Malicious PDF — malware analysis report

Static analysis result for SHA-256 cd2e0cb9835b154a…

MALICIOUS

PDF

33.0 KB Created: 2020-02-19 23:53:36 +03:00 Authoring application: QuarkXPress: pictwpstops filter 1.0 (via Mac OS X 10.6.8 Quartz PDFContext)
MD5: 8e9f60f70f79a94c4e63cc20aa4fea7d SHA-1: 5a60a59d15c681f0500b5e66122eb8810e45e881 SHA-256: cd2e0cb9835b154a63056df02350809733da53c08b07a1462a078cc402771bc4
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF file was flagged by a machine learning classifier as malicious and contains a large number of external links to other PDF documents. This behavior is consistent with SEO poisoning or a link farm designed to distribute malicious content or manipulate search engine results. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8529

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/catalogue-of-plaster-reproductions-from-antique-medieval-and-modern-sculpture.pdf
    • http://www.gorillawalker.com/knowing-yourself-the-true-in-the-false.pdf
    • http://www.gorillawalker.com/without-chiefs-there-would-be-no-game-customary-law-and.pdf
    • http://www.gorillawalker.com/manager-s-step-by-step-guide-to-outsourcing-by-dominguez.pdf
    • http://www.gorillawalker.com/the-art-of-influence-persuading-others-begins-with-you.pdf
    • http://www.gorillawalker.com/ffordd-tangnefedd.pdf
    • http://www.gorillawalker.com/universal-abandon-the-politics-of-postmodernism-studies-in-classical-philology.pdf
    • http://www.gorillawalker.com/the-great-civil-war-draft-riot-cornerstones-of-freedom-second.pdf
    • http://www.gorillawalker.com/african-calliope-a-journey-to-the-sudan-1981.pdf
    • http://www.gorillawalker.com/if-you-re-second-you-are-nothing-ferguson-and-shankley.pdf
    • http://www.gorillawalker.com/the-ultimate-guide-to-collectible-lego-sets-identification-and-price.pdf
    • http://www.gorillawalker.com/filipino-prehistory.pdf
    • http://www.gorillawalker.com/beyond-actions-psychology-of-action-research-for-mindful-educational-improvement.pdf
    • http://www.gorillawalker.com/children-book-number-seven-world-facts-great-book-for-kids.pdf
    • http://www.gorillawalker.com/luxe-singapore.pdf
    • http://www.gorillawalker.com/gaining-interest-uk-s-wildlife-wealth-and-the-law.pdf
    • http://www.gorillawalker.com/x-treme-cuisine-an-adrenaline-charged-cookbook-for-the-young.pdf
    • http://www.gorillawalker.com/aoa-house-defers-decision-on-combined-match-osteopathic-allopathic-resident.pdf
    • http://www.gorillawalker.com/como-ver-en-el-esp-ritu-una-gu-a-pr.pdf
    • http://www.gorillawalker.com/meta-barons-tarot.pdf
    • http://www.gorillawalker.com/rand-mcnally-st-louis-easyfinder-map.pdf
    • http://www.gorillawalker.com/machines-in-our-hearts-the-cardiac-pacemaker-the-implantable-defibrillator.pdf
    • http://www.gorillawalker.com/an-illustrated-history-of-quebec-tradition-and-modernity-illustrated-history.pdf
    • http://www.gorillawalker.com/way-of-cross-sign-of-contradiction.pdf
    • http://www.gorillawalker.com/engineering-construction-and-operations-in-space-ii.pdf
    • http://www.gorillawalker.com/cassirer-panofsky-and-warburg-symbol-art-and-history.pdf
    • http://www.gorillawalker.com/the-carling-years.pdf
    • http://www.gorillawalker.com/deadly-reflections.pdf
    • http://www.gorillawalker.com/the-economics-of-contracting-v-2-a-treatise-for-contractors.pdf
    • http://www.gorillawalker.com/me-before-you-a-novel.pdf
    • http://www.gorillawalker.com/north-by-northwestern-a-seafaring-family-on-deadly-alaskan-waters.pdf
    • http://www.gorillawalker.com/timed-release-a-detroit-metropolitan-love-story-timed-duet-part.pdf
    • http://www.gorillawalker.com/scrutinizing-lines-reflections-collected-2001-2006.pdf
    • http://www.gorillawalker.com/heaven-john-macarthur-s-bible-studies.pdf
    • http://www.gorillawalker.com/famous-japanese-swordsmen-the-period-of-unification.pdf
    • http://www.gorillawalker.com/sham-how-the-self-help-movement-made-america-helpless-unabridged.pdf
    • http://www.gorillawalker.com/special-carrot-cake-recipes-kindle-edition.pdf
    • http://www.gorillawalker.com/der-hohe-schein-roman-aus-den-bergen-german-edition.pdf
    • http://www.gorillawalker.com/new-york-post-scary-su-doku.pdf
    • http://www.gorillawalker.com/helen-keller-timeline-for-kids.pdf
    • http://www.gorillawalker.com/beyond-actions-psychology-of-action-research-for
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.