de-lado-a-lado-spanish-edition.pdf
    • http://www.gorillawalker.com/the-bossy-gallito-paperback-w-cd.pdf
    • http://www.gorillawalker.com/brain-games-5-lower-your-brain-age-in-minutes-a.pdf
    • http://www.gorillawalker.com/the-male-factor-the-unwritten-rules-misperceptions-and-secret-beliefs.pdf
    • http://www.gorillawalker.com/the-best-ever-guide-to-demotivation-for-bulgarians-how-to.pdf
    • http://www.gorillawalker.com/the-fannie-farmer-cookbook.pdf
    • http://www.gorillawalker.com/world-history-readers-theater-grades-5-8.pdf
    • http://www.gorillawalker.com/ole-flamenco.pdf
    • http://www.gorillawalker.com/oceans-discovery-channel-school-science.pdf
    • http://www.gorillawalker.com/500-iq-puzzles.pdf
    • http://www.gorillawalker.com/von-the-life-and-films-of-erich-von-stroheim-revised.pdf
    • http://www.gorillawalker.com/discoveries-bedford-st-martin-s-esl-workbook.pdf
    • http://www.gorillawalker.com/classic-christianity-systematic-theology-kindle-edition.pdf
    • http://www.gorillawalker.com/samurai-revolution-the-dawn-of-modern-japan-seen-through-the.pdf
    • http://www.gorillawalker.com/sell-your-screenplay-in-30-days-using-new-media.pdf
    • http://www.gorillawalker.com/spirits-of-bourbon-street-a-short-story-jade-calhoun-series.pdf
    • http://www.gorillawalker.com/secrets-of-success-north-carolina-values-based-leadership.pdf
    • http://www.gorillawalker.com/mending-noel-north-pole-city-tales-book-1-unabridged-audible.pdf
    • http://www.gorillawalker.com/sulfide-in-wastewater-collection-and-treatment-systems-asce-manual-and.pdf
    • http://www.gorillawalker.com/pavane-op-50-faure-piano-solo-advanced-sheet-music.pdf
    • http://www.gorillawalker.com/life-at-the-court-of-the-early-qajar-shahs.pdf
    • http://www.gorillawalker.com/frontal-lobes-and-schizophrenia.pdf
    • http://www.gorillawalker.com/the-virtue-of-faith-and-other-essays-in-philosophical-theology.pdf
    • http://www.gorillawalker.com/grace-for-grace-the-psalter-and-the-holy-fathers.pdf
    • http://www.gorillawalker.com/cebollas-enterradas-buried-onions-spanish-edition.pdf
    • http://www.gorillawalker.com/el-habitat-de-la-antartida-the-antarctic-habitat-introduccion-a.pdf
    • http://www.gorillawalker.com/eight-annual-report-of-the-philippine-commission-to-the-secretary.pdf
    • http://www.gorillawalker.com/the-mork-and-mindy-story.pdf
    • http://www.gorillawalker.com/irish-waterways-transport-heritage-series-english-french-german-and-italian.pdf
    • http://www.gorillawalker.com/a-haunt-of-murder-canterbury-tales-series.pdf
    • http://www.gorillawalker.com/the-handy-military-history-answer-book-the-handy-answer-book.pdf
    • http://www.gorillawalker.com/besame-mucho-an-anthology-of-gay-latino-fiction-new-gay.pdf
    • http://www.gorillawalker.com/poetry-and-prophecy-the-beginnings-of-a-literary-tradition-cornell.pdf
    • http://www.gorillawalker.com/just-chihuahuas-2015-box-calendar.pdf
    • http://www.gorillawalker.com/guide-mook-blister-of-travel-of-the-taiwan-2000-
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.