Malicious PDF — malware analysis report

Static analysis result for SHA-256 e96b2155212b9f77…

MALICIOUS

PDF

33.2 KB Created: 2019-07-22 04:51:17 +03:00 Authoring application: Adobe Acrobat Pro 10.0.0 (via ESP Ghostscript 7.07)
MD5: b661dee8c631cfbdac33849465644c73 SHA-1: b104c68ee0c5b54ba83e44cf95f931eb3bfc1a41 SHA-256: e96b2155212b9f77c3728ab32f40479b7d9a03b074c60750df9ac52292a8a834
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious File

The PDF contains a significant number of embedded URLs pointing to external PDF files hosted on the same domain. This behavior is indicative of a link farm, often used for SEO manipulation or to distribute malicious content. The ML classifier also flagged this PDF as malicious with a high probability. No scripts were extracted, and the document body was unreadable.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8529

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/jealous-giant-first-young-puffin-series.pdf
    • http://www.gorillawalker.com/justification-and-the-holy-spirit.pdf
    • http://www.gorillawalker.com/dead-rising-road-to-fortune.pdf
    • http://www.gorillawalker.com/teaching-grammar-through-literature-a-task-based-approach.pdf
    • http://www.gorillawalker.com/imaging-of-the-chest-2-volume-set-expert-radiology-series.pdf
    • http://www.gorillawalker.com/praxis-ii-elementary-education-multiple-subjects-5001-exam-flashcard-study.pdf
    • http://www.gorillawalker.com/the-complete-book-of-essential-oils-and-aromatherapy-over-600.pdf
    • http://www.gorillawalker.com/prison-boys-teens-in-hell-castor-m-m-series.pdf
    • http://www.gorillawalker.com/origins-of-modern-algebra.pdf
    • http://www.gorillawalker.com/a-dictionary-of-taxation-second-edition.pdf
    • http://www.gorillawalker.com/l-a-candy-l-a-candy-book-1.pdf
    • http://www.gorillawalker.com/wbi-witches-bureau-of-investigation-wbi-series-book-1-kindle.pdf
    • http://www.gorillawalker.com/the-80386-80486-and-pentium-microprocessor-hardware-software-and-interfacing.pdf
    • http://www.gorillawalker.com/sundiata-turtleback-school-library-binding-edition.pdf
    • http://www.gorillawalker.com/century-21-tm-jr-computer-applications-with-keyboarding-with-microtype.pdf
    • http://www.gorillawalker.com/allison-s-journey-brides-of-webster-county-book-4.pdf
    • http://www.gorillawalker.com/seville-andalusia-eyewitness-travel-guides.pdf
    • http://www.gorillawalker.com/learning-to-read-biblical-hebrew-an-introductory-grammar.pdf
    • http://www.gorillawalker.com/demon-love-spell-vol-2.pdf
    • http://www.gorillawalker.com/awakening-dreams.pdf
    • http://www.gorillawalker.com/my-sweetest-princess-zoey-my-sweetest-princess.pdf
    • http://www.gorillawalker.com/sound-reporting-the-npr-guide-to-audio-journalism-and-production.pdf
    • http://www.gorillawalker.com/alternative-dispute-resolution-in-civil-justice-systems-american-legal-institutions.pdf
    • http://www.gorillawalker.com/principles-of-miniaturized-extracorporeal-circulation-from-science-and-technology-to.pdf
    • http://www.gorillawalker.com/how-to-understand-ultimate-reality-order-energy-and-god.pdf
    • http://www.gorillawalker.com/a-vegan-taste-of-greece-vegan-cookbooks.pdf
    • http://www.gorillawalker.com/he-146-s-not-a-mind-reader-and-other-brilliant.pdf
    • http://www.gorillawalker.com/peddling-protectionism-smoot-hawley-and-the-great-depression.pdf
    • http://www.gorillawalker.com/versions-of-deconversion-autobiography-and-the-loss-of-faith-studies.pdf
    • http://www.gorillawalker.com/guitarra-flamenca-paso-a-paso-flamenco-guitar-step-by-step.pdf
    • http://www.gorillawalker.com/chicago-a-novel-p-s.pdf
    • http://www.gorillawalker.com/pia-de-tolomei-act-2-no-9-scena-ed-aria.pdf
    • http://www.gorillawalker.com/50-cmos-ic-projects.pdf
    • http://www.gorillawalker.com/histopathologic-methods-and-color-atlas-of-special-stains-and-tissue.pdf
    • http://www.gorillawalker.com/exile-on-main-street-a-season-in-hell-with-the.pdf
    • http://www.gorillawalker.com/fashion-and-clothing-questions-answers-careers.pdf
    • http://www.gorillawalker.com/youth-aflame-a-manual-for-discipleship.pdf
    • http://www.gorillawalker.com/quaker-book-of-wisdom-life-lessons-in-simplicity-service-and.pdf
    • http://www.gorillawalker.com/equity-trusts-text-cases-and-materials.pdf
    • http://www.gorillawalker.com/the-billionaire-s-desire-the-complete-series-kindle-edition.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.