Malicious PDF — malware analysis report

Static analysis result for SHA-256 b4fd47b5c4dbe87b…

MALICIOUS

PDF

33.4 KB Created: 2019-05-17 18:27:40 +03:00 Authoring application: PDFCreator Version 1.5.1 (via GPL Ghostscript 9.05)
MD5: 95c09b4a5f9be24f6bd51e0051ace3e3 SHA-1: 7b97b8947c4b9152ebf8098822f404c722dd3e8b SHA-256: b4fd47b5c4dbe87bc27f4fe921abca296e0cdf9dbc7adc92a1cc679797072439
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links to external PDF documents, as indicated by the 'PDF_SEO_LINK_FARM' heuristic. The ML classifier also flagged the document as malicious. The primary purpose appears to be to direct users to a website hosting numerous PDF files, potentially for SEO manipulation or as a distribution point for further malicious content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8529

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/teorias-del-desconcierto-viaje-al-fondo-de-la-incertidumbre-los.pdf
    • http://www.gorillawalker.com/blitzkrieg-from-the-rise-of-hitler-to-the-fall-of.pdf
    • http://www.gorillawalker.com/statutory-valuations.pdf
    • http://www.gorillawalker.com/basic-spss-tutorial.pdf
    • http://www.gorillawalker.com/the-dare-game-tracy-beaker.pdf
    • http://www.gorillawalker.com/abc-of-asthma-allergies-and-lupus-eradicate-asthma-now-paperback.pdf
    • http://www.gorillawalker.com/bundle-essentials-of-physical-geology-5th-exploring-water-resources-gis.pdf
    • http://www.gorillawalker.com/vernacular-architecture-material-culture.pdf
    • http://www.gorillawalker.com/report-of-a-special-committee-of-the-grammar-school-board.pdf
    • http://www.gorillawalker.com/diffusion-tensor-imaging-introduction-and-atlas.pdf
    • http://www.gorillawalker.com/discovering-new-york-artist-de-la-vega-kindle-edition.pdf
    • http://www.gorillawalker.com/woodshop-dust-control-a-complete-guide-to-setting-up-your.pdf
    • http://www.gorillawalker.com/how-to-cook-for-crohn-s-and-colitis-more-than.pdf
    • http://www.gorillawalker.com/earth-rockfill-dams.pdf
    • http://www.gorillawalker.com/blessed-are-the-organized-grassroots-democracy-in-america.pdf
    • http://www.gorillawalker.com/nouvelle-traduction-de-roland-l-amoureux-de-matheo-maria-boyardo.pdf
    • http://www.gorillawalker.com/the-crooked-timber-of-humanity-chapters-in-the-history-of.pdf
    • http://www.gorillawalker.com/suffolk-cycling-country-lanes-byways.pdf
    • http://www.gorillawalker.com/sexy-curves-plus-size-boudoir-photography-techniques.pdf
    • http://www.gorillawalker.com/all-you-need-to-know-about-the-movie-and-tv.pdf
    • http://www.gorillawalker.com/user-s-guide-to-the-b-complex-vitamins.pdf
    • http://www.gorillawalker.com/hydrodynamic-forces-iahr-hydraulic-structures-design-manuals-3-iahr-design.pdf
    • http://www.gorillawalker.com/les-deserts-beaute-simple-et-depouillee-sable-chaud-etendues-infinies.pdf
    • http://www.gorillawalker.com/in-the-big-inning-bible-riddles-from-the-back-pew.pdf
    • http://www.gorillawalker.com/new-myfinancelab-with-pearson-etext-student-access-card-for-corporate.pdf
    • http://www.gorillawalker.com/the-restorative-home-ecological-houses-by-david-hertz.pdf
    • http://www.gorillawalker.com/a-cultural-history-of-the-nurse-s-uniform.pdf
    • http://www.gorillawalker.com/automotive-bodywork-how-to-weld-body-metal-automotive-bodywork-rust.pdf
    • http://www.gorillawalker.com/brian-boru-and-the-battle-of-clontarf.pdf
    • http://www.gorillawalker.com/go-green-save-green-a-simple-guide-to-saving-time.pdf
    • http://www.gorillawalker.com/dead-last.pdf
    • http://www.gorillawalker.com/at-my-heart-s-core-overlaid-two-plays.pdf
    • http://www.gorillawalker.com/human-and-nonhuman-bone-identification-a-color-atlas-on-dvd.pdf
    • http://www.gorillawalker.com/compare-contrast-reading-passages-that-build-comprehensio.pdf
    • http://www.gorillawalker.com/the-baptist-church-hymnal-hymns-chants-anthems-with-music.pdf
    • http://www.gorillawalker.com/you-wouldn-t-want-to-live-without-electricity.pdf
    • http://www.gorillawalker.com/november-snow-moon-holy-spirit-kindle-edition.pdf
    • http://www.gorillawalker.com/animal-parasites-with-especial-reference-to-the-worms-which-play.pdf
    • http://www.gorillawalker.com/massacres-in-the-jungle-ixcan-guatemala-1975-1982.pdf
    • http://www.gorillawalker.com/fumbly-bumbly-angels-with-cd-instant-christmas-pageant.pdf
    • http://www.gorillawalker.com/report-of-a-special-committee-of-the-gramm
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.