Malicious PDF — malware analysis report

Static analysis result for SHA-256 d8e188f25ed110da…

MALICIOUS

PDF

40.5 KB Created: 2019-02-13 06:00:40 +03:00 Authoring application: PScript5.dll Version 5.2.2 (via Acrobat Distiller 7.0 (Windows))
MD5: 730ae6ab1b185a11e2ba687f7050f2f1 SHA-1: c8ea456c6f5b023a096e90fe2044c9a31914402e SHA-256: d8e188f25ed110da44c412a9b8c75d73ba564a040e8635552c682f2c4fcf94d8
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded URLs pointing to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged this PDF as malicious with high confidence. The primary attack pattern appears to be a link farm designed to manipulate search engine results or to distribute a large volume of content, potentially malicious, from a single domain.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/extraaa-shots-challenge-bollywood-quiz-book.pdf
    • http://www.gorillawalker.com/cnet-do-it-yourself-pc-upgrade-projects.pdf
    • http://www.gorillawalker.com/death-of-innocence-the-story-of-the-hate-crime-that.pdf
    • http://www.gorillawalker.com/playbook-learn-to-play-keyboard.pdf
    • http://www.gorillawalker.com/bosquejo-de-la-republica-de-costa-rica-seguido-de-apuntamientos.pdf
    • http://www.gorillawalker.com/the-fear-within-the-unscripted-series-volume-1.pdf
    • http://www.gorillawalker.com/nelson-handwriting-set-1-workbooks-1-2-3.pdf
    • http://www.gorillawalker.com/microsoft-excel-2013-step-by-step-kindle-edition.pdf
    • http://www.gorillawalker.com/flushed-how-the-plumber-saved-civilization-by-w-hodding-carter.pdf
    • http://www.gorillawalker.com/the-lombardi-rules-26-lessons-from-vince-lombardi-the-world.pdf
    • http://www.gorillawalker.com/evolution-special-bonus-edition-the-hyperscape-project-book-2-kindle.pdf
    • http://www.gorillawalker.com/approximate-models-for-stochastic-load-combination-research-report.pdf
    • http://www.gorillawalker.com/the-friendship-of-women-a-spiritual-tradition.pdf
    • http://www.gorillawalker.com/vitebsk-ii.pdf
    • http://www.gorillawalker.com/follow-the-silver-trail-critter-tales.pdf
    • http://www.gorillawalker.com/the-cultural-politics-of-emotion.pdf
    • http://www.gorillawalker.com/stockholm-the-summer-city.pdf
    • http://www.gorillawalker.com/the-teachings-of-maimonides-classics-in-judaica.pdf
    • http://www.gorillawalker.com/take-it-with-a-block-of-salt-foods-that-are.pdf
    • http://www.gorillawalker.com/thoughtful-gardening.pdf
    • http://www.gorillawalker.com/red-hot-blue-a-smithsonian-salute-to-the-american-musical.pdf
    • http://www.gorillawalker.com/reeds-maritime-meteorology.pdf
    • http://www.gorillawalker.com/czerny-art-of-finger-dexterity-for-the-piano-op-740.pdf
    • http://www.gorillawalker.com/missing-michael-a-mother-s-story-of-love-epilepsy-and.pdf
    • http://www.gorillawalker.com/last-expedition.pdf
    • http://www.gorillawalker.com/insect-hemocytes-development-forms-functions-and-techniques-insect-hemocytes-development.pdf
    • http://www.gorillawalker.com/comercio-internacional.pdf
    • http://www.gorillawalker.com/amphibians-of-oregon-washington-and-british-columbia-a-field-identification.pdf
    • http://www.gorillawalker.com/the-penguin-book-of-modern-african-poetry-penguin-classics-kindle.pdf
    • http://www.gorillawalker.com/prentice-hall-forensic-science-student-study-guide-lab-manual.pdf
    • http://www.gorillawalker.com/the-almost-last-roundup-hank-the-cowdog.pdf
    • http://www.gorillawalker.com/a-complete-guide-to-hoysala-temples.pdf
    • http://www.gorillawalker.com/successful-direct-marketing-methods.pdf
    • http://www.gorillawalker.com/algebraic-topology-ems-textbooks-in-mathematics.pdf
    • http://www.gorillawalker.com/dead-lucky-life-after-death-on-mount-everest.pdf
    • http://www.gorillawalker.com/free-legal-services-for-the-poor-increased-coordination-community-legal.pdf
    • http://www.gorillawalker.com/the-ships-of-christopher-columbus-santa-maria-nina-pinta-anatomy.pdf
    • http://www.gorillawalker.com/femdom-power-a-dominant-woman-and-submissive-man-megapack-a.pdf
    • http://www.gorillawalker.com/who-wrote-the-book-of-life-a-history-of-the.pdf
    • http://www.gorillawalker.com/biscuit-finds-a-friend-book-and-cd-my-first-i.pdf
    • http://www.gorillawalker.com/the-fear-within-the-unscripted-series-
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.