Malicious PDF — malware analysis report

Static analysis result for SHA-256 df8af15a10b4dbdd…

MALICIOUS

PDF

44.2 KB Created: 2018-11-15 18:31:44 +03:00 Authoring application: dvips 5.83 (MiKTeX 1.20b) Copyright 1998 Radical Eye Software (via Acrobat Distiller 4.0 for Windows)
MD5: cba40296d2c0696857494a61eff5156e SHA-1: 2b392bb8b4542832138ddd0c8c50837b73752fe5 SHA-256: df8af15a10b4dbddf2171ebff67b4448e681c17b06bb5ed594109ca50b09df44
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links to external PDF files hosted on the same domain, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML_NYX_PDF_MALICIOUS heuristic also flagged the document as malicious. While no scripts were extracted, the sheer volume of links suggests an attempt to manipulate search engine rankings or distribute content from a large number of URLs, potentially for malicious purposes.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9171

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/quantitative-analysis-of-poetic-texts.pdf
    • http://www.gorillawalker.com/pregnancy-week-by-week-understand-the-changes-and-chart-the.pdf
    • http://www.gorillawalker.com/the-master-s-indwelling-andrew-murray-christian-classics.pdf
    • http://www.gorillawalker.com/the-major-mysteries-the-gnostic-jesus-and-the-path-of.pdf
    • http://www.gorillawalker.com/decentering-rushdie-cosmopolitanism-and-the-indian-novel-in-english.pdf
    • http://www.gorillawalker.com/blood-in-the-tracks-a-mule-deer-manifesto.pdf
    • http://www.gorillawalker.com/little-skaters-all-aboard-books.pdf
    • http://www.gorillawalker.com/living-life-with-diabetes.pdf
    • http://www.gorillawalker.com/way-we-lived-the-california-indian-stories-songs-reminiscences.pdf
    • http://www.gorillawalker.com/california-indoors-and-out-or-how-we-farm-mine-and.pdf
    • http://www.gorillawalker.com/journey-for-our-time-the-russian-journals-of-the-marquis.pdf
    • http://www.gorillawalker.com/the-hebrew-kid-and-the-apache-maiden.pdf
    • http://www.gorillawalker.com/joy-of-mathematics-discovering-mathematics-all-aorund-you.pdf
    • http://www.gorillawalker.com/50-picture-puzzles-to-improve-your-iq-book-5.pdf
    • http://www.gorillawalker.com/the-vikings-civilizations-of-the-ancient-world.pdf
    • http://www.gorillawalker.com/make-do-coloring-book-little-mermaid.pdf
    • http://www.gorillawalker.com/descubrir-mi-experiencia-de-dios-conciencia-y-testimonio-discovering-my.pdf
    • http://www.gorillawalker.com/superstars-and-monopoly-wars-nineteenth-century-major-league-baseball-american.pdf
    • http://www.gorillawalker.com/adult-website-empire-for-internet-dummies-from-generation-to-promotion.pdf
    • http://www.gorillawalker.com/women-s-history-for-beginners.pdf
    • http://www.gorillawalker.com/doctors-in-blue-the-medical-history-of-the-union-army.pdf
    • http://www.gorillawalker.com/skin-care-10-minutes-beautiful-books-chinese-edition.pdf
    • http://www.gorillawalker.com/formal-organizations-a-comparative-approach-stanford-business-classics.pdf
    • http://www.gorillawalker.com/normandie-france-s-legendary-art-deco-ocean-liner.pdf
    • http://www.gorillawalker.com/skin-and-scuba-diving-action-books-for-today-s-young.pdf
    • http://www.gorillawalker.com/farm-days-penguin-young-readers-l2.pdf
    • http://www.gorillawalker.com/lecturas-literarias-moving-toward-linguistic-and-cultural-fluency-through-literature.pdf
    • http://www.gorillawalker.com/new-zealand-s-north-island-regional-travel-guide.pdf
    • http://www.gorillawalker.com/the-celebration-of-life-a-dialogue-on-hope-spirit-and.pdf
    • http://www.gorillawalker.com/tectonic-controls-and-signatures-in-sedimentary-successions-special-publication-20.pdf
    • http://www.gorillawalker.com/cmr-sh-1-2015-budgetierung-und-planung-cmr-sonderhefte-german.pdf
    • http://www.gorillawalker.com/perpetual-motivation-how-to-light-your-fire-and-keep-it.pdf
    • http://www.gorillawalker.com/spanking-banging-the-youngest-daughter-naughty-taboo-forbidden-pregnancy-erotica.pdf
    • http://www.gorillawalker.com/biblical-studies-alternatively-an-introductory-reader.pdf
    • http://www.gorillawalker.com/pragmatism-and-phenomenology-a-philosophic-encounter.pdf
    • http://www.gorillawalker.com/national-key-scheme-guide-2009-accessible-toilets-for-disabled-people.pdf
    • http://www.gorillawalker.com/en-espa-ol-lecturas-para-todos-student-edition-with-audio.pdf
    • http://www.gorillawalker.com/a-divine-revelation-of-spiritual-warfare.pdf
    • http://www.gorillawalker.com/el-gato-del-maharaj-agencia-sos-princesas-spanish-edition.pdf
    • http://www.gorillawalker.com/crossdressing-erotic-stories.pdf
    • http://www.gorillawalker.com/blood-in-the-tracks-a-
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.