Malicious PDF — malware analysis report

Static analysis result for SHA-256 d5fc576360008337…

MALICIOUS

PDF

41.9 KB Created: 2018-11-30 20:33:51 +03:00 Authoring application: - (via Acrobat Web Capture 5.0)
MD5: 342c829272be70cbfa2cdbc051b56e56 SHA-1: 2cc52a87305d3e77de9b8bcfc625d76fd9901139 SHA-256: d5fc5763600083370c0626ed7d01962a51b72da6174926755385c7cdff94b860
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded URLs pointing to external websites, identified by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged this PDF as malicious. The primary attack pattern appears to be a link farm, likely intended for SEO manipulation or to redirect users to malicious content hosted on the linked domains. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/chakras-a-better-health-guide-to-chakra-balancing-chakra-healing.pdf
    • http://www.gorillawalker.com/pilates-mat-training-a-guide-for-fitness-professionals-from-the.pdf
    • http://www.gorillawalker.com/blackmailed-into-submission-erotic-quickie-my-master-s-hand-book.pdf
    • http://www.gorillawalker.com/travel-lust-lydia-s-fantasies-1.pdf
    • http://www.gorillawalker.com/architectural-photography-professional-techniques-for-shooting-interior-and-exterior-spaces.pdf
    • http://www.gorillawalker.com/six-thousand-signatures-my-trek-through-illinois-politics.pdf
    • http://www.gorillawalker.com/monoclonal-antibody-therapy-chemical-immunology-and-allergy.pdf
    • http://www.gorillawalker.com/abelian-groups.pdf
    • http://www.gorillawalker.com/national-museum-of-bhutan.pdf
    • http://www.gorillawalker.com/gardens-and-grim-ravines-the-language-of-landscape-in-victorian.pdf
    • http://www.gorillawalker.com/preventing-earthquake-disasters-the-grand-challenge-in-earthquake-engineering-a.pdf
    • http://www.gorillawalker.com/applications-of-three-dimensional-analytic-geometry.pdf
    • http://www.gorillawalker.com/when-the-soul-mends-sisters-of-the-quilt-book-3.pdf
    • http://www.gorillawalker.com/passage-of-arms.pdf
    • http://www.gorillawalker.com/epistemic-communities-constructivism-and-international-environmental-politics.pdf
    • http://www.gorillawalker.com/durch-tirol-nach-dem-suden-schlern-schriften-german-edition.pdf
    • http://www.gorillawalker.com/of-sun-moon-midnight-guardian-series-book-1.pdf
    • http://www.gorillawalker.com/capone-a-photographic-portrait-of-america-s-most-notorious-gangster.pdf
    • http://www.gorillawalker.com/watertrail-the-hidden-path-through-puget-sound.pdf
    • http://www.gorillawalker.com/a-guide-to-understanding-colon-surgery-patient-information-library.pdf
    • http://www.gorillawalker.com/vocabulary-dictionary-and-workbook-2-856-words-you-must-know.pdf
    • http://www.gorillawalker.com/bleed-for-me-kindle-edition.pdf
    • http://www.gorillawalker.com/the-complete-idiot-s-guide-to-street-magic-complete-idiot.pdf
    • http://www.gorillawalker.com/the-velocipede-races-bikes-in-space.pdf
    • http://www.gorillawalker.com/a-treatise-on-the-analytic-geometry-of-three-dimensions-volume.pdf
    • http://www.gorillawalker.com/police-humor-cartoons-by-gaspirtz-volume-3.pdf
    • http://www.gorillawalker.com/a-dream-is-a-wish-your-heart-makes-piano-vocal.pdf
    • http://www.gorillawalker.com/the-essential-kamasutra.pdf
    • http://www.gorillawalker.com/aspects-of-leadership-ethics-law-and-spirituality.pdf
    • http://www.gorillawalker.com/el-c-talogo-art-stico-del-museo-del-hermitage-2.pdf
    • http://www.gorillawalker.com/stratigraphy-of-british-isles.pdf
    • http://www.gorillawalker.com/solid-state-electronic-devices-low-price-edition.pdf
    • http://www.gorillawalker.com/noah-baby-s-first-bible-02-kindle-edition.pdf
    • http://www.gorillawalker.com/one-minute-apologist.pdf
    • http://www.gorillawalker.com/mcdonald-s-drinkware-identification-value-guide-identification-values-collector-books.pdf
    • http://www.gorillawalker.com/comfortable-distance.pdf
    • http://www.gorillawalker.com/gary-spetz-s-painting-wild-places-with-watercolors-200-series.pdf
    • http://www.gorillawalker.com/wallbanger-the-cocktail-series.pdf
    • http://www.gorillawalker.com/paraguay-abu-font-house-by-solano-ben-tez-2005-2006.pdf
    • http://www.gorillawalker.com/navajo-trading-the-end-of-an-era.pdf
    • http://www.gorillawalker.com/architectural-photography-professional-technique
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.