Malicious PDF — malware analysis report

Static analysis result for SHA-256 eccfb35c9ead9ce1…

MALICIOUS

PDF

46.3 KB Created: 2019-03-18 07:08:35 +03:00 Authoring application: Pages (via Mac OS X 10.11.6 Quartz PDFContext)
MD5: e1a151c8dfb100bdef254ff98891edf5 SHA-1: 4edea23ac992a2dd05ab188bf4200f81708e4ed8 SHA-256: eccfb35c9ead9ce1c37fb6061a3ff127cdd813e34fdde1a12743c31cc9a28d1e
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged this PDF as malicious. The primary attack pattern appears to be a link farm designed to manipulate search engine results or to distribute further malicious content via the linked PDFs.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8518

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/this-nonviolent-stuff-ll-get-you-killed-how-guns-made.pdf
    • http://www.gorillawalker.com/ecce-romani-09-level-1a-se.pdf
    • http://www.gorillawalker.com/english-episcopal-acta-volume-29-durham-1241-1283-v-29.pdf
    • http://www.gorillawalker.com/damaged-angels-an-adoptive-mothers-struggle-to-understand-the-tragic.pdf
    • http://www.gorillawalker.com/cambridge-english-first-1-for-schools-for-revised-exam-from.pdf
    • http://www.gorillawalker.com/oak-island-and-its-lost-treasure-the-untold-story-of.pdf
    • http://www.gorillawalker.com/the-rights-of-man-kindle-edition.pdf
    • http://www.gorillawalker.com/sex-god-exploring-the-endless-connections-between-sexuality-and-spirituality.pdf
    • http://www.gorillawalker.com/educational-assessment-of-students-pearson-etext-with-loose-leaf-version.pdf
    • http://www.gorillawalker.com/a-big-life-in-advertising.pdf
    • http://www.gorillawalker.com/writing-mastery-how-to-master-the-art-of-writing-write.pdf
    • http://www.gorillawalker.com/mozart-six-viennese-sonatinas-piano-with-a-cd-of-performances.pdf
    • http://www.gorillawalker.com/showing-off-in-america-from-conspicuous-consumption-to-parody-display.pdf
    • http://www.gorillawalker.com/american-patriotic-guitar-ensembles.pdf
    • http://www.gorillawalker.com/memoir-writing-for-dummies.pdf
    • http://www.gorillawalker.com/continuity-of-care-in-breastfeeding-best-practices-in-the-maternity.pdf
    • http://www.gorillawalker.com/notes-volume-1.pdf
    • http://www.gorillawalker.com/schipperkes-2015-square-12x12-multilingual-edition.pdf
    • http://www.gorillawalker.com/the-heat-of-the-moment-bad-boys-of-baseball.pdf
    • http://www.gorillawalker.com/bottom-line-s-healing-remedies-over-1-000-astounding-ways.pdf
    • http://www.gorillawalker.com/kierkegaard-s-writings-i-early-polemical-writings.pdf
    • http://www.gorillawalker.com/the-sex-decision-a-novel.pdf
    • http://www.gorillawalker.com/mi6-the-history-of-the-secret-intelligence-service-1909-1949.pdf
    • http://www.gorillawalker.com/mcdougall-littell-geometry-texas-edition-hardcover.pdf
    • http://www.gorillawalker.com/book-of-wyrm-werewolf-the-apocalypse-2nd-edition.pdf
    • http://www.gorillawalker.com/health-sciences-literature-review-made-easy-the-matrix-method-1st.pdf
    • http://www.gorillawalker.com/the-evidence-based-nursing-guide-to-disease-management.pdf
    • http://www.gorillawalker.com/passion-and-ecstasy.pdf
    • http://www.gorillawalker.com/50-psychology-ideas-you-really-need-to-know.pdf
    • http://www.gorillawalker.com/oncorn-the-2006-oncology-nursing-drug-handbook-powered-by-skyscape.pdf
    • http://www.gorillawalker.com/a-list-of-books-on-the-philippine-islands-in-the.pdf
    • http://www.gorillawalker.com/leaves-of-healing-kindle-edition.pdf
    • http://www.gorillawalker.com/crohn-s-disease.pdf
    • http://www.gorillawalker.com/autism-and-pdd-adolescent-social-skills-lessons-health-and-hygiene.pdf
    • http://www.gorillawalker.com/the-right-to-private-property.pdf
    • http://www.gorillawalker.com/rhymes-jokes-for-little-folks-2nd-edition.pdf
    • http://www.gorillawalker.com/functions-of-one-complex-variable-ii-graduate-texts-in-mathematics.pdf
    • http://www.gorillawalker.com/life-history-research-in-educational-settings-learning-from-lives-doing.pdf
    • http://www.gorillawalker.com/travel-journal-my-trip-to-cancun.pdf
    • http://www.gorillawalker.com/the-children-s-book-of-keeping-safe.pdf
    • http://www.gorillawalker.com/damaged-angels-an-adoptive-mother
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.