Malicious PDF — malware analysis report

Static analysis result for SHA-256 d4a792e6b04e47aa…

MALICIOUS

PDF

44.0 KB Created: 2018-11-30 20:19:33 +03:00 Authoring application: pdftk 1.44 - www.pdftk.com (via itext-paulo-155 (itextpdf.sf.net-lowagie.com))
MD5: 1e1224e1ed38cfb5c3c281b1ae338359 SHA-1: 6441ce9cba7d0835706a7fca48a731686941c59a SHA-256: d4a792e6b04e47aa41b498b1cf65f4052d42e119e5520c38e69cef87b79ecb2b
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious File

The PDF contains a large number of external links to other PDF files, a technique commonly used for SEO manipulation or to host malicious content. The ML classifier also flagged this PDF as malicious. The primary attack pattern observed is the creation of a link farm to distribute or obscure malicious content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8439

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/nine-plays.pdf
    • http://www.gorillawalker.com/when-the-women-come-out-to-dance-stories-leonard-elmore.pdf
    • http://www.gorillawalker.com/the-promise-of-memory-history-and-politics-in-marx-benjamin.pdf
    • http://www.gorillawalker.com/giorgio-morandi-lines-of-poetry.pdf
    • http://www.gorillawalker.com/the-good-girl-s-guide-to-getting-lost-a-memoir.pdf
    • http://www.gorillawalker.com/watch-this-face-a-practical-guide-to-lipreading.pdf
    • http://www.gorillawalker.com/chopin-etude-op-10-no-10-instantly-download-and-print.pdf
    • http://www.gorillawalker.com/selecting-and-implementing-energy-trading-transaction-and-risk-management-software.pdf
    • http://www.gorillawalker.com/akbar-een-oosterse-roman-by-brouwer-world-cultural-heritage-library.pdf
    • http://www.gorillawalker.com/the-new-purity-cook-book-the-complete-guide-to-canadian.pdf
    • http://www.gorillawalker.com/the-security-of-sea-lanes-of-communication-in-the-indian.pdf
    • http://www.gorillawalker.com/introductory-geographic-information-systems-prentice-hall-series-in-geographic-information.pdf
    • http://www.gorillawalker.com/evolution-third-edition.pdf
    • http://www.gorillawalker.com/asvab-for-dummies-premier-plus-with-free-online-practice-tests.pdf
    • http://www.gorillawalker.com/the-encyclopedia-of-work-related-illnesses-injuries-and-health-issues.pdf
    • http://www.gorillawalker.com/treatment-for-menopause-kindle-edition.pdf
    • http://www.gorillawalker.com/the-complete-plays-the-hostage-the-quare-fellow-richard-s.pdf
    • http://www.gorillawalker.com/epilepsy-in-our-world-stories-of-living-with-seizures-from.pdf
    • http://www.gorillawalker.com/the-generalized-reciprocal-method-of-seismic-refraction-interpretation.pdf
    • http://www.gorillawalker.com/vertical-progression-guide-for-the-common-core-mathematics-k-12.pdf
    • http://www.gorillawalker.com/the-information-diet-a-case-for-conscious-comsumption.pdf
    • http://www.gorillawalker.com/the-functional-approach-to-programming-kindle-edition.pdf
    • http://www.gorillawalker.com/illusions-visual-oddities-deck-ii.pdf
    • http://www.gorillawalker.com/learn-to-count-funny-bunnies.pdf
    • http://www.gorillawalker.com/being-the-other-woman-who-we-are-what-every-woman.pdf
    • http://www.gorillawalker.com/hollywood-before-glamour-fashion-in-american-silent-film.pdf
    • http://www.gorillawalker.com/the-blackest-streets-the-life-and-death-of-a-victorian.pdf
    • http://www.gorillawalker.com/the-abc-of-relativity.pdf
    • http://www.gorillawalker.com/2016-black-and-white-simplicity-18-month-planner.pdf
    • http://www.gorillawalker.com/100-hikes-in-northwest-oregon-second-edition.pdf
    • http://www.gorillawalker.com/science-gender-and-history-the-fantastic-in-mary-shelley-and.pdf
    • http://www.gorillawalker.com/traveling-toward-tibet.pdf
    • http://www.gorillawalker.com/a-guide-to-199-michigan-waterfalls.pdf
    • http://www.gorillawalker.com/the-health-care-system-information-plus.pdf
    • http://www.gorillawalker.com/women-s-institute-bread.pdf
    • http://www.gorillawalker.com/the-form-of-the-question-american-casebook-series.pdf
    • http://www.gorillawalker.com/as-one-mad-with-wine-and-other-similes.pdf
    • http://www.gorillawalker.com/a-prison-of-worlds-the-chained-worlds-chronicles-book-1.pdf
    • http://www.gorillawalker.com/romantic-paradise-kindle-edition.pdf
    • http://www.gorillawalker.com/good-money-urban-soul-presents.pdf
    • http://www.gorillawalker.com/the-good-girl-s-guide-to-getting-
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.