Malicious PDF — malware analysis report

Static analysis result for SHA-256 c1bd0eadda17b309…

MALICIOUS

PDF

45.4 KB Created: 2019-04-08 21:08:25 +03:00 Authoring application: PSCRIPT.DRV Version 4.0 (via Acrobat Distiller 3.02)
MD5: 00351b3c0087dacb434661141b737f5b SHA-1: c555af99b14883f66b4991a9e671ec7c83ed8ad1 SHA-256: c1bd0eadda17b309c81363f84f55579fdfc2ef875e1dad343572e14ea0eb906e
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links to external websites, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged the document as malicious. The primary attack pattern appears to be directing users to a link farm, likely for SEO manipulation or to serve further malicious content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8812

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/brian-friel-decoding-the-language-of-the-tribe-contemporary-irish.pdf
    • http://www.gorillawalker.com/macanudo-vol-3.pdf
    • http://www.gorillawalker.com/a-homemade-diet-stew-a-tasty-medley-of-new-products.pdf
    • http://www.gorillawalker.com/the-automatic-millionaire-a-powerful-one-step-plan-to-live.pdf
    • http://www.gorillawalker.com/aging-brain-ettore-majorana-international-science-series-life-sciences.pdf
    • http://www.gorillawalker.com/starcraft-ii-devil-s-due.pdf
    • http://www.gorillawalker.com/espionage-and-the-united-states-during-the-20th-century.pdf
    • http://www.gorillawalker.com/brexit-how-britain-will-leave-europe.pdf
    • http://www.gorillawalker.com/latin-via-ovid-a-first-course-second-edition.pdf
    • http://www.gorillawalker.com/human-hypothalamus-basic-and-clinical-aspects-part-i-volume-79.pdf
    • http://www.gorillawalker.com/orthopaedic-assessment-and-treatment-of-the-geriatric-patient-1e.pdf
    • http://www.gorillawalker.com/the-spirit-of-an-activist-the-life-and-work-of.pdf
    • http://www.gorillawalker.com/la-clemenza-di-tito-in-full-score.pdf
    • http://www.gorillawalker.com/methods-and-applications-of-statistics-in-business-finance-and-management.pdf
    • http://www.gorillawalker.com/from-unincorporated-territory-saina.pdf
    • http://www.gorillawalker.com/the-folly.pdf
    • http://www.gorillawalker.com/just-shelties-2014-wall-calendar.pdf
    • http://www.gorillawalker.com/who-s-in-charge-big-questions-hardcover.pdf
    • http://www.gorillawalker.com/the-colosseum-kindle-edition.pdf
    • http://www.gorillawalker.com/guide-to-implementation-of-gasb-statement-34-on-basic-financial.pdf
    • http://www.gorillawalker.com/schaum-s-outline-of-understanding-calculus-concepts.pdf
    • http://www.gorillawalker.com/medical-error-what-do-we-know-what-do-we-do.pdf
    • http://www.gorillawalker.com/principles-and-practice-of-dentofacial-orthopaedics.pdf
    • http://www.gorillawalker.com/101-questions-answers-on-catholic-marriage-preparation.pdf
    • http://www.gorillawalker.com/nightmare-on-main-street-angels-sadomasochism-and-the-culture-of.pdf
    • http://www.gorillawalker.com/the-essential-zizek-the-complete-set-the-sublime-object-of.pdf
    • http://www.gorillawalker.com/joyce-tenneson-a-life-in-photography-1968-2008.pdf
    • http://www.gorillawalker.com/words-of-wisdom-with-the-dalai-mama-a-daily-journey.pdf
    • http://www.gorillawalker.com/it-s-a-very-simple-game-the-life-and-times.pdf
    • http://www.gorillawalker.com/godless-goddess-a-wiccan-vacation-in-hawaii-where-everyman-s.pdf
    • http://www.gorillawalker.com/look-inside-look-inside-series.pdf
    • http://www.gorillawalker.com/the-growing-business-handbook-inspiration-and-advice-from-successful-entrepreneurs.pdf
    • http://www.gorillawalker.com/sind-through-the-centuries.pdf
    • http://www.gorillawalker.com/ironman-s-ultimate-guide-to-building-muscle-mass.pdf
    • http://www.gorillawalker.com/encyclopedia-of-fire.pdf
    • http://www.gorillawalker.com/the-making-of-a-bimbo-wife-the-bimbo-series-book.pdf
    • http://www.gorillawalker.com/towards-a-rational-philosophical-anthropology-jerusalem-van-leer-foundation.pdf
    • http://www.gorillawalker.com/by-betty-selakovich-casey-may-finds-her-way-the-story.pdf
    • http://www.gorillawalker.com/the-national-geographic-magazine-september-1927-vol-lii-no-three.pdf
    • http://www.gorillawalker.com/squalor-and-splendor-expat-tales-of-east-and-west.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.