Malicious PDF — malware analysis report

Static analysis result for SHA-256 e2146bb38e145282…

MALICIOUS

PDF

43.2 KB Created: 2018-12-07 18:27:33 +03:00 Authoring application: - (via ABBYY FineReader 11)
MD5: c24a83707a152a4692ea3a7c18bdab0e SHA-1: d12d9314981c7f8e57753fd3633c0f9509492fb3 SHA-256: e2146bb38e145282c708cfbbf2234b6f73e535921a79c3dd1f6884a6bc799df5
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF file was flagged by a machine learning classifier and contains a large number of external links, indicating a link farm or SEO manipulation tactic. The primary heuristic identified a mass external PDF link farm, with the first URL being http://www.gorillawalker.com/hard-maintaining-potency-eliminating-erectile-dysfunction-and-enjoying-healthy-sex.pdf. While no scripts were extracted, the sheer volume of links suggests a malicious intent to drive traffic or distribute content through these external resources.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9016

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/hard-maintaining-potency-eliminating-erectile-dysfunction-and-enjoying-healthy-sex.pdf
    • http://www.gorillawalker.com/stage-management-10th-edition.pdf
    • http://www.gorillawalker.com/umweltmikrobiologie-german-edition.pdf
    • http://www.gorillawalker.com/werewolves-of-ludlum.pdf
    • http://www.gorillawalker.com/pass-trak-series-3-national-commodity-futures-exam.pdf
    • http://www.gorillawalker.com/romeo-juliet-globe-education-shakespeare.pdf
    • http://www.gorillawalker.com/selected-studies-for-oboe-advanced-etudes-scales-and-arpeggios-in.pdf
    • http://www.gorillawalker.com/journal-of-vlsi-signal-processing-volume-8-number-3-december.pdf
    • http://www.gorillawalker.com/new-poetry-from-the-midwest-2014.pdf
    • http://www.gorillawalker.com/1996-u-s-first-day-cover-catalogue-and-checklist-scott.pdf
    • http://www.gorillawalker.com/bonos-para-principiantes-spanish-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/chasing-lincoln-s-killer-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/introduction-to-analytical-methods-for-internal-combustion-engine-cam-mechanisms.pdf
    • http://www.gorillawalker.com/brazil-people-places.pdf
    • http://www.gorillawalker.com/groundwater-monitoring-guidelines-and-methodology-for-developing-and-implementing-a.pdf
    • http://www.gorillawalker.com/the-house-of-gold.pdf
    • http://www.gorillawalker.com/in-the-shade-of-the-tree-a-photographic-odyssey-through.pdf
    • http://www.gorillawalker.com/stories-all-new-tales.pdf
    • http://www.gorillawalker.com/mexican-cooking-exotic-and-authentic-recipes-from-central-america.pdf
    • http://www.gorillawalker.com/lectures-on-jurisprudence-glasgow-edition-of-the-works-and-correspondence.pdf
    • http://www.gorillawalker.com/parallels-volume-1.pdf
    • http://www.gorillawalker.com/self-intellection-and-its-epistemological-origins-in-ancient-greek-thought.pdf
    • http://www.gorillawalker.com/teaching-woodwinds-a-method-and-resource-handbook-for-music-educators.pdf
    • http://www.gorillawalker.com/english-grammar-composition-3rd-course-grade-9.pdf
    • http://www.gorillawalker.com/by-the-work-of-their-hands-studies-in-afro-american.pdf
    • http://www.gorillawalker.com/coffee-the-essential-guide-to-the-essential-bean.pdf
    • http://www.gorillawalker.com/obesidad-emocional-salud-y-bienestar-spanish-edition.pdf
    • http://www.gorillawalker.com/harold-marks-and-his-fantastic-shed.pdf
    • http://www.gorillawalker.com/from-charity-to-enterprise-the-development-of-american-social-work.pdf
    • http://www.gorillawalker.com/de-onschuldige-dutch-edition.pdf
    • http://www.gorillawalker.com/stalked-my-encounter-with-a-colorado-bigfoot-unabridged-audible-audio.pdf
    • http://www.gorillawalker.com/nicos-nicolaides-the-cypriot-an-anthology-literature-of-the-greek.pdf
    • http://www.gorillawalker.com/nor-tec-rifa-electronic-dance-music-from-tijuana-to-the.pdf
    • http://www.gorillawalker.com/user-interfaces-for-all-concepts-methods-and-tools-human-factors.pdf
    • http://www.gorillawalker.com/where-did-i-really-come-from-sexual-intercourse-di-ivf.pdf
    • http://www.gorillawalker.com/bomber-brown-the-tony-brown-story.pdf
    • http://www.gorillawalker.com/clean-start-100-recipes-to-inspire-you-to-eat-clean.pdf
    • http://www.gorillawalker.com/x-files-the-board-game.pdf
    • http://www.gorillawalker.com/supramolecular-chemistry-at-surfaces.pdf
    • http://www.gorillawalker.com/college-algebra-and-trigonometry-third-edition-and-precalculus-third-edition.pdf
    • http://www.gorillawalker.com/pass-trak-series-3-nati
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.