Malicious PDF — malware analysis report

Static analysis result for SHA-256 dda627c1daa89ac3…

MALICIOUS

PDF

42.1 KB Created: 2019-02-15 09:00:40 +03:00 Authoring application: Acrobat PDFMaker 10.1 for Word (via Adobe PDF Library 10.0)
MD5: 5f610f8e49734414c2aa7a6fc05fd55d SHA-1: 19d1c1bea5b2293abb3560a6243bcd6fe38c9eae SHA-256: dda627c1daa89ac3c76ce962770a51a302397fa3db9f22a66587425abb1966bc
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious File

The PDF was flagged by a machine learning classifier as malicious and contains a large number of embedded URLs pointing to PDF files on the same domain. This behavior is indicative of a link farm, often used for SEO manipulation or to distribute malicious content. While no scripts were extracted, the sheer volume of links suggests a coordinated effort to direct users to potentially harmful resources.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/ready-freddy-26-the-giant-swing.pdf
    • http://www.gorillawalker.com/real-estate-private-equity-repe-grundlagen-der-finanzierungsform-und-pr.pdf
    • http://www.gorillawalker.com/bicycle-and-canoe-trips-in-the-adirondack-mountains-of-roger.pdf
    • http://www.gorillawalker.com/collision-test-preparation-handbook-mechanical-and-electrical-components-text-b5.pdf
    • http://www.gorillawalker.com/high-technology-topic.pdf
    • http://www.gorillawalker.com/yubisashi-japanese-food.pdf
    • http://www.gorillawalker.com/everything-butt.pdf
    • http://www.gorillawalker.com/why-some-firms-thrive-while-others-fail-governance-and-management.pdf
    • http://www.gorillawalker.com/frost-in-may-vmc-book-582.pdf
    • http://www.gorillawalker.com/great-source-write-source-illinois-hardcover-bundle-grade-11.pdf
    • http://www.gorillawalker.com/southside-rain.pdf
    • http://www.gorillawalker.com/activity-theory-perspectives-on-technology-in-higher-education-advances-in.pdf
    • http://www.gorillawalker.com/stranded-new-cover.pdf
    • http://www.gorillawalker.com/on-the-hill-reflections-of-a-miner.pdf
    • http://www.gorillawalker.com/fundamentals-of-governmental-accounting.pdf
    • http://www.gorillawalker.com/bede-the-venerable-commentary-on-the-seven-catholic-epistles-cistercian.pdf
    • http://www.gorillawalker.com/not-a-book.pdf
    • http://www.gorillawalker.com/foundations-of-adaptive-control-lecture-notes-in-control-and-information.pdf
    • http://www.gorillawalker.com/elements-of-government-contracting.pdf
    • http://www.gorillawalker.com/fast-food-good-food-more-than-150-quick-and-easy.pdf
    • http://www.gorillawalker.com/between-friends-the-correspondence-of-hannah-arendt-and-mary-mccarthy.pdf
    • http://www.gorillawalker.com/the-illusion-of-net-neutrality-political-alarmism-regulatory-creep-and.pdf
    • http://www.gorillawalker.com/pearson-s-administrative-medical-assisting.pdf
    • http://www.gorillawalker.com/100-flowers-to-knit-crochet-a-collection-of-beautiful-blooms.pdf
    • http://www.gorillawalker.com/captain-john-r-hughes-lone-star-ranger-frances-b-vick.pdf
    • http://www.gorillawalker.com/mao-s-last-dancer-paperback.pdf
    • http://www.gorillawalker.com/heaven-s-muscle-unleashing-the-power-of-the-spirit-within.pdf
    • http://www.gorillawalker.com/egypt-photography.pdf
    • http://www.gorillawalker.com/desiccation-and-plant-survival.pdf
    • http://www.gorillawalker.com/higher-scores-on-social-studies-standardized-tests-grade-6.pdf
    • http://www.gorillawalker.com/max-helsing-and-the-thirteenth-curse-max-helsing-monster-hunter.pdf
    • http://www.gorillawalker.com/space-exploration-for-dummies.pdf
    • http://www.gorillawalker.com/coronal-seismology-waves-and-oscillations-in-stellar-coronae.pdf
    • http://www.gorillawalker.com/world-link-1-with-student-cd-rom-developing-english-fluency.pdf
    • http://www.gorillawalker.com/chilton-s-repair-and-tune-up-guide-tempest-gto-and.pdf
    • http://www.gorillawalker.com/tonight-by-sea.pdf
    • http://www.gorillawalker.com/yeats-shakespeare-and-irish-cultural-nationalism.pdf
    • http://www.gorillawalker.com/open-court-reading-pre-decodable-and-decodable-takehome-books-level.pdf
    • http://www.gorillawalker.com/einstein-s-clocks-and-poincare-s-maps-empires-of-time.pdf
    • http://www.gorillawalker.com/practical-ballistics-an-introductory-guide-for-rifle-and-shotgun-shooters.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.