Malicious PDF — malware analysis report

Static analysis result for SHA-256 e1a4b3fafea74998…

MALICIOUS

PDF

34.4 KB Created: 2019-10-29 07:28:56 +03:00 Authoring application: AH XSL Formatter V6.2 MR5 for Windows (x64) : 6.2.7.18952 (via Antenna House PDF Output Library 6.2.625 (Windows (x64)))
MD5: 1e694a50e1cf132d4a37b4510129b583 SHA-1: fdf54c19c485c659faf3578dd59721047f75dd3f SHA-256: e1a4b3fafea749985eb177ca445e8d322f818cf922ec4d2c8f2e36050c28d42d
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF file was flagged by a machine learning classifier and contains a large number of embedded external links, characteristic of a link farm or SEO manipulation tactic. The primary heuristic indicates a mass external PDF link farm, with 32 links found, suggesting a coordinated effort to distribute or promote content via these links. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8315

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/faire-grounds.pdf
    • http://www.gorillawalker.com/at-issue-in-history-japanese-american-internment-camps-hardcover-edition.pdf
    • http://www.gorillawalker.com/jerry-cotton-folge-3027-wer-wagt-verliert-german-edition.pdf
    • http://www.gorillawalker.com/oman-enchantment-of-the-world-second.pdf
    • http://www.gorillawalker.com/of-sound-mind-d20-fantasy-roleplaying.pdf
    • http://www.gorillawalker.com/getting-to-third-date-the-romantic-comedies.pdf
    • http://www.gorillawalker.com/very-young-children-with-special-needs-a-foundation-for-educators.pdf
    • http://www.gorillawalker.com/cataract-surgery-and-intraocular-lenses.pdf
    • http://www.gorillawalker.com/practice-questions-in-psychopharmacology.pdf
    • http://www.gorillawalker.com/freche-tikwa-comics-1-cthulhu-ausgabe-witzige-strips-mit-die.pdf
    • http://www.gorillawalker.com/reflections-on-a-century-of-malaria-biochemistry-volume-67-advances.pdf
    • http://www.gorillawalker.com/differential-scanning-calorimetry.pdf
    • http://www.gorillawalker.com/london-labour-and-the-london-poor-volume-iii.pdf
    • http://www.gorillawalker.com/fifty-shades-of-greysin-christian-s-version-a-parody.pdf
    • http://www.gorillawalker.com/one-ring-to-bind-them-all-tolkien-s-mythology.pdf
    • http://www.gorillawalker.com/los-72-mejores-colegios-de-buenos-aires-spanish-edition.pdf
    • http://www.gorillawalker.com/how-to-read-your-opponent-s-cards-the-bridge-experts.pdf
    • http://www.gorillawalker.com/the-twisted-claw-hardy-boys-book-18.pdf
    • http://www.gorillawalker.com/firehouse-sticker-activity-book-dover-little-activity-books-stickers-paperback.pdf
    • http://www.gorillawalker.com/acceptance-and-commitment-therapy-for-anxiety-disorders-a-practitioner-s.pdf
    • http://www.gorillawalker.com/pocket-guide-to-preventing-process-plant-materials-mix-ups-chemical.pdf
    • http://www.gorillawalker.com/shakespeare-s-twenty-first-century-economics-the-morality-of-love.pdf
    • http://www.gorillawalker.com/an-introduction-to-comparative-law-theory-and-method-european-academy.pdf
    • http://www.gorillawalker.com/dan-coates-decade-by-decade.pdf
    • http://www.gorillawalker.com/schubert-ave-maria-piano-solo-sheet-music.pdf
    • http://www.gorillawalker.com/the-fire-came-by.pdf
    • http://www.gorillawalker.com/environmental-measures-for-malaria-control-in-indonesia-an-historical-review.pdf
    • http://www.gorillawalker.com/the-the-johns-hopkins-review-of-gynecology-and-obstetrics.pdf
    • http://www.gorillawalker.com/the-lionel-fastrack-book.pdf
    • http://www.gorillawalker.com/gumboot-girls-adventure-love-survival-on-the-north-coast-of.pdf
    • http://www.gorillawalker.com/what-it-means-to-be-a-badger-barry-alvarez-and.pdf
    • http://www.gorillawalker.com/pediatric-massage-therapy-lww-in-touch-series.pdf
    • http://www.gorillawalker.com/rom-o-et-juliette-h-79-part-2-full-score.pdf
    • http://www.gorillawalker.com/wiley-ciaexcel-exam-review-test-bank-2014-complete-set-wiley.pdf
    • http://www.gorillawalker.com/warship-pictorial-no-34-usn-batleships-in-color.pdf
    • http://www.gorillawalker.com/the-magic-of-chess-tactics.pdf
    • http://www.gorillawalker.com/dubl-n-spanish-edition.pdf
    • http://www.gorillawalker.com/university-of-kansas-science-bulletin-vol-xlviii-january-9-1970.pdf
    • http://www.gorillawalker.com/lavalieres-gem-haven-volume-1.pdf
    • http://www.gorillawalker.com/mary-barnard-american-imagist.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.