Malicious PDF — malware analysis report

Static analysis result for SHA-256 c974d42b45934a51…

MALICIOUS

PDF

34.1 KB Created: 2019-11-23 19:49:32 +03:00 Authoring application: PScript5.dll Version 5.2 (via Acrobat Distiller 5.0 (Windows))
MD5: 2d99978ef082ef0d8bf3291ab887d420 SHA-1: e56b5444914907ea4637507c96df53ef2b413fcf SHA-256: c974d42b45934a51fcf3b86077d4c36ca3dfa0d24fa20ee850d8a29fe69af914
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF heuristic 'PDF_SEO_LINK_FARM' indicates the presence of numerous external links, suggesting a link-farming or traffic-driving scheme. The ML classifier also flagged the document as malicious. While no scripts were extracted, the sheer volume of links points to a non-standard document purpose, likely related to SEO manipulation or directing users to potentially malicious content hosted on the linked domains.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8313

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/schizophrenia-a-scientific-delusion-by-boyle-mary-routledge-2002-paperback.pdf
    • http://www.gorillawalker.com/remolition-the-interviews-kindle-edition.pdf
    • http://www.gorillawalker.com/worse-than-willy.pdf
    • http://www.gorillawalker.com/rosario-ferre-en-su-edad-de-oro-heroi-nas-subversivas.pdf
    • http://www.gorillawalker.com/appendice-b-le-spezie-e-gli-aromi-il-mio-libro.pdf
    • http://www.gorillawalker.com/the-emperor-s-handbook-a-new-translation-of-the-meditations.pdf
    • http://www.gorillawalker.com/new-street-art.pdf
    • http://www.gorillawalker.com/bright-not-broken-gifted-kids-adhd-and-autism.pdf
    • http://www.gorillawalker.com/flashbacks.pdf
    • http://www.gorillawalker.com/bible-promise-book-in-today-s-language-inspirational-library-paperback.pdf
    • http://www.gorillawalker.com/memories-of-maggie-a-legend-spanning-3-wars.pdf
    • http://www.gorillawalker.com/star-wars-omnibus-shadows-of-the-empire.pdf
    • http://www.gorillawalker.com/cashing-up-kindle-edition.pdf
    • http://www.gorillawalker.com/anatomy-physiology-an-integrative-approach-1st-first-edition-by-mckinley.pdf
    • http://www.gorillawalker.com/making-miniature-dolls-with-polymer-clay-how-to-create-and.pdf
    • http://www.gorillawalker.com/atmosphere-ocean-interaction-monographs-on-meteorology.pdf
    • http://www.gorillawalker.com/mary-mirror-of-the-church.pdf
    • http://www.gorillawalker.com/sarah-campbell-tale-of-a-civil-war-orphan-civil-war.pdf
    • http://www.gorillawalker.com/little-bunny-s-bible.pdf
    • http://www.gorillawalker.com/foreign-exchange-a-mystery-in-poems.pdf
    • http://www.gorillawalker.com/the-land-of-the-silver-apples-the-sea-of-trolls.pdf
    • http://www.gorillawalker.com/fundamentals-of-powerplants-for-aircraft.pdf
    • http://www.gorillawalker.com/canadian-studies-in-the-new-millennium.pdf
    • http://www.gorillawalker.com/roads-were-not-built-for-cars-how-cyclists-were-the.pdf
    • http://www.gorillawalker.com/integrated-sand-management-for-effective-hydrocarbon-flow-assurance-volume-62.pdf
    • http://www.gorillawalker.com/markets-on-trial-pt-a-and-b-the-economic-sociology.pdf
    • http://www.gorillawalker.com/josefina-mujeres-en-la-historia-series.pdf
    • http://www.gorillawalker.com/carmen-for-rappars-aragonaise-full-score-rappars-collection-japanese-edition.pdf
    • http://www.gorillawalker.com/structural-reform-of-british-local-government-rhetoric-and-reality.pdf
    • http://www.gorillawalker.com/oral-and-maxillofacial-surgery-clinical-anatomy-zhong-shizhen-complete-works.pdf
    • http://www.gorillawalker.com/once-upon-a-time-northern-ireland.pdf
    • http://www.gorillawalker.com/statistical-and-computational-pharmacogenomics-chapman-hall-crc-interdisciplinary-statistics.pdf
    • http://www.gorillawalker.com/the-ends-of-the-earth-from-togo-to-turkmenistan-from.pdf
    • http://www.gorillawalker.com/william-shakespeare-a-very-short-introduction-very-short-introductions.pdf
    • http://www.gorillawalker.com/michelin-the-green-guide-danemark-norvege-suede-finlande-1e.pdf
    • http://www.gorillawalker.com/coming-of-age-volume-1-eternal-life.pdf
    • http://www.gorillawalker.com/oahu-revealed-the-ultimate-guide-to-honolulu-waikiki-beyond-oahu.pdf
    • http://www.gorillawalker.com/justice-as-prevention-vetting-public-employees-in-transitional-societies-a.pdf
    • http://www.gorillawalker.com/dominant-issues-in-medical-sociology-addison-wesley-series-in-sociology.pdf
    • http://www.gorillawalker.com/poetry-for-the-heart-of-love-and-life-kindle-edition.pdf
    • http://www.gorillawalker.com/c
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.