Malicious PDF — malware analysis report

Static analysis result for SHA-256 e6c0c0d056f270ca…

MALICIOUS

PDF

45.6 KB Created: 2019-03-17 07:14:20 +03:00 Authoring application: PScript5.dll Version 5.2.2 (via Acrobat Distiller 10.1.4 (Windows))
MD5: 3288daf17dc460d40f088f00a839b3bf SHA-1: cb82ec90e12c3bf7536ce7bc6314d06c8963e50b SHA-256: e6c0c0d056f270ca8910a1fc2abffa4dfed56c703430d046466d6ccf0621b1c0
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded external links, identified by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged this PDF as malicious. The primary attack pattern appears to be a link farm, likely for SEO manipulation or to distribute further malicious content, rather than a direct user-facing lure.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8173

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/tesoros-de-lectura-a-spanish-reading-language-arts-program-grade.pdf
    • http://www.gorillawalker.com/strap-hanger-a-memoir-of-a-special-forces-soldier.pdf
    • http://www.gorillawalker.com/the-vikings-how-why.pdf
    • http://www.gorillawalker.com/wanderers-lessons-from-women-of-stubborn-hearts-her-name-is.pdf
    • http://www.gorillawalker.com/antinarcolepsy-drug-may-improve-adhd-modafinil-could-prove-an-alternative.pdf
    • http://www.gorillawalker.com/intellectual-property-law-concentrate-law-revision-and-study-guide.pdf
    • http://www.gorillawalker.com/gabrielle-s-way-digital.pdf
    • http://www.gorillawalker.com/green-pharmacy-a-history-of-herbal-medicine.pdf
    • http://www.gorillawalker.com/a-strategic-chess-opening-repertoire-for-white.pdf
    • http://www.gorillawalker.com/advances-in-chemical-physics-vol-79.pdf
    • http://www.gorillawalker.com/en-la-mente-de-un-perro-lo-que-los-perros.pdf
    • http://www.gorillawalker.com/double-deal-the-inside-story-of-murder-unbridled-corruption-and.pdf
    • http://www.gorillawalker.com/electron-optics-and-the-electron-microscope.pdf
    • http://www.gorillawalker.com/computer-mathematics-with-pascal-programming.pdf
    • http://www.gorillawalker.com/advertisers-index-to-products-rentals-services-egsa-buyers-guide-buyers.pdf
    • http://www.gorillawalker.com/cheesemaking-practice-chapman-hall-food-science-book.pdf
    • http://www.gorillawalker.com/enforced-disappearance-in-international-law.pdf
    • http://www.gorillawalker.com/the-walrus-was-paul-the-great-beatle-death-clues-of.pdf
    • http://www.gorillawalker.com/watercolors-fountain-art-series.pdf
    • http://www.gorillawalker.com/the-twentieth-train-the-true-story-of-the-ambush-of.pdf
    • http://www.gorillawalker.com/why-stocks-go-up-and-down-a-guide-to-sound.pdf
    • http://www.gorillawalker.com/new-testament-basics-for-catholics.pdf
    • http://www.gorillawalker.com/the-dating-deal-kindle-edition.pdf
    • http://www.gorillawalker.com/green-technology-young-entrepreneurs-club-smart-apple.pdf
    • http://www.gorillawalker.com/being-generous-the-art-of-right-living.pdf
    • http://www.gorillawalker.com/a-young-mind-in-a-growing-brain.pdf
    • http://www.gorillawalker.com/algebra-2-student-express-cd.pdf
    • http://www.gorillawalker.com/st-kilda-island-on-the-edge-of-the-world-canongate.pdf
    • http://www.gorillawalker.com/nuestros-cuerpos-nuestras-vidas.pdf
    • http://www.gorillawalker.com/ten-keys-for-opening-the-bible.pdf
    • http://www.gorillawalker.com/making-a-difference-an-abstinence-based-approach-to-hiv-std.pdf
    • http://www.gorillawalker.com/wandering-son-volume-seven-vol-7-wandering-son.pdf
    • http://www.gorillawalker.com/a-promise-unbroken-battle-box-set-battles-of-destiny-series.pdf
    • http://www.gorillawalker.com/cortadito-my-wanderings-through-cuba-s-mutilated-yet-resilient-cuisine.pdf
    • http://www.gorillawalker.com/desired-the-untold-story-of-samson-and-delilah-lost-loves.pdf
    • http://www.gorillawalker.com/ignatius-rising-the-life-of-john-kennedy-toole.pdf
    • http://www.gorillawalker.com/stoddy-england-s-finest-sportsman.pdf
    • http://www.gorillawalker.com/liver-cleanse-juice-cleanse-juicer-recipes-healthy-smoothie-recipes-for.pdf
    • http://www.gorillawalker.com/defrauding-the-government-true-tales-of-smuggling-from-the-note.pdf
    • http://www.gorillawalker.com/marketing-management-a-south-asian-perspective-international-edition.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.