Malicious PDF — malware analysis report

Static analysis result for SHA-256 ecf3817104f2ac56…

MALICIOUS

PDF

46.2 KB Created: 2019-04-07 18:03:27 +03:00 Authoring application: XPP (via Adobe Acrobat Pro DC 15.23.20053)
MD5: 09273e28a7e0ee9fe20bf18a41ca807c SHA-1: 93126744d1831321274937d663b41b0d80dadf10 SHA-256: ecf3817104f2ac56752152f0b6f4a8ee03a29a03ab0fbcb9f245dfef03064289
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF heuristic 'PDF_SEO_LINK_FARM' indicates the presence of numerous external links, suggesting a link farm or redirection tactic. The ML classifier also flagged the document as malicious. While no scripts were extracted, the sheer volume of links points to a likely SEO manipulation or phishing attempt to drive traffic to potentially harmful sites.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8634

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/cochran-s-law-lexicon-unknown-binding.pdf
    • http://www.gorillawalker.com/modern-techniques-for-characterizing-magnetic-materials.pdf
    • http://www.gorillawalker.com/if-only-for-a-night-an-erotic-tale-of-poetry.pdf
    • http://www.gorillawalker.com/handbook-of-analysis-of-synthetic-polymers-and-plastics-ellis-horwood.pdf
    • http://www.gorillawalker.com/hello-kitty-my-home-lift-the-flap-tab.pdf
    • http://www.gorillawalker.com/asian-pacific-americans-in-the-workplace-critical-perspectives-on-asian.pdf
    • http://www.gorillawalker.com/fisheries-ecology.pdf
    • http://www.gorillawalker.com/theories-of-personality-psy-235-theories-of-personality.pdf
    • http://www.gorillawalker.com/design-elements-typography-fundamentals-a-graphic-style-manual-for-understanding.pdf
    • http://www.gorillawalker.com/numbers-colors-and-shapes-puzzle-cards.pdf
    • http://www.gorillawalker.com/fashion-scandinavia-contemporary-cool.pdf
    • http://www.gorillawalker.com/easy-oracle-pl-sql-programming-get-started-fast-with-working.pdf
    • http://www.gorillawalker.com/crossword-bible-studies-the-gospel-of-luke-king-james-version.pdf
    • http://www.gorillawalker.com/moses-a-memoir.pdf
    • http://www.gorillawalker.com/positive-parenting-book-everything-you-need-to-know-to-have.pdf
    • http://www.gorillawalker.com/a-tour-of-the-missions-observations-and-conclusions.pdf
    • http://www.gorillawalker.com/football-and-gangsters-how-organised-crime-controls-the-beautiful-game.pdf
    • http://www.gorillawalker.com/glencoe-science-integrated-physics-chemistry-laboratory-activities-manual.pdf
    • http://www.gorillawalker.com/gimp-when-life-deals-you-a-crappy-hand-you-can.pdf
    • http://www.gorillawalker.com/horses-and-grasses-the-nutritional-ecology-of-equids-and-their.pdf
    • http://www.gorillawalker.com/forever-mine-part-5-bwwm-african-american-interracial-kindle-edition.pdf
    • http://www.gorillawalker.com/imperial-women-in-mughal-india-the-piety-and-patronage-of.pdf
    • http://www.gorillawalker.com/mel-bay-third-position-easy-and-melodic-violin-etudes.pdf
    • http://www.gorillawalker.com/2000-years-of-jewish-history-large-format-coffee-table-edition.pdf
    • http://www.gorillawalker.com/199-q-menopause-rational-use-of-drugs.pdf
    • http://www.gorillawalker.com/mathematical-logic-and-the-foundations-of-mathematics-an-introductory-survey.pdf
    • http://www.gorillawalker.com/atlas-of-rectoscopy-and-coloscopy.pdf
    • http://www.gorillawalker.com/fur-elise-for-classical-guitar.pdf
    • http://www.gorillawalker.com/the-multicultural-dictionary-of-proverbs-over-20-000-adages-from.pdf
    • http://www.gorillawalker.com/michelin-green-guide-germany-green-tourist-guides.pdf
    • http://www.gorillawalker.com/fiat-money-inflation-in-france.pdf
    • http://www.gorillawalker.com/the-dab.pdf
    • http://www.gorillawalker.com/market-based-service-quality-differentiation-mbsqd-formerly-cartography-of-cyberspace.pdf
    • http://www.gorillawalker.com/the-particle-explosion.pdf
    • http://www.gorillawalker.com/23-recipes-of-world-s-greatest-dessert-casseroles-cookbook-kindle.pdf
    • http://www.gorillawalker.com/astonishing-x-men-storm-book-market-edition.pdf
    • http://www.gorillawalker.com/mary-danby-calvert-big-fat-rosie-kgt.pdf
    • http://www.gorillawalker.com/ancestral-shadows-an-anthology-of-ghostly-tales.pdf
    • http://www.gorillawalker.com/chimney-swift-towers-new-habitat-for-america-s-mysterious-birds.pdf
    • http://www.gorillawalker.com/golden-quills-creative-thinking-and-writing-lessons-for-middle-school.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.