Malicious PDF — malware analysis report

Static analysis result for SHA-256 d61b9753d8c2d49e…

MALICIOUS

PDF

43.7 KB Created: 2018-11-30 20:34:08 +03:00 Authoring application: Arbortext Publishing Engine (via PDFlib+PDI 8.0.2p1 (Win32))
MD5: 448f0ef06e86269aab34fb853424d7a5 SHA-1: 65621841c945eea0fb0e4197d7c22984843a8df0 SHA-256: d61b9753d8c2d49e46460bbdb86b32e3a4fb9b0ca8c5beaf7ca3e33cfc59bcbf
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF was flagged by a machine learning classifier and a critical heuristic for containing a large number of external links. The heuristic specifically identified a 'link farm' pattern, suggesting the document's primary purpose is to host these links. While no scripts were extracted, the sheer volume and nature of the embedded URLs indicate a malicious intent, likely to manipulate search engine rankings or redirect users to potentially harmful websites.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9171

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/modern-biology-biotechnology-labs.pdf
    • http://www.gorillawalker.com/sealed-with-a-kiss-inspy-kisses-volume-2.pdf
    • http://www.gorillawalker.com/coleccion-de-historiadores-de-chile-y-documentos-relativos-a-la.pdf
    • http://www.gorillawalker.com/dirt-bikes-ultimate-motorcycle-series.pdf
    • http://www.gorillawalker.com/the-american-replacement-of-nature.pdf
    • http://www.gorillawalker.com/the-bone-factory-kindle-edition.pdf
    • http://www.gorillawalker.com/erotic-themes-of-nepal-an-analytical-study-and-interpretations-of.pdf
    • http://www.gorillawalker.com/war-conflict-history-in-words-from-the-national-archives-history.pdf
    • http://www.gorillawalker.com/organizational-learning-individual-differences-technologies-and-impact-of-teaching.pdf
    • http://www.gorillawalker.com/purity-101-heal-basic-training-for-men-of-integrity-integrity.pdf
    • http://www.gorillawalker.com/cuaderno-de-campo-de-electrificacion-rural-fotovoltaica-handbook-of-country.pdf
    • http://www.gorillawalker.com/franklin-delano-roosevelt-and-the-making-of-modern-america-library.pdf
    • http://www.gorillawalker.com/powerful-girl-journal-rainbow-journey-volume-1-the-powerful-girl.pdf
    • http://www.gorillawalker.com/elements-of-literature-fifth-course-teacher-edition.pdf
    • http://www.gorillawalker.com/the-college-student-s-resume-guide-how-to-write-your.pdf
    • http://www.gorillawalker.com/ibsen-s-theatre-of-ritualistic-visions-an-interdisciplinary-study-of.pdf
    • http://www.gorillawalker.com/t-bar-m-coach.pdf
    • http://www.gorillawalker.com/the-encyclopaedia-of-music-in-ireland.pdf
    • http://www.gorillawalker.com/at-home-with-the-diplomats-inside-a-european-foreign-ministry.pdf
    • http://www.gorillawalker.com/fi-re-mary-french-edition.pdf
    • http://www.gorillawalker.com/groucho-marx-and-other-short-stories-and-tall-tales-the.pdf
    • http://www.gorillawalker.com/suspended-sentences.pdf
    • http://www.gorillawalker.com/the-immigrant-world-of-ybor-city-italians-and-their-latin.pdf
    • http://www.gorillawalker.com/our-commercial-policy-in-the-east.pdf
    • http://www.gorillawalker.com/top-100-free-games-for-the-kindle-fire-kindle-edition.pdf
    • http://www.gorillawalker.com/a-year-of-prayer-approaching-god-with-an-open-heart.pdf
    • http://www.gorillawalker.com/new-nurse-s-survival-guide.pdf
    • http://www.gorillawalker.com/the-canon-law-letter-and-spirit-a-practical-guide-to.pdf
    • http://www.gorillawalker.com/explaining-the-real-life-of-the-living-goddess-nepal-travel.pdf
    • http://www.gorillawalker.com/nkjv-giant-print-reference-bible-cobalt-blue-leathertouch-indexed.pdf
    • http://www.gorillawalker.com/the-fertile-fields-diner-kindle-edition.pdf
    • http://www.gorillawalker.com/air-it-out-increasing-suspension-in-a-pickup-truck-to.pdf
    • http://www.gorillawalker.com/tested-how-twelve-wrongly-imprisoned-men-held-onto-hope.pdf
    • http://www.gorillawalker.com/the-mathematics-of-love-patterns-proofs-and-the-search-for.pdf
    • http://www.gorillawalker.com/cms-approves-florida-medicaid-managed-long-term-care-waiver-open.pdf
    • http://www.gorillawalker.com/marketing-corporate-image.pdf
    • http://www.gorillawalker.com/fast-simulation-of-electro-thermal-mems-efficient-dynamic-compact-models.pdf
    • http://www.gorillawalker.com/characters-and-plots-in-the-fiction-of-raymond-chandler.pdf
    • http://www.gorillawalker.com/cartography-of-the-shores-and-islands-of-greece.pdf
    • http://www.gorillawalker.com/shamanic-wisdom-in-the-pyramid-texts-the-mystical-tradition-of.pdf
    • http://www.gorillawalker.com/war-conflict-history-in-words-from-the-nation
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.