Malicious PDF — malware analysis report

Static analysis result for SHA-256 caa5424e98cdd886…

MALICIOUS

PDF

31.7 KB Created: 2019-12-12 19:47:08 +03:00 Authoring application: PageMaker 7.0 (via Acrobat Distiller 7.0 (Windows))
MD5: ef7bb6413b82febe78e53e708dc6cf96 SHA-1: 7cf62baddafbd5ff12690d766c9e655d99a421bc SHA-256: caa5424e98cdd886f99bec030fe44af1fb76ae396b97b2013831d97cc428e733
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded URLs pointing to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged the document as malicious. The primary attack pattern appears to be the creation of a link farm, likely to manipulate search engine results or to distribute further malicious content through the linked PDFs. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8442

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/sport-and-exercise-psychology-the-key-concepts-routledge-key-guides.pdf
    • http://www.gorillawalker.com/the-art-of-golf-design.pdf
    • http://www.gorillawalker.com/the-official-patient-s-sourcebook-on-multiple-sclerosis-a-revised.pdf
    • http://www.gorillawalker.com/1807-14-attenhundrede-og-syv-atten-fjorten-studier-til-k.pdf
    • http://www.gorillawalker.com/ayurvedic-beauty-care-ageless-techniques-to-invoke-natural-beauty.pdf
    • http://www.gorillawalker.com/revolutionizing-product-development-quantum-leaps-in-speed-efficiency-and-quality.pdf
    • http://www.gorillawalker.com/illy-collection-a-decade-of-artist-cups-by-illycaff.pdf
    • http://www.gorillawalker.com/status-of-adivasis-indigenous-peoples-land-series-1-gujarat.pdf
    • http://www.gorillawalker.com/james-madison-our-fourth-president-spirit-of-america-our-presidents.pdf
    • http://www.gorillawalker.com/aberdeen-bay-s-travel-guide-to-montreal.pdf
    • http://www.gorillawalker.com/automotive-engines-diagnosis-repair-rebuilding.pdf
    • http://www.gorillawalker.com/hybrid-microelectronics-handbook.pdf
    • http://www.gorillawalker.com/between-rock-and-a-home-place.pdf
    • http://www.gorillawalker.com/el-libro-de-la-moda-spanish-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/ilaah-waa-orso-surprise-easter-ayaa-somali-edition.pdf
    • http://www.gorillawalker.com/the-ultimate-conspectus-matn-al-ghayat-wa-al-taqrib.pdf
    • http://www.gorillawalker.com/nursing-care-of-the-addicted-client.pdf
    • http://www.gorillawalker.com/between-two-flags-john-mitchel-jenny-verner.pdf
    • http://www.gorillawalker.com/the-metre-of-old-saxon-poetry-the-remaking-of-alliterative.pdf
    • http://www.gorillawalker.com/the-soil-chemistry-of-hazardous-materials.pdf
    • http://www.gorillawalker.com/alone-in-the-dark-the-cincinnati-series.pdf
    • http://www.gorillawalker.com/toward-a-fuller-vision-orthodoxy-and-the-anglican-experience.pdf
    • http://www.gorillawalker.com/lighting-by-design.pdf
    • http://www.gorillawalker.com/the-complete-kylie-minogue.pdf
    • http://www.gorillawalker.com/seeing-through-the-eyes-of-god-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/mexico-the-struggle-for-modernity-latin-american-histories.pdf
    • http://www.gorillawalker.com/clinical-medical-assisting-foundations-and-practice.pdf
    • http://www.gorillawalker.com/maravilloso-desastre-spanish-edition.pdf
    • http://www.gorillawalker.com/journalism-ethics-a-casebook-of-professional-conduct-for-news-media.pdf
    • http://www.gorillawalker.com/cell-physiology-source-book-third-edition-essentials-of-membrane-biophysics.pdf
    • http://www.gorillawalker.com/a-yankee-in-the-trenches.pdf
    • http://www.gorillawalker.com/the-christmas-clock.pdf
    • http://www.gorillawalker.com/fifth-business-deptford-trilogy.pdf
    • http://www.gorillawalker.com/the-auction-kindle-edition.pdf
    • http://www.gorillawalker.com/con-la-fidelidad-del-peregrino-spanish-edition.pdf
    • http://www.gorillawalker.com/binding-ecstasy-the-guardians-of-the-realms-series-book-6.pdf
    • http://www.gorillawalker.com/dining-out-companion-winning-points-weight-watchers.pdf
    • http://www.gorillawalker.com/communication-principles-for-a-lifetime-books-a-la-carte-edition.pdf
    • http://www.gorillawalker.com/enduring-patagonia-kindle-edition.pdf
    • http://www.gorillawalker.com/global-perception-sport-education-teaching-of-physical-education-and-curriculum.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.