Malicious PDF — malware analysis report

Static analysis result for SHA-256 d2577ffe4abc7e9a…

MALICIOUS

PDF

44.7 KB Created: 2018-12-15 20:19:50 +03:00 Authoring application: Adobe PageMaker 7.0 (via Acrobat Distiller 5.0.5 for Macintosh)
MD5: 4d6a5706e087d865101590635c26a5c8 SHA-1: 5cdfb3b71749e2da3f039ecfe759b2df73a7a26a SHA-256: d2577ffe4abc7e9a40b2ab2c2a744782ee7383b22567c07c765bbf0c9d603551
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious File

The PDF file was flagged by a machine learning classifier and contains a significant number of embedded external links, indicating a potential SEO manipulation or content distribution scheme. The primary attack pattern observed is the creation of a link farm, likely to boost search engine rankings for the linked content or to serve as a distribution point for further malicious activity. No scripts were extracted, and the document body was unreadable.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8439

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-transplant-patient-biological-psychiatric-and-ethical-issues-in-organ.pdf
    • http://www.gorillawalker.com/think-big-make-it-happen-in-business-and-life.pdf
    • http://www.gorillawalker.com/easy-riders-raging-bulls-how-the-sex-drugs-and-rock.pdf
    • http://www.gorillawalker.com/25-ways-to-improve-your-website.pdf
    • http://www.gorillawalker.com/production-design-and-art-direction-screencraft-series.pdf
    • http://www.gorillawalker.com/trauma-critical-care.pdf
    • http://www.gorillawalker.com/why-talking-is-not-enough-eight-loving-actions-that-will.pdf
    • http://www.gorillawalker.com/modal-combination-in-response-spectrum-analysis-of-piping-systems.pdf
    • http://www.gorillawalker.com/green-economics-confronting-the-ecological-crisis.pdf
    • http://www.gorillawalker.com/communism-and-nationalism-in-india-m-n-roy-and-comintern.pdf
    • http://www.gorillawalker.com/proteccionismo-y-aranceles-colecci.pdf
    • http://www.gorillawalker.com/just-keep-pedaling-a-corner-to-corner-bike-ride-across.pdf
    • http://www.gorillawalker.com/alternative-assets-investments-for-a-post-crisis-world-the-wiley.pdf
    • http://www.gorillawalker.com/reader-rabbit-1st-grade-reader-rabbit-giant-workbooks.pdf
    • http://www.gorillawalker.com/the-kansas-city-medical-index-lancet-volume-12-issue-4.pdf
    • http://www.gorillawalker.com/pragmatic-circuits-frequency-domain-synthesis-lectures-on-digital-circuits-and.pdf
    • http://www.gorillawalker.com/el-hermano-anansi-y-el-rancho-de-ganado-brother-anansi.pdf
    • http://www.gorillawalker.com/living-well-with-parkinson-s-disease-what-your-doctor-doesn.pdf
    • http://www.gorillawalker.com/thinking-between-islam-and-the-west-the-thoughts-of-seyyed.pdf
    • http://www.gorillawalker.com/seneca-medea-edited-with-introduction-translation-and-commentary.pdf
    • http://www.gorillawalker.com/the-mysterious-guesthouse-sammy-and-brian-mystery-ser.pdf
    • http://www.gorillawalker.com/handbook-of-research-on-student-engagement.pdf
    • http://www.gorillawalker.com/blessing-the-world-ritual-and-lay-piety-in-medieval-religion.pdf
    • http://www.gorillawalker.com/reading-between-the-lines-kindle-edition.pdf
    • http://www.gorillawalker.com/the-gardener-s-guide-to-growing-irises-gardener-s-guide.pdf
    • http://www.gorillawalker.com/the-story-of-jesus-la-historia-de-jesus.pdf
    • http://www.gorillawalker.com/psychedelica-new-art-graphics-and-installations.pdf
    • http://www.gorillawalker.com/set-theory.pdf
    • http://www.gorillawalker.com/understanding-your-medical-laboratory-tests-and-surgical-biopsy-reports.pdf
    • http://www.gorillawalker.com/one-piece-dition-originale-tome-38-rocketman-french-edition.pdf
    • http://www.gorillawalker.com/alien-racer-mission-5-black-ocean.pdf
    • http://www.gorillawalker.com/a-sumerian-observation-of-the-kofels-impact-event.pdf
    • http://www.gorillawalker.com/alternative-rules-for-determining-tort-liability.pdf
    • http://www.gorillawalker.com/come-let-us-anew-vocal-score.pdf
    • http://www.gorillawalker.com/indian-philosophy-a-very-short-introduction-by-hamilton-sue-oxford.pdf
    • http://www.gorillawalker.com/hijos-del-d-a-hijos-de-la-noche-cual-es.pdf
    • http://www.gorillawalker.com/the-complete-works-oxford-shakespeare.pdf
    • http://www.gorillawalker.com/passivity-based-control-of-euler-lagrange-systems-mechanical-electrical-and.pdf
    • http://www.gorillawalker.com/handbook-on-the-economics-of-the-media-elgar-original-reference.pdf
    • http://www.gorillawalker.com/symphony-of-psalms-vocal-score-reduction-for-voice-and-piano.pdf
    • http://www.gorillawalker.com/modal-combination-in-response-spectrum-ana
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.