Malicious PDF — malware analysis report

Static analysis result for SHA-256 e1cd27343ef4c6e7…

MALICIOUS

PDF

46.2 KB Created: 2019-03-17 01:31:59 +03:00 Authoring application: Pages (via Mac OS X 10.11.6 Quartz PDFContext)
MD5: afcd75505bcb8d05e9174fa00f2ec816 SHA-1: 7e8c9931169259cb561fc64a4b6a176bfe9be6fd SHA-256: e1cd27343ef4c6e72033b1b6cdf3821c4f3e5ed1dfe4f91294ff8b1df2b36291
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF file was flagged by a machine learning classifier as malicious. A critical heuristic identified a large number of external PDF links, suggesting a link farm or SEO manipulation tactic. The embedded URLs point to various PDF documents hosted on the same domain, likely serving as a lure or a method to distribute further malicious content. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8812

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-havana-cigar-cuba-s-finest.pdf
    • http://www.gorillawalker.com/ball-of-fat-boule-de-suif-unabridged-english-edition-from.pdf
    • http://www.gorillawalker.com/design-mix-manual-for-concrete-construction.pdf
    • http://www.gorillawalker.com/blood-and-wine-unauthorized-story-of-the-gallo-wine-empire.pdf
    • http://www.gorillawalker.com/dark-power-collection-forbidden-doors.pdf
    • http://www.gorillawalker.com/port-management-operations-second-edition-lloyd-s-practical-shipping-guides.pdf
    • http://www.gorillawalker.com/esclavas-del-poder-spanish-edition.pdf
    • http://www.gorillawalker.com/she-changes-by-intrigue-irony-femininity-and-feminism-genus-6.pdf
    • http://www.gorillawalker.com/alien-seed-kindle-edition.pdf
    • http://www.gorillawalker.com/mrs-charles-h-gibson-s-maryland-and-virginia-cookbook-containing.pdf
    • http://www.gorillawalker.com/microscopic-techniques-in-biotechnology.pdf
    • http://www.gorillawalker.com/the-secret-life-of-a-submissive.pdf
    • http://www.gorillawalker.com/introduction-to-heat-transfer.pdf
    • http://www.gorillawalker.com/my-android-phone.pdf
    • http://www.gorillawalker.com/beyond-the-science-lab.pdf
    • http://www.gorillawalker.com/roulette-strategies-that-work-beat-the-house-advantage-kindle-edition.pdf
    • http://www.gorillawalker.com/feed-the-children-first-irish-memories-of-the-great-hunger.pdf
    • http://www.gorillawalker.com/student-solutions-manual-for-tan-s-applied-calculus-for-the.pdf
    • http://www.gorillawalker.com/landscape-painting-in-oils-20-step-by-step-guides-large.pdf
    • http://www.gorillawalker.com/high-performance-web-sites-essential-knowledge-for-front-end-engineers.pdf
    • http://www.gorillawalker.com/a-primer-of-oilwell-drilling-fourth-edition-revised.pdf
    • http://www.gorillawalker.com/katalog-der-beschrifteten-objekte-aus-assur-die-schrifttrager-mit-ausnahme.pdf
    • http://www.gorillawalker.com/a-synoptic-history-of-classical-rhetoric.pdf
    • http://www.gorillawalker.com/the-majesty-of-natchez-majesty-architecture.pdf
    • http://www.gorillawalker.com/business-english-must-know-phrases-that-can-save-your-job.pdf
    • http://www.gorillawalker.com/rebel-a-personal-history-of-the-1960s.pdf
    • http://www.gorillawalker.com/the-nocturnal-side-of-science-in-david-friedrich-strausss-life.pdf
    • http://www.gorillawalker.com/mosquito-control-in-panama-the-eradication-of-malaria-and-yellow.pdf
    • http://www.gorillawalker.com/iso-641-1975-laboratory-glassware-interchangeable-spherical-ground-joints.pdf
    • http://www.gorillawalker.com/the-pericardium-a-comprehensive-textbook-fundamental-and-clinical-cardiology.pdf
    • http://www.gorillawalker.com/chapters-in-religious-institutes-1943.pdf
    • http://www.gorillawalker.com/tell-me-a-riddle-tillie-olsen-women-writers-texts-and.pdf
    • http://www.gorillawalker.com/notes-on-seiberg-witten-theory-graduate-studies-in-mathematics-vol.pdf
    • http://www.gorillawalker.com/the-jpmorgan-chase-whale-trades-an-investigation-of-derivatives-risks.pdf
    • http://www.gorillawalker.com/the-cambridge-companion-to-hegel-and-nineteenth-century-philosophy-cambridge.pdf
    • http://www.gorillawalker.com/the-quick-a-novel-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/commentary-critical-and-explanatory-book-of-numbers-annotated-commentary-critical.pdf
    • http://www.gorillawalker.com/discovering-advanced-algebra-an-investigative-approach-practice-your-skills-student.pdf
    • http://www.gorillawalker.com/life-in-the-far-west.pdf
    • http://www.gorillawalker.com/dust-and-obey-squeaky-clean-mysteries-book-10.pdf
    • http://www.gorillawalker.com/she-changes-by-intrigue-irony-femininit
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.