Malicious PDF — malware analysis report

Static analysis result for SHA-256 d5e2063525bd5b38…

MALICIOUS

PDF

42.7 KB Created: 2018-12-11 20:44:40 +03:00 Authoring application: (Infix Pro) (via PDFKit.NET 3.0.58.0)
MD5: 149aa3c0083de6f179d2f327ed09e94e SHA-1: 339877038f85610a50088110c13dea339c09021e SHA-256: d5e2063525bd5b38ad9ee3164cc8c0462167d32cf81ed0d8dede5f897127a02a
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF document was flagged by a machine learning classifier and contains a large number of external links, indicating a potential link farm or redirection scheme. The heuristic 'PDF_SEO_LINK_FARM' specifically identifies the presence of numerous external PDF links, with the first observed URL being http://www.gorillawalker.com/aromatherapy-aromatic-plants-chinese-edition.pdf. While no scripts were extracted, the sheer volume of links suggests an attempt to manipulate search engine results or lead users to potentially malicious content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8698

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/aromatherapy-aromatic-plants-chinese-edition.pdf
    • http://www.gorillawalker.com/south-asia-s-cold-war-nuclear-weapons-and-conflict-in.pdf
    • http://www.gorillawalker.com/hugh-of-saint-victor-on-the-sacraments-of-the-christian.pdf
    • http://www.gorillawalker.com/blood-moon-rising.pdf
    • http://www.gorillawalker.com/low-carb-diet-recipes-47-delicious-quick-and-easy-to.pdf
    • http://www.gorillawalker.com/total-heart-health-for-women-a-life-enriching-plan-for.pdf
    • http://www.gorillawalker.com/pink-flush-an-erotic-tale-of-lesbian-submission.pdf
    • http://www.gorillawalker.com/the-american-revolution-crossword-puzzles.pdf
    • http://www.gorillawalker.com/by-larry-a-glasgow-transport-phenomena-an-introduction-to-advanced.pdf
    • http://www.gorillawalker.com/royal-family-royal-lovers-king-james-of-england-and-scotland.pdf
    • http://www.gorillawalker.com/robocop-volume-1-sc.pdf
    • http://www.gorillawalker.com/a-church-for-rachel.pdf
    • http://www.gorillawalker.com/rebuilding-identity-the-nehemiah-memoir-and-its-earliest-readers-beihefte.pdf
    • http://www.gorillawalker.com/journey-on-the-estrada-real-encounters-in-the-mountains-of.pdf
    • http://www.gorillawalker.com/serious-educational-game-assessment-practical-methods-and-models-for-educational.pdf
    • http://www.gorillawalker.com/mistletoe-over-manhattan-harlequin-comics-kindle-edition.pdf
    • http://www.gorillawalker.com/sertian-princess-kindle-edition.pdf
    • http://www.gorillawalker.com/the-spider-elemental-assassin.pdf
    • http://www.gorillawalker.com/the-fmea-pocket-handbook.pdf
    • http://www.gorillawalker.com/farm-magnet-book-farmyard-tales.pdf
    • http://www.gorillawalker.com/the-privateer-a-pirate-for-the-queen.pdf
    • http://www.gorillawalker.com/fiber-bragg-gratings-optics-and-photonics.pdf
    • http://www.gorillawalker.com/turning-point.pdf
    • http://www.gorillawalker.com/the-baby-dilemma-how-to-confidently-decide-whether-or-not.pdf
    • http://www.gorillawalker.com/the-devil-s-picnic-travels-through-the-underworld-of-food.pdf
    • http://www.gorillawalker.com/filling-the-void-governance-in-somalia-pakistan-and-yemen-world.pdf
    • http://www.gorillawalker.com/women-and-gender-in-early-jewish-and-palestinian-nationalism.pdf
    • http://www.gorillawalker.com/state-of-fear-low-price-cd.pdf
    • http://www.gorillawalker.com/contemplate-my-wounds-100-pack.pdf
    • http://www.gorillawalker.com/picturing-addition-from-models-to-symbols.pdf
    • http://www.gorillawalker.com/10-ways-to-reboot-your-mind-for-success.pdf
    • http://www.gorillawalker.com/teach-yourself-developing-your-child-s-creativity.pdf
    • http://www.gorillawalker.com/goose-green-a-battle-is-fought-to-be-won.pdf
    • http://www.gorillawalker.com/sadako-and-the-thousand-paper-cranes-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/mathematical-modelling-of-environmental-and-ecological-systems-developments-in-environmental.pdf
    • http://www.gorillawalker.com/using-festivals-to-inspire-and-engage-young-children-a-month.pdf
    • http://www.gorillawalker.com/a-dangerous-kiss-grayson-friends.pdf
    • http://www.gorillawalker.com/for-duty-and-deity-ad-d-forgotten-realms.pdf
    • http://www.gorillawalker.com/kilala-princess-volume-2.pdf
    • http://www.gorillawalker.com/british-vocational-qualifications-a-directory-of-vocational-qualifications-available-from.pdf
    • http://www.gorill
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.