Malicious PDF — malware analysis report

Static analysis result for SHA-256 ce45e456264ba540…

MALICIOUS

PDF

41.5 KB Created: 2018-11-14 08:17:38 +03:00 Authoring application: Adobe Photoshop 5.0 (via Adobe Photoshop for Windows)
MD5: 9b07e093f4d4a9faabde260d9b3576c2 SHA-1: c898638b78dcfae7e4fe5cb3293e62f3cf480519 SHA-256: ce45e456264ba54028907ef237674ebe630f5817f3d760a537a7ee59ef88cd48
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links pointing to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged the document as malicious. The primary attack pattern appears to be a link farm designed to manipulate search engine results or distribute further malicious content, rather than a direct user-facing lure within the document body itself.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/by-jack-anderson-ballet-and-modern-dance-a-concise-history.pdf
    • http://www.gorillawalker.com/graph-theory-an-introductory-course-graduate-texts-in-mathematics.pdf
    • http://www.gorillawalker.com/the-get-fuzzy-experience-are-you-bucksperienced-get-fuzzy-series.pdf
    • http://www.gorillawalker.com/so-full-it-hurts-massive-17-book-erotic-mega-bundle.pdf
    • http://www.gorillawalker.com/antibiotic-essentials-2010.pdf
    • http://www.gorillawalker.com/the-decision-tree-taking-control-of-your-health-in-the.pdf
    • http://www.gorillawalker.com/aliceheimer-s-alzheimer-s-through-the-looking-glass.pdf
    • http://www.gorillawalker.com/blood-music.pdf
    • http://www.gorillawalker.com/city-girl-a-yellow-rose-trilogy-3.pdf
    • http://www.gorillawalker.com/trevor-s-gluten-free-surprise-helping-others-understand-gluten-free.pdf
    • http://www.gorillawalker.com/nasopharyngeal-carcinoma-keys-for-translational-medicine-and-biology-advances-in.pdf
    • http://www.gorillawalker.com/the-oxford-book-of-english-verse-1250-1918.pdf
    • http://www.gorillawalker.com/milagro-en-los-andes-miracle-in-the-andes-72-days.pdf
    • http://www.gorillawalker.com/spiritual-warfare-for-women-winning-the-battle-for-your-home.pdf
    • http://www.gorillawalker.com/jeff-koons-versailles.pdf
    • http://www.gorillawalker.com/autumn-glimmer-the-glimmer-books.pdf
    • http://www.gorillawalker.com/outline-diagnosis-and-treatment-of-respiratory-disease-and-quality-control.pdf
    • http://www.gorillawalker.com/the-shadows-black-dagger-brotherhood.pdf
    • http://www.gorillawalker.com/osaka-travel-map-2nd-edition-periplus-travel-maps.pdf
    • http://www.gorillawalker.com/racial-science-in-hitler-s-new-europe-1938-1945-critical.pdf
    • http://www.gorillawalker.com/nature-s-place.pdf
    • http://www.gorillawalker.com/some-enchanted-evening-piano-vocal-sheet-music.pdf
    • http://www.gorillawalker.com/volatile-markets-made-easy-trading-stocks-and-options-for-increased.pdf
    • http://www.gorillawalker.com/signature-moves-the-finishing-moves-of-sport-entertainment-superstars-paperback.pdf
    • http://www.gorillawalker.com/internal-combustion-engine-handbook-basics-components-systems-and-perspectives.pdf
    • http://www.gorillawalker.com/smithsonian-earth.pdf
    • http://www.gorillawalker.com/banking-and-capital-markets-2013.pdf
    • http://www.gorillawalker.com/alpi-pusteresi-vedrette-di-ries-guida-dei-monti-d-italia.pdf
    • http://www.gorillawalker.com/twenty-steps-to-power-influence-and-control-over-people.pdf
    • http://www.gorillawalker.com/illustration-play.pdf
    • http://www.gorillawalker.com/busy-and-blessed-10-simple-steps-for-parents-seeking-peace.pdf
    • http://www.gorillawalker.com/satan-exposed-defeating-the-powers-of-darkness.pdf
    • http://www.gorillawalker.com/developing-gestalt-counselling-a-field-theoretical-and-relational-model-of.pdf
    • http://www.gorillawalker.com/carson-wylde-boys-2-siren-publishing-everlasting-classic-manlove.pdf
    • http://www.gorillawalker.com/boston-s-fish-pier-facing-the-crosscurrents-of-change-boston.pdf
    • http://www.gorillawalker.com/a-vegetarian-in-paris.pdf
    • http://www.gorillawalker.com/scripture-and-counseling-god-s-word-for-life-in-a.pdf
    • http://www.gorillawalker.com/how-big-was-a-dinosaur-picture-books.pdf
    • http://www.gorillawalker.com/scenarios-in-i-t-communicating-and-handling-information-pack-2.pdf
    • http://www.gorillawalker.com/winds-of-destruction-the-autobiography-of-a-rhodesian-combat-pilot.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.