Malicious PDF — malware analysis report

Static analysis result for SHA-256 d2108dd0415deb86…

MALICIOUS

PDF

43.2 KB Created: 2019-02-14 08:13:42 +03:00 Authoring application: Windows PSCRIPT (via Acrobat Distiller 3.01 for Windows)
MD5: 6107d312b237008efd3710c26fbf9d43 SHA-1: 95265bfaaefe3b62189a4de1df8ff7305b703de2 SHA-256: d2108dd0415deb8627a6d6f78e233db128f8b7975cc4ce446d3febdd6fb94a50
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF file contains a large number of embedded URLs pointing to external websites, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged the document as malicious. The primary attack pattern appears to be a link farm designed to direct users to numerous external resources, potentially for SEO manipulation or to host further malicious content. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8452

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-gospel-of-thomas-fully-interpreted-the-truth-will-set.pdf
    • http://www.gorillawalker.com/romans-the-divine-marriage-a-biblical-theological-commentary.pdf
    • http://www.gorillawalker.com/out-of-love.pdf
    • http://www.gorillawalker.com/one-river-explorations-and-discoveries-in-the-amazon-rain-forest.pdf
    • http://www.gorillawalker.com/hell-razor-honeys-the-cartel-publications-presents.pdf
    • http://www.gorillawalker.com/prime-cut-goldy-culinary-mysteries-book-8.pdf
    • http://www.gorillawalker.com/living-a-real-life-with-real-food-how-to-get.pdf
    • http://www.gorillawalker.com/costa-rican-natural-history.pdf
    • http://www.gorillawalker.com/on-the-flavour-trail.pdf
    • http://www.gorillawalker.com/live-long-profit-wealthbuilding-strategies-for-every-stage-of-your.pdf
    • http://www.gorillawalker.com/the-bikes-that-fucked-us-dildo-bike-group-bisexual-sex.pdf
    • http://www.gorillawalker.com/europe-marco-polo-maxi-atlas-marco-polo-atlases.pdf
    • http://www.gorillawalker.com/gasolina-y-la-dama-vestal-de-brattle-gasoline-vestal-lady.pdf
    • http://www.gorillawalker.com/code-of-federal-regulations-title-22-foreign-relations-pt-300.pdf
    • http://www.gorillawalker.com/the-nile-river-the-longest-river-in-the-world-natural.pdf
    • http://www.gorillawalker.com/virginia-birds-a-folding-pocket-guide-to-familiar-species-pocket.pdf
    • http://www.gorillawalker.com/chemical-mechanical-polishing-fundamentals-and-challenges-volume-566-mrs-proceedings.pdf
    • http://www.gorillawalker.com/licensing-law-theory-application.pdf
    • http://www.gorillawalker.com/la-furia-de-evita-spanish-edition.pdf
    • http://www.gorillawalker.com/violent-python-a-cookbook-for-hackers-forensic-analysts-penetration-testers.pdf
    • http://www.gorillawalker.com/clausewitz-in-english-the-reception-of-clausewitz-in-britain-and.pdf
    • http://www.gorillawalker.com/jesus-his-triumph-over-death-study-guide-discover-life-bible.pdf
    • http://www.gorillawalker.com/on-the-origin-of-stories-evolution-cognition-and-fiction.pdf
    • http://www.gorillawalker.com/alfred-first-division-band-method-part-3-trombone.pdf
    • http://www.gorillawalker.com/kitty-and-the-midnight-hour-kitty-norville-book-1-kindle.pdf
    • http://www.gorillawalker.com/first-mile-access-networks-and-enabling-technologies.pdf
    • http://www.gorillawalker.com/the-art-of-written-forms-the-theory-and-practice-of.pdf
    • http://www.gorillawalker.com/debrett-s-peerage-baronetage-2015.pdf
    • http://www.gorillawalker.com/five-by-five-2-no-surrender-five-by-five-military.pdf
    • http://www.gorillawalker.com/time-ages-in-a-hurry.pdf
    • http://www.gorillawalker.com/basic-nursing-skillsused-by-the-nursing-foreign-nursing-and-midwifery.pdf
    • http://www.gorillawalker.com/strolling-through-istanbul-kegan-paul-travellers-series.pdf
    • http://www.gorillawalker.com/distant-deep-haunting-of-grey-hills.pdf
    • http://www.gorillawalker.com/more-easy-classical-themes.pdf
    • http://www.gorillawalker.com/sulla-lingua-italiana-discorsi-sei-italian-edition.pdf
    • http://www.gorillawalker.com/lilly-s-big-day-and-other-stories.pdf
    • http://www.gorillawalker.com/imagining-the-elephant-a-biography-of-allan-macleod-cormack.pdf
    • http://www.gorillawalker.com/healthy-children-108-childhood-diseases-asthma-bronchitis-anemia-allergies-etc.pdf
    • http://www.gorillawalker.com/leaving-the-tarmac-buying-a-bank-in-africa.pdf
    • http://www.gorillawalker.com/adopting-and-remembering-soviet-reality-life-stories-of-lithuanian-women.pdf
    • http://www.gorillawalker.com/prime-cut-goldy-culinary-myster
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.