Malicious PDF — malware analysis report

Static analysis result for SHA-256 ec3fda48b7fd9294…

MALICIOUS

PDF

43.0 KB Created: 2018-11-14 20:02:52 +03:00 Authoring application: - (via Acrobat Distiller 3.0 for Power Macintosh)
MD5: d57e4b5e523d7e60fc02e5f38883b1da SHA-1: e9a92487168bdbbcbc650380701f697c65cdfcf8 SHA-256: ec3fda48b7fd92948454e992191a92489baad8aae847da1143e7d065b4acd7ec
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF file was flagged by a machine learning classifier as malicious. Static analysis revealed a large number of embedded external links, a technique often used for SEO manipulation or to distribute malicious content. The primary attack pattern involves leveraging these links to redirect users to potentially harmful websites or documents.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9018

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/us-army-technical-manual-tm-5-3805-281-24-1.pdf
    • http://www.gorillawalker.com/enterprising-youth-social-values-and-acculturation-in-nineteenth-century-american.pdf
    • http://www.gorillawalker.com/automatische-erkennung-von-redewiedergabe-in-literarischen-texten-narratologia-german-edition.pdf
    • http://www.gorillawalker.com/sophocles-electra-cambridge-classical-texts-and-commentaries.pdf
    • http://www.gorillawalker.com/incidents-of-travel-in-central-america-chiapas-and-yucatan.pdf
    • http://www.gorillawalker.com/minna-von-barnhelm.pdf
    • http://www.gorillawalker.com/classical-composition-fable-stage-student-book.pdf
    • http://www.gorillawalker.com/the-origin-of-rap-music.pdf
    • http://www.gorillawalker.com/qigong-energy-healing-five-elements-rejuvenation-therapy-the-personal-program.pdf
    • http://www.gorillawalker.com/cognitive-behavioral-therapy-teach-yourself.pdf
    • http://www.gorillawalker.com/family-systems-within-educational-community-contexts-understanding-children-who-are.pdf
    • http://www.gorillawalker.com/structural-geology-by-fossen-haakon-2010-hardcover.pdf
    • http://www.gorillawalker.com/the-demography-of-health-and-health-care-the-springer-series.pdf
    • http://www.gorillawalker.com/allergy-nanomedicine-buckyballs-dampen-response-of-cells-that-trigger-allergic.pdf
    • http://www.gorillawalker.com/smashing-science-projects-about-earth-s-rocks-and-minerals-rockin.pdf
    • http://www.gorillawalker.com/flick-to-kick-an-illustrated-history-of-subbuteo.pdf
    • http://www.gorillawalker.com/serria-secret.pdf
    • http://www.gorillawalker.com/pest-management-in-soybean.pdf
    • http://www.gorillawalker.com/education-in-human-creative-existential-planning-analecta-husserliana.pdf
    • http://www.gorillawalker.com/cricket-breeding-made-easy-your-guide-to-raising-healthy-feeder.pdf
    • http://www.gorillawalker.com/nevada-insurers-to-sue-to-block-rollback-law-an-article.pdf
    • http://www.gorillawalker.com/turquoise-mosaics-from-mexico.pdf
    • http://www.gorillawalker.com/the-ultimate-battle-okinawa-1945-the-last-epic-struggle-of.pdf
    • http://www.gorillawalker.com/federal-tax-research.pdf
    • http://www.gorillawalker.com/the-goon-show-classics-what-time-is-it-eccles-previously.pdf
    • http://www.gorillawalker.com/rise-to-trust-rise-of-the-changelings-book-2-siren.pdf
    • http://www.gorillawalker.com/frank-sinatra-greatest-hits-easy-piano-hal-leonard.pdf
    • http://www.gorillawalker.com/crime-reason-and-history-a-critical-introduction-to-criminal-law.pdf
    • http://www.gorillawalker.com/an-introduction-to-the-chemistry-of-the-alkaloids.pdf
    • http://www.gorillawalker.com/the-wagner-companion.pdf
    • http://www.gorillawalker.com/armies-of-the-raj-from-the-great-indian-mutiny-to.pdf
    • http://www.gorillawalker.com/where-azaleas-bloom-sweet-magnolias-series.pdf
    • http://www.gorillawalker.com/nutrici-n-en-pediatr-a-pediatric-nutrition-bases-para-la.pdf
    • http://www.gorillawalker.com/stochastic-networks-and-queues-stochastic-modelling-and-applied-probability.pdf
    • http://www.gorillawalker.com/cantar-de-los-nibelungos-spanish-edition.pdf
    • http://www.gorillawalker.com/copyright-law-2005-law-school-legends-audio-series-english-and.pdf
    • http://www.gorillawalker.com/mine-to-fear-mine-3.pdf
    • http://www.gorillawalker.com/anxiety-free-unravel-your-fears-before-they-unravel-you-of.pdf
    • http://www.gorillawalker.com/kaplan-mcat-physical-sciences-review-2005.pdf
    • http://www.gorillawalker.com/friendship-and-politics-in-post-revolutionary-france.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.