Malicious PDF — malware analysis report

Static analysis result for SHA-256 c3388b5328f9c2b1…

MALICIOUS

PDF

41.6 KB Created: 2018-11-23 08:00:22 +03:00 Authoring application: FrameMaker 10.0.2 (via Acrobat Distiller 10.1.15 (Windows))
MD5: 4cc1cd6aff14e4788f0d36ef5515d0f5 SHA-1: 6a2741dc466a6fd39b1add8bb651f90067952386 SHA-256: c3388b5328f9c2b1a2d4c223b6989eabc938ed5590495c1fbfceded87da26d1c
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF document was flagged by a machine learning classifier as malicious. Static analysis revealed a large number of embedded external links, a technique often used for SEO manipulation or to serve as a gateway to malicious content. The heuristic PDF_SEO_LINK_FARM specifically indicates the presence of a link farm, suggesting a deceptive or malicious intent behind the document's creation.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9027

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/fatigue-of-materials.pdf
    • http://www.gorillawalker.com/management-information-systems-for-the-information-age.pdf
    • http://www.gorillawalker.com/ends-of-assimilation-the-formation-of-chicano-literature.pdf
    • http://www.gorillawalker.com/in-the-mouth-of-the-dragon-toxic-fires-in-the.pdf
    • http://www.gorillawalker.com/morality-a-course-on-catholic-living-sadlier-faith-and-witness.pdf
    • http://www.gorillawalker.com/dragons-reborn-requiem-for-dragons.pdf
    • http://www.gorillawalker.com/i-can-grow-plants-infomax.pdf
    • http://www.gorillawalker.com/the-bible-as-in-literature.pdf
    • http://www.gorillawalker.com/how-to-design-a-logo-that-really-works-step-by.pdf
    • http://www.gorillawalker.com/rough-around-the-edges-meets-refined-meet-your-match-volume.pdf
    • http://www.gorillawalker.com/principles-of-hindu-law-with-a-general-introduction-to-hindu.pdf
    • http://www.gorillawalker.com/anatomy-in-a-nutshella-treatise-on-human-anatomy-in-its.pdf
    • http://www.gorillawalker.com/true-believers.pdf
    • http://www.gorillawalker.com/great-book-of-wildfowl-decoys.pdf
    • http://www.gorillawalker.com/the-black-mage-first-year.pdf
    • http://www.gorillawalker.com/the-spirit-of-democratic-capitalism.pdf
    • http://www.gorillawalker.com/pocket-guide-to-jersey-2003.pdf
    • http://www.gorillawalker.com/how-to-really-play-the-piano-the-stuff-your-teacher.pdf
    • http://www.gorillawalker.com/technical-studies-for-the-cornet-english-german-and-french-edition.pdf
    • http://www.gorillawalker.com/anatomy-of-a-misfit.pdf
    • http://www.gorillawalker.com/popes-and-antipopes-the-politics-of-eleventh-century-church-reform.pdf
    • http://www.gorillawalker.com/guia-de-forasteros-viajes-ilustrados-por-colombia-1817-1857-spanish.pdf
    • http://www.gorillawalker.com/intermediate-algebra-for-college-students-9th-edition.pdf
    • http://www.gorillawalker.com/life-before-birth-and-a-time-to-be-born.pdf
    • http://www.gorillawalker.com/enter-night-metallica-the-biography.pdf
    • http://www.gorillawalker.com/france-cultures-of-the-world.pdf
    • http://www.gorillawalker.com/a-new-theatre-fesler-lampert-minnesota-heritage.pdf
    • http://www.gorillawalker.com/dictionary-of-plastics-technology-english-german-french-and-russian-edition.pdf
    • http://www.gorillawalker.com/1997-explore-australia.pdf
    • http://www.gorillawalker.com/hovercraft-technology-economics-and-applications-studies-in-mechanical-engineering-no.pdf
    • http://www.gorillawalker.com/restoration-verse-the-penguin-book-of-penguin-classics.pdf
    • http://www.gorillawalker.com/healing-breath.pdf
    • http://www.gorillawalker.com/tottenham-diaries.pdf
    • http://www.gorillawalker.com/video-basics.pdf
    • http://www.gorillawalker.com/metal-catalysis-in-industrial-organic-processes.pdf
    • http://www.gorillawalker.com/rethinking-the-french-new-right-alternatives-to-modernity-extremism-and.pdf
    • http://www.gorillawalker.com/guesstimation-solving-the-world-s-problems-on-the-back-of.pdf
    • http://www.gorillawalker.com/higher-algebraic-k-theory-an-overview-lecture-notes-in-mathematics.pdf
    • http://www.gorillawalker.com/psalms-of-peace.pdf
    • http://www.gorillawalker.com/customer-worthy-why-and-how-everyone-in-your-organization-must.pdf
    • http://www.gorillawalker.com/how-to-design-a-logo-that-really-wor
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.