Malicious PDF — malware analysis report

Static analysis result for SHA-256 e46aed2ecef3650a…

MALICIOUS

PDF

43.5 KB Created: 2018-11-26 20:03:30 +03:00 Authoring application: dvips(k) 5.99 Copyright 2010 Radical Eye Software (via Acrobat Distiller 9.4.5 (Windows))
MD5: 760bdc3f0c01b587d26abcbe53d49392 SHA-1: 7bcb12b85ed2ae51ea497117ca5fe309e70d82a7 SHA-256: e46aed2ecef3650a5cc2b0512e2357d45d484be65521bd23b33c6ba4a595abb8
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF was flagged by a machine learning classifier and contains a large number of external links, indicating a potential SEO spam or link farm tactic. The primary heuristic identified a 'PDF_SEO_LINK_FARM' with 32 external links, the first of which is http://www.gorillawalker.com/shattered-a-daughter-s-regret-secrets.pdf. The document body appears to be heavily obfuscated or corrupted, preventing a detailed analysis of its specific content or intent beyond the link farm.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8452

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/shattered-a-daughter-s-regret-secrets.pdf
    • http://www.gorillawalker.com/alan-titchmarsh-how-to-garden-perennial-garden-plants.pdf
    • http://www.gorillawalker.com/archaeological-formation-processes-the-representativity-of-archaeological-remains-from-danish.pdf
    • http://www.gorillawalker.com/a-glimpse-of-olympus.pdf
    • http://www.gorillawalker.com/the-collected-stories-the-legend-of-drizzt.pdf
    • http://www.gorillawalker.com/the-perfect-gentleman-the-pursuit-of-timeless-elegance-and-style.pdf
    • http://www.gorillawalker.com/a-single-shard.pdf
    • http://www.gorillawalker.com/epistemic-meaning-springer-series-in-language-and-communication.pdf
    • http://www.gorillawalker.com/cancer-of-the-breast-5e-cancer-of-the-breast-donegan.pdf
    • http://www.gorillawalker.com/gracanica-king-milutin-s-church-and-its-place-in-late.pdf
    • http://www.gorillawalker.com/day-trips-from-charlotte-getaway-ideas-for-the-local-traveler.pdf
    • http://www.gorillawalker.com/communication-systems-engineering-2nd-edition.pdf
    • http://www.gorillawalker.com/pmp-exam-success-series-bootcamp-manual-with-exam-simulation-application.pdf
    • http://www.gorillawalker.com/bala-veda-pediatrics-and-ayurveda.pdf
    • http://www.gorillawalker.com/gis-based-hec-hms-and-hec-ras-modeling-a-study.pdf
    • http://www.gorillawalker.com/teatro-2-play-spanish-edition.pdf
    • http://www.gorillawalker.com/relative-strength-indicator-rsi-build-your-trading-plan-with-relative.pdf
    • http://www.gorillawalker.com/tarzan-versus-the-barbarians-vol-2.pdf
    • http://www.gorillawalker.com/circular-dichroism-principles-and-applications.pdf
    • http://www.gorillawalker.com/un-empleado-ejemplar-lecturas-graduadas-nivel-avanzado-lecturas-graduadas-graded.pdf
    • http://www.gorillawalker.com/principles-of-radiation-interaction-in-matter-and-detection-3rd-edition.pdf
    • http://www.gorillawalker.com/rendezvous-south-atlantic.pdf
    • http://www.gorillawalker.com/quatuor-pour-2-violons-alto-et-violoncelle-op-112.pdf
    • http://www.gorillawalker.com/the-rituals-of-dinner-the-origins-evolution-eccentricities-and-meaning.pdf
    • http://www.gorillawalker.com/fables-of-aesop-according-to-sir-roger-l-estrange-with.pdf
    • http://www.gorillawalker.com/uncle-eek-and-the-pirates-of-gloom-uncle-eek-s.pdf
    • http://www.gorillawalker.com/mapping-the-hinterland-land-rights-timber-and-territorial-politics-in.pdf
    • http://www.gorillawalker.com/bags-boxes-buttons-beyond-a-resource-book-of-science-and.pdf
    • http://www.gorillawalker.com/kid-soldier.pdf
    • http://www.gorillawalker.com/the-power-of-thanks-how-social-recognition-empowers-employees-and.pdf
    • http://www.gorillawalker.com/tristan-and-iseult-u-books.pdf
    • http://www.gorillawalker.com/the-architecture-of-happiness-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/sao-paulo-insight-fleximap-insight-flexi-maps.pdf
    • http://www.gorillawalker.com/lift-up-your-hearts-handbell-2-sheet-music.pdf
    • http://www.gorillawalker.com/creating-science-fiction-comics-creating-comics.pdf
    • http://www.gorillawalker.com/athletics-know-the-game.pdf
    • http://www.gorillawalker.com/successful-nursing-assistant-care.pdf
    • http://www.gorillawalker.com/the-law-of-love-its-fabulous-frequency-of-freedom.pdf
    • http://www.gorillawalker.com/seven-avms-tenets-and-techniques-for-resection.pdf
    • http://www.gorillawalker.com/coupled-data-communication-techniques-for-high-performance-and-low-power.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.