Malicious PDF — malware analysis report

Static analysis result for SHA-256 afafe31440e8db08…

MALICIOUS

PDF

45.0 KB Created: 2019-03-17 06:14:36 +03:00 Authoring application: pdfTeX-1.40.14 (via Revision 5)
MD5: c51d938c0b656f193f97e38622a90b49 SHA-1: 4f205d260aaaac69b071d26d2242aab11a407a6f SHA-256: afafe31440e8db085e61e58b8fe101cf2db06d3476b731e443e39172fee4fa8d
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged this PDF as malicious. The primary attack pattern appears to be a link farm designed to manipulate search engine results or to distribute a large volume of content, potentially malicious, from a single domain.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8439

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/sam-plank-s-disco-kindle-edition.pdf
    • http://www.gorillawalker.com/tortured-for-the-love-of-christ-st-george-the-new.pdf
    • http://www.gorillawalker.com/essential-coldfusion-fast-developing-web-based-applications-essential-series.pdf
    • http://www.gorillawalker.com/recovery-from-cancer.pdf
    • http://www.gorillawalker.com/software-reuse-architecture-process-and-organization-for-business-success-by.pdf
    • http://www.gorillawalker.com/zinseiwotanoshimitakerebapindetate-asasyuppandenshisyoseki-japanese-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/space-a-visual-encyclopedia.pdf
    • http://www.gorillawalker.com/head-neck-and-orofacial-infections-pageburst-e-book-on-kno.pdf
    • http://www.gorillawalker.com/ski-tours-of-southwestern-colorado.pdf
    • http://www.gorillawalker.com/poetry-and-politics-in-the-age-of-augustus.pdf
    • http://www.gorillawalker.com/carnegie-museum-of-art-director-s-choice.pdf
    • http://www.gorillawalker.com/electoral-realignments.pdf
    • http://www.gorillawalker.com/200-tareas-en-terapia-breve-spanish-edition.pdf
    • http://www.gorillawalker.com/77-cards-design-heuristics-for-inspiring-ideas.pdf
    • http://www.gorillawalker.com/sustainable-energy-technologies-options-and-prospects.pdf
    • http://www.gorillawalker.com/rebuilding-zion-the-religious-reconstruction-of-the-south-1863-1877.pdf
    • http://www.gorillawalker.com/scotch-on-the-rocks-the-true-story-behind-whisky-galore.pdf
    • http://www.gorillawalker.com/inflation-and-its-impact-on-collection-development-in-libraries-2.pdf
    • http://www.gorillawalker.com/a-da-act-i-prelude-bassoon-2-part-qty-4.pdf
    • http://www.gorillawalker.com/underwater-that-s-gross-a-look-at-science.pdf
    • http://www.gorillawalker.com/the-local-a-history-of-the-english-pub.pdf
    • http://www.gorillawalker.com/40-paleo-breakfast-recipes-for-weight-loss-and-healthy-living.pdf
    • http://www.gorillawalker.com/the-times-and-trials-of-the-rawalpindi-conspiracy-1951-the.pdf
    • http://www.gorillawalker.com/ciencia-y-salud-con-clave-de-las-escrituras-spanish-and.pdf
    • http://www.gorillawalker.com/privacy-information-and-technology-2nd-edition.pdf
    • http://www.gorillawalker.com/the-sacred-rights-of-conscience-selected-readings-on-religious-liberty.pdf
    • http://www.gorillawalker.com/things-you-ll-learn-if-you-live-long-enough-so.pdf
    • http://www.gorillawalker.com/footprints-in-the-forest.pdf
    • http://www.gorillawalker.com/the-origins-of-things-sketches-models-prototypes.pdf
    • http://www.gorillawalker.com/trader.pdf
    • http://www.gorillawalker.com/beginning-intermediate-algebra-plus-mymathlab-mystatlab-access-card-package-5th.pdf
    • http://www.gorillawalker.com/sodomy-masculinity-and-law-in-medieval-literature-france-and-england.pdf
    • http://www.gorillawalker.com/mundus-grundy-trouble-in-grundusland.pdf
    • http://www.gorillawalker.com/a-guide-to-the-birds-of-east-africa.pdf
    • http://www.gorillawalker.com/monkeys-in-jungle-2.pdf
    • http://www.gorillawalker.com/biblia-graeca-septuaginta-nestle-aland-novum-testamentum-graece.pdf
    • http://www.gorillawalker.com/development-and-planning-law-compulsory-purchase-and-compensation-bundle.pdf
    • http://www.gorillawalker.com/el-trato-de-rgel-european-masterpieces-spanish-edition.pdf
    • http://www.gorillawalker.com/juicing-recipes-the-complete-guide-to-breakfast-lunch-dinner-and.pdf
    • http://www.gorillawalker.com/by-streetwise-maps-streetwise-vienna-map-laminated-city-center-street.pdf
    • http://www.gorillawalker.com/software-reuse-architecture-process-and-organi
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.