Malicious PDF — malware analysis report

Static analysis result for SHA-256 ba24458e0fee310e…

MALICIOUS

PDF

42.7 KB Created: 2018-12-07 18:29:37 +03:00 Authoring application: - (via Acrobat Distiller Daemon 3.0 for Solaris 2.3 and later (SPARC))
MD5: d6dc9697085f5929a3c604c93fcd9f04 SHA-1: 4106b0a9556b31690b04785ecce7eda248d0f3f6 SHA-256: ba24458e0fee310ef801dcf20aa83973c49603aa0e2607bab155106fce3eb3b2
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious File

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged this document as malicious. The primary purpose appears to be directing users to a website hosting numerous PDF documents, likely for SEO manipulation or to serve as a distribution point for further malicious content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/neoplastic-mimics-in-thoracic-and-cardiovascular-pathology-pathology-of-neoplastic.pdf
    • http://www.gorillawalker.com/quiches-y-tartaletas-selecci-n-culinaria.pdf
    • http://www.gorillawalker.com/a-reader-s-guide-to-lorraine-hansberry-s-a-raisin.pdf
    • http://www.gorillawalker.com/frontiers-and-progress-in-multiphase-flow-i.pdf
    • http://www.gorillawalker.com/august-sander-people-of-the-20th-century.pdf
    • http://www.gorillawalker.com/plant-and-nematode-interactions-agronomy-monograph.pdf
    • http://www.gorillawalker.com/ingles-para-los-trabajos-texto-completo-english-for-workers-unabridged.pdf
    • http://www.gorillawalker.com/second-place-of-birth-nevis-eight-days-in-the-jungle.pdf
    • http://www.gorillawalker.com/the-life-of-herbert-hoover-the-engineer-1874-1914.pdf
    • http://www.gorillawalker.com/radicals-reformers-and-reactionaries-the-prisoner-s-dilemma-and-the.pdf
    • http://www.gorillawalker.com/basic-black-scholes-option-pricing-and-trading.pdf
    • http://www.gorillawalker.com/prevention-is-primary-strategies-for-community-well-being.pdf
    • http://www.gorillawalker.com/formative-writings-routledge-revivals.pdf
    • http://www.gorillawalker.com/democracy-under-pressure-an-introduction-to-the-american-political-system.pdf
    • http://www.gorillawalker.com/sound-science-around-us.pdf
    • http://www.gorillawalker.com/the-prop-master-beautiful-movie-stars-begged-for-his-bondage.pdf
    • http://www.gorillawalker.com/melric-and-the-petnapping.pdf
    • http://www.gorillawalker.com/teenage-mutant-ninja-turtles-the-ultimate-collection-volume-5.pdf
    • http://www.gorillawalker.com/breeding-of-a-hotwife-the-hotwife-diaries-cuckold-erotica-stories.pdf
    • http://www.gorillawalker.com/zoe-leonard-you-see-i-am-here-after-all-dia.pdf
    • http://www.gorillawalker.com/three-plays-bedroom-farce-absent-friends-absurd-person-singular.pdf
    • http://www.gorillawalker.com/the-noontide-sun-the-field-journals-of-the-reverend-stephen.pdf
    • http://www.gorillawalker.com/iran-s-strategic-weapons-programmes-a-net-assessment-kindle-edition.pdf
    • http://www.gorillawalker.com/life-s-basis-and-life-s-ideal-the-fundamentals-of.pdf
    • http://www.gorillawalker.com/the-flame-story-of-lua-talisman-series.pdf
    • http://www.gorillawalker.com/manolo-un-ni.pdf
    • http://www.gorillawalker.com/cr-nicas-de-bar-ser-cidad-o-convencer-os-hip.pdf
    • http://www.gorillawalker.com/blue-guide-crete-eighth-edition-blue-guides.pdf
    • http://www.gorillawalker.com/the-interacting-boson-fermion-model-cambridge-monographs-on-mathematical-physics.pdf
    • http://www.gorillawalker.com/structural-engineering-solved-problems.pdf
    • http://www.gorillawalker.com/speeding-lesson.pdf
    • http://www.gorillawalker.com/essential-readings-in-magnesium-technology.pdf
    • http://www.gorillawalker.com/encounters-between-chinese-culture-and-christianity-a-hermeneutical-perspective-contactzone.pdf
    • http://www.gorillawalker.com/fatal-affair.pdf
    • http://www.gorillawalker.com/take-it-to-your-seat-writing-centers-grades-1-2.pdf
    • http://www.gorillawalker.com/gluten-free-momma-fit-cookbook-healthy-gluten-free-and-fit.pdf
    • http://www.gorillawalker.com/advice-for-new-faculty-members.pdf
    • http://www.gorillawalker.com/how-to-find-anyone-anywhere.pdf
    • http://www.gorillawalker.com/ways-of-reading-7e-ix-visual-exercises.pdf
    • http://www.gorillawalker.com/where-to-a-hack-memoir.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.