Malicious PDF — malware analysis report

Static analysis result for SHA-256 d0f697d6b6b9a83e…

MALICIOUS

PDF

42.6 KB Created: 2019-03-17 06:31:51 +03:00 Authoring application: Adobe PageMaker 6.5 (via Acrobat Distiller 5.0 (Windows))
MD5: 65ff05185aeac6747a71c08ad2301d00 SHA-1: 89737e4461dc0f3192604969b945f785b6f6b1e9 SHA-256: d0f697d6b6b9a83e0e3fa6dfa588823f88e960b7737ae0accfffe3459f42a5bd
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF was flagged by a critical heuristic for containing a large number of external links, suggesting a link farm or SEO abuse. The ML classifier also indicated a high probability of maliciousness. While no scripts were extracted, the sheer volume of links to other PDFs hosted on the same domain points to a content-driven lure or a method to distribute further malicious content. The primary attack pattern involves leveraging a large number of embedded URLs.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8242

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/thomas-struth-museum-of-cycladic-art-athens.pdf
    • http://www.gorillawalker.com/in-yer-face.pdf
    • http://www.gorillawalker.com/self-defense-for-gentlemen-and-ladies-a-nineteenth-century-treatise.pdf
    • http://www.gorillawalker.com/folk-designs-for-artists-and-craftspeople-dover-pictorial-archives.pdf
    • http://www.gorillawalker.com/aula-internacional-2-libro-del-alumno-cd-spanish-edition.pdf
    • http://www.gorillawalker.com/robots-and-the-whole-technology-story-science-sorted.pdf
    • http://www.gorillawalker.com/on-the-farm-picture-books.pdf
    • http://www.gorillawalker.com/the-politics-of-faith-during-the-civil-war.pdf
    • http://www.gorillawalker.com/find-a-face.pdf
    • http://www.gorillawalker.com/classic-movie-instrumental-solos-alto-sax-book-cd-alfred-s.pdf
    • http://www.gorillawalker.com/earthing-the-most-important-health-discovery-ever-2nd-edition.pdf
    • http://www.gorillawalker.com/desert-shield-the-build-up-the-complete-story-military-power.pdf
    • http://www.gorillawalker.com/ringing-changes.pdf
    • http://www.gorillawalker.com/understanding-civil-wars-continuity-and-change-in-intrastate-conflict-routledge.pdf
    • http://www.gorillawalker.com/red-hot-chili-peppers-stadium-arcadium-drum-recorded-versions.pdf
    • http://www.gorillawalker.com/early-eocene-bats-mammalia-chiroptera-and-other-vertebrates-in-freshwater.pdf
    • http://www.gorillawalker.com/manderley-map-of-cheltenham.pdf
    • http://www.gorillawalker.com/islam-and-the-clash-of-civilizations.pdf
    • http://www.gorillawalker.com/fresh-talk-daring-gazes-conversations-on-asian-american-art.pdf
    • http://www.gorillawalker.com/managing-chronic-pain-a-patient-s-guide.pdf
    • http://www.gorillawalker.com/how-to-mountain-bike-your-step-by-step-guide-to.pdf
    • http://www.gorillawalker.com/getting-it-right-the-tresillian-guide-to-parenting-in-your.pdf
    • http://www.gorillawalker.com/quiz-master-eye-teasers.pdf
    • http://www.gorillawalker.com/writing-for-an-endangered-world-literature-culture-and-environment-in.pdf
    • http://www.gorillawalker.com/halo-the-flood-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/olga-romanov.pdf
    • http://www.gorillawalker.com/introduction-to-health-care-careers.pdf
    • http://www.gorillawalker.com/run-from-you.pdf
    • http://www.gorillawalker.com/undercurrents-the-hidden-wiring-of-modern-music.pdf
    • http://www.gorillawalker.com/christmas-candlelighting-light-bulletin-2014-regular-package-of-50.pdf
    • http://www.gorillawalker.com/geschenke-aus-der-k-che-kreative-ideen-f-r-das.pdf
    • http://www.gorillawalker.com/medianoche-en-la-luna-casa-del-arbol-spanish-edition.pdf
    • http://www.gorillawalker.com/spoiler-groups-and-un-peacekeeping-adelphi-series.pdf
    • http://www.gorillawalker.com/kit-fashioning-the-sporting-body.pdf
    • http://www.gorillawalker.com/minecraft-minecraft-top-tips-and-building-techniques-you-wish-you.pdf
    • http://www.gorillawalker.com/understanding-records-a-field-guide-to-recording-practice.pdf
    • http://www.gorillawalker.com/government-entitlements-controversy.pdf
    • http://www.gorillawalker.com/healing-the-root-of-pain-a-non-drug-solution-for.pdf
    • http://www.gorillawalker.com/airbrushing-the-human-form.pdf
    • http://www.gorillawalker.com/short-stories-of-life-and-death-complexities-of-the-human.pdf
    • http://www.gorillawalke
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.