Malicious PDF — malware analysis report

Static analysis result for SHA-256 e2b9ac76a401b85a…

MALICIOUS

PDF

46.7 KB Created: 2018-12-15 08:09:53 +03:00 Authoring application: - (via Acrobat Distiller 3.0 for Power Macintosh)
MD5: f66dc0a228f209acfa1014309144ecb8 SHA-1: 039a01363457bf4d148966736023c5dcdd191f57 SHA-256: e2b9ac76a401b85ad13cb08fd9ecc445828335d6a5fbc4187f10a4d0b0eccf30
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF was flagged by a machine learning classifier and contains a large number of external links, indicating a link farm. The primary heuristic identified a 'PDF_SEO_LINK_FARM' which suggests the document's purpose is to distribute links to other PDFs, likely for SEO manipulation or to host malicious content. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8527

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/a-simple-man-s-study-of-esther.pdf
    • http://www.gorillawalker.com/risk-and-reward-the-science-of-casino-blackjack.pdf
    • http://www.gorillawalker.com/forced-to-be-female-gender-transformation-erotica.pdf
    • http://www.gorillawalker.com/little-rock-hot-springs-ar-atlas-american-map.pdf
    • http://www.gorillawalker.com/henry-s-lieutenants-great-lakes-books.pdf
    • http://www.gorillawalker.com/chord-approach-alfred-s-basic-piano-library-technic-book-level.pdf
    • http://www.gorillawalker.com/peanuts-and-crackerjacks-a-baseball-novel.pdf
    • http://www.gorillawalker.com/concepts-in-clinical-pharmacokinetics-5th-edition.pdf
    • http://www.gorillawalker.com/iso-8820-1-2002-road-vehicles-fuse-links-part-1.pdf
    • http://www.gorillawalker.com/second-book-of-practical-studies-for-trombone-0.pdf
    • http://www.gorillawalker.com/on-demon-wings-experiment-in-terror-5.pdf
    • http://www.gorillawalker.com/making-a-difference-changing-the-face-of-children-s-ministry.pdf
    • http://www.gorillawalker.com/virginia-woolf-and-the-problem-of-the-subject-feminine-writing.pdf
    • http://www.gorillawalker.com/santeria-vodou-and-resistance-in-caribbean-literature-daughters-of-the.pdf
    • http://www.gorillawalker.com/secretary-s-handbook.pdf
    • http://www.gorillawalker.com/jesus-the-missing-years-new-teachings-the-afterlife-based-on.pdf
    • http://www.gorillawalker.com/go-home-the-true-story-of-james-the-cat.pdf
    • http://www.gorillawalker.com/dermatologic-complications-with-body-art-tattoos-piercings-and-permanent-make.pdf
    • http://www.gorillawalker.com/navegando-level-2-workbook-spanish-edition.pdf
    • http://www.gorillawalker.com/the-no-grain-diet-conquer-carbohydrate-addiction-and-stay-slim.pdf
    • http://www.gorillawalker.com/pakkins-land-volume-2.pdf
    • http://www.gorillawalker.com/the-office-space-case-of-the-mondays-fun-files.pdf
    • http://www.gorillawalker.com/proletarian-imagination-self-modernity-and-the-sacred-in-russia-1910.pdf
    • http://www.gorillawalker.com/the-uses-and-abuses-of-history-joanne-goodman-lecture-series.pdf
    • http://www.gorillawalker.com/cross-border-divorce-law-brussels-ii-bis-oxford-private-international.pdf
    • http://www.gorillawalker.com/first-impressions-kindle-edition.pdf
    • http://www.gorillawalker.com/spanish-is-fun-book-a.pdf
    • http://www.gorillawalker.com/maestria-personal-personal-master-el-camino-del-liderazgo-un-modelo.pdf
    • http://www.gorillawalker.com/21st-century-complete-guide-to-rwanda-encyclopedic-coverage-country-profile.pdf
    • http://www.gorillawalker.com/piccadilly-jim.pdf
    • http://www.gorillawalker.com/daisy-turner-s-kin-an-african-american-family-saga-folklore.pdf
    • http://www.gorillawalker.com/the-complete-book-of-traditional-reiki-practical-methods-for-personal.pdf
    • http://www.gorillawalker.com/capital-a-critical-analysis-of-capitalist-production-volume-1-epic.pdf
    • http://www.gorillawalker.com/the-child-in-our-hearts.pdf
    • http://www.gorillawalker.com/dollars-for-scholars-the-autobiography-of-dr-irving-a-fradkin.pdf
    • http://www.gorillawalker.com/ideology-and-landscape-in-historical-perspective-essays-on-the-meanings.pdf
    • http://www.gorillawalker.com/body-school-a-new-guide-to-improved-movement-in-daily.pdf
    • http://www.gorillawalker.com/therapeutic-recreation-program-design-principles-and-procedures-4th-edition.pdf
    • http://www.gorillawalker.com/practicing-right-relationship-skills-for-deepening-purpose-finding-fulfillment-and.pdf
    • http://www.gorillawalker.com/let-s-count-it-out-jesse-bear.pdf
    • http://www.gorillawalker.com/peanuts-a
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.