Malicious PDF — malware analysis report

Static analysis result for SHA-256 cf8d4079ca8bc392…

MALICIOUS

PDF

41.8 KB Created: 2019-03-17 11:09:43 +03:00 Authoring application: Acrobat Distiller 5.0 (Windows) (via Adobe PDF Library 9.9)
MD5: 0b19cc32e4dfc19ba74b7262a414d36d SHA-1: 93447abf43a35233105d7276bf96d8a6a3bcd7b9 SHA-256: cf8d4079ca8bc39274c13355a937a128cd86e39302643d8c13558ca830a11406
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious File

The PDF contains a large number of embedded links to external PDF files, as indicated by the 'PDF_SEO_LINK_FARM' heuristic. The ML classifier also flagged the document as malicious. While no scripts were extracted, the sheer volume of links suggests a malicious intent, possibly for SEO manipulation or to distribute further malware. The document body was unreadable, providing no additional context.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8872

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/coping-with-bpd-dbt-and-cbt-skills-to-soothe-the.pdf
    • http://www.gorillawalker.com/xenia-sun-moon-classics.pdf
    • http://www.gorillawalker.com/pendulum-leon-foucault-and-the-triumph-of-science.pdf
    • http://www.gorillawalker.com/justice-and-school-systems-the-role-of-the-courts-in.pdf
    • http://www.gorillawalker.com/attention-girls-a-guide-to-learn-all-about-your-ad.pdf
    • http://www.gorillawalker.com/the-maudsley-prescribing-guidelines-by-taylor-david-paton-carol-kerwin.pdf
    • http://www.gorillawalker.com/the-eucharistic-theology-of-jeremy-taylor-today.pdf
    • http://www.gorillawalker.com/co-operatives-in-a-post-growth-era-creating-co-operative.pdf
    • http://www.gorillawalker.com/unto-this-last.pdf
    • http://www.gorillawalker.com/banana-sunday-datelines-from-africa.pdf
    • http://www.gorillawalker.com/international-business-competing-in-the-global-marketplace.pdf
    • http://www.gorillawalker.com/radical-container-architecture.pdf
    • http://www.gorillawalker.com/pocket-puerto-rico-the-best-of-the-island-with-beaches.pdf
    • http://www.gorillawalker.com/the-manned-spaceflight-patents-of-max-faget.pdf
    • http://www.gorillawalker.com/cal-98-ballooning.pdf
    • http://www.gorillawalker.com/rock-lake-trail-chequamegon-nicolet-national-forest-sudoc-a-13.pdf
    • http://www.gorillawalker.com/dance-and-the-lived-body-a-descriptive-aesthetics.pdf
    • http://www.gorillawalker.com/the-secret-shelter.pdf
    • http://www.gorillawalker.com/po-mes-pi-ces-prose-introduction-l-analyse-de-textes.pdf
    • http://www.gorillawalker.com/professional-internet-advertising-for-us-government-officials-handbook-world-business.pdf
    • http://www.gorillawalker.com/cooking-the-dutch-oven-way.pdf
    • http://www.gorillawalker.com/transformers-classified-satellite-of-doom.pdf
    • http://www.gorillawalker.com/no-more-independent-reading-without-support-not-this-but-that.pdf
    • http://www.gorillawalker.com/many-moons-oberon-modern-plays.pdf
    • http://www.gorillawalker.com/caries-susceptibility-of-medically-compromised-child-patients.pdf
    • http://www.gorillawalker.com/teaching-dog-obedience-classes-the-manual-for-instructors.pdf
    • http://www.gorillawalker.com/the-recorded-sayings-of-zen-master-joshu.pdf
    • http://www.gorillawalker.com/in-the-coils-of-the-snake-book-iii-the-hollow.pdf
    • http://www.gorillawalker.com/tibby-s-leaf-making-tracks.pdf
    • http://www.gorillawalker.com/the-magic-of-mathematics-discovering-the-spell-of-mathematics.pdf
    • http://www.gorillawalker.com/the-u-s-bishops-and-their-critics-an-economic-and.pdf
    • http://www.gorillawalker.com/the-siren-series-3-brandon-volume-3-paperback.pdf
    • http://www.gorillawalker.com/fodor-s-los-angeles-25-best-full-color-travel-guide.pdf
    • http://www.gorillawalker.com/europe-in-crisis-bolt-from-the-blue.pdf
    • http://www.gorillawalker.com/hollywood-s-earth-shattering-scandals-the-infamous-villains-nymphomaniacs-and.pdf
    • http://www.gorillawalker.com/teaching-counselors-and-therapists-constructivist-and-developmental-course-design.pdf
    • http://www.gorillawalker.com/portrait-of-british-columbia-trade-paperback.pdf
    • http://www.gorillawalker.com/the-armada-book-of-limericks-1st.pdf
    • http://www.gorillawalker.com/stages-of-terror-terrorism-ideology-and-coercion-as-theatre-history.pdf
    • http://www.gorillawalker.com/illustrated-naked-ape.pdf
    • http://www.gorillawalker.com/the-maudsley-prescribing-
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.