Malicious PDF — malware analysis report

Static analysis result for SHA-256 d054413e4381b78f…

MALICIOUS

PDF

47.7 KB Created: 2018-12-11 20:45:11 +03:00 Authoring application: Adobe InDesign CC (Macintosh) (via Adobe PDF Library 10.0.1)
MD5: f145273104ba40af12c016b4c9a5987a SHA-1: efa8f9462cdf4cabbf44b02e67478d1d676aeffc SHA-256: d054413e4381b78f053ad87c17b9fd89abe33f647085b4ad7aa6a2a008918181
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious File

The PDF was flagged by a critical heuristic for containing a large number of external links, suggesting a link farm or SEO abuse. The ML classifier also indicated a high probability of maliciousness. While no scripts were extracted, the sheer volume of links to PDFs on a single domain points towards an attempt to manipulate search engine rankings or distribute content, potentially including malicious payloads disguised as legitimate documents.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8868

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/correlated-parametric-terrain-surface-development-using-spectral-fractal-geometry-and.pdf
    • http://www.gorillawalker.com/magic-tree-house-fact-tracker-13-pilgrims-a-nonfiction-companion.pdf
    • http://www.gorillawalker.com/geodesy-de-gruyter-textbook.pdf
    • http://www.gorillawalker.com/texes-mathematics-science-4-8-114-secrets-study-guide-texes.pdf
    • http://www.gorillawalker.com/how-did-i-get-to-be-40-other-atrocities.pdf
    • http://www.gorillawalker.com/how-should-we-live-a-practical-approach-to-everyday-morality.pdf
    • http://www.gorillawalker.com/bulgarian-road-map-translation-of-some-bulgarian-terms-in-the.pdf
    • http://www.gorillawalker.com/the-elements-of-statistical-learning-springer-series-in-statistics-kindle.pdf
    • http://www.gorillawalker.com/the-bahamas-98-the-complete-guide-to-perfect-island-vacations.pdf
    • http://www.gorillawalker.com/a-winning-edge.pdf
    • http://www.gorillawalker.com/optical-transmission-systems-engineering-artech-house-optoelectronics-library.pdf
    • http://www.gorillawalker.com/a-statistical-compendium-on-the-ukrainians-in-canada-1891-1976.pdf
    • http://www.gorillawalker.com/metallica-ride-the-lightning-for-drums-play-it-like-it.pdf
    • http://www.gorillawalker.com/project-management-the-managerial-process.pdf
    • http://www.gorillawalker.com/smara-the-forbidden-city-being-the-journal-of-michel-vieuchange.pdf
    • http://www.gorillawalker.com/self-talk-soul-talk-what-to-say-when-you-talk.pdf
    • http://www.gorillawalker.com/effective-resource-management-in-manufacturing-systems-optimization-algorithms-for-production.pdf
    • http://www.gorillawalker.com/bernanke-s-test-ben-bernanke-alan-greenspan-and-the-drama.pdf
    • http://www.gorillawalker.com/what-is-it-the-story-of-manna-in-the-desert.pdf
    • http://www.gorillawalker.com/obstetrical-pearls-a-practical-guide-for-the-efficient-resident.pdf
    • http://www.gorillawalker.com/clockwork-cthulhu-op.pdf
    • http://www.gorillawalker.com/hermit-in-paris-autobiographical-writings-kindle-edition.pdf
    • http://www.gorillawalker.com/music-production-recording-a-guide-for-producers-engineers-and-musicians.pdf
    • http://www.gorillawalker.com/no-time-for-sergeants.pdf
    • http://www.gorillawalker.com/drugs-and-human-lactation-second-edition-a-comprehensive-guide-to.pdf
    • http://www.gorillawalker.com/a-la-manera-de-los-j-venes-sentido-com-n.pdf
    • http://www.gorillawalker.com/hobart-boulevard-cook-book-cooking-in-america.pdf
    • http://www.gorillawalker.com/acta-secietatis-scientiarum-swedish-edition.pdf
    • http://www.gorillawalker.com/animal-communication-carolina-biology-reader.pdf
    • http://www.gorillawalker.com/london-visitors-atlas-guide-a-z.pdf
    • http://www.gorillawalker.com/partita-for-treble-recorder-flute-and-harpsichord-piano.pdf
    • http://www.gorillawalker.com/best-practices-for-the-learner-centered-classroom-a-collection-of.pdf
    • http://www.gorillawalker.com/chase-the-wind-number-2-in-series-retallick-saga.pdf
    • http://www.gorillawalker.com/the-merleau-ponty-dictionary-bloomsbury-philosophy-dictionaries-kindle-edition.pdf
    • http://www.gorillawalker.com/white-chalk-crime-the-real-reason-schools-fail-untold-story.pdf
    • http://www.gorillawalker.com/cliffsnotes-gmat-cram-plan-2nd-edition-cliffsnotes-cram-plan.pdf
    • http://www.gorillawalker.com/resumes-for-government-careers-vgm-professional-resumes-series.pdf
    • http://www.gorillawalker.com/the-paradox-of-wealth-and-poverty-mapping-the-ethical-dilemmas.pdf
    • http://www.gorillawalker.com/the-knowledge-creating-company-how-japanese-companies-create-the-dynamics.pdf
    • http://www.gorillawalker.com/diners-of-new-york.pdf
    • http://www.gorillawalker.com/how-should-we-li
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.