Malicious PDF — malware analysis report

Static analysis result for SHA-256 ee6202b9b0192d28…

MALICIOUS

PDF

43.3 KB Created: 2019-03-16 12:35:51 +03:00 Authoring application: Adobe InDesign CS6 (Macintosh) (via Adobe PDF Library 10.0.1)
MD5: d748781d4c5314ba10d14b2ee44f3a8e SHA-1: 55033cf369ac6a3151feade5c8d284cad50b76db SHA-256: ee6202b9b0192d282c7bb11caf1d326505bedaafc32334a127e8e9f0a3b14a7b
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious File

The PDF file was flagged by a machine learning classifier and contains a large number of external links, indicative of a link farm or SEO abuse. While no scripts were extracted, the sheer volume of links suggests a malicious intent to redirect users to potentially harmful content or to manipulate search engine rankings. The embedded URLs are the primary indicators of compromise.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8452

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/manifesting-abundance.pdf
    • http://www.gorillawalker.com/kiki-s-delivery-service-film-comic-vol-3-kiki-s.pdf
    • http://www.gorillawalker.com/the-ninja-ancient-shadow-warriors-of-japan-the-secret-history.pdf
    • http://www.gorillawalker.com/my-life-with-temporomandibular-tmj-living-with-tmj-kindle-edition.pdf
    • http://www.gorillawalker.com/theft-of-swords-riyria-revelations-box-set-book-1-kindle.pdf
    • http://www.gorillawalker.com/el-gran-libro-del-kung-fu-historia-y-fundamentos-estilos.pdf
    • http://www.gorillawalker.com/shiatsu-foundation-course.pdf
    • http://www.gorillawalker.com/state-building-theory-and-practice-routledge-advances-in-international-relations.pdf
    • http://www.gorillawalker.com/boston-bohemia-1881-1900-ralph-adams-cram-life-and-architecture.pdf
    • http://www.gorillawalker.com/biochemistry-and-physiology-of-the-skin-volumes-i-and-ii.pdf
    • http://www.gorillawalker.com/marital-and-family-processes-in-depression-a-scientific-foundation-for.pdf
    • http://www.gorillawalker.com/art-song-in-the-united-states-1759-1999-an-annotated.pdf
    • http://www.gorillawalker.com/secrets-the-complete-collection-secrets-omnibus-vol-1-5.pdf
    • http://www.gorillawalker.com/the-technique-of-persuasion.pdf
    • http://www.gorillawalker.com/a-brighter-future-improving-the-standard-of-living-now-and.pdf
    • http://www.gorillawalker.com/hunting-and-fishing-all-the-bible-teaches-about-kindle-edition.pdf
    • http://www.gorillawalker.com/metacognition-in-educational-theory-and-practice-educational-psychology-series.pdf
    • http://www.gorillawalker.com/yemen-a-spy-guide-world-spy-guide-library.pdf
    • http://www.gorillawalker.com/the-law-of-intoxication-a-criminal-defence.pdf
    • http://www.gorillawalker.com/little-faith-book.pdf
    • http://www.gorillawalker.com/videohound-s-golden-movie-retriever-2012-the-complete-guide-to.pdf
    • http://www.gorillawalker.com/spanish-for-pharmacy-personnel-audio-cd.pdf
    • http://www.gorillawalker.com/cloudy-with-a-chance-of-boys-turtleback-school-library-binding.pdf
    • http://www.gorillawalker.com/guide-to-business-law-commercial-law.pdf
    • http://www.gorillawalker.com/chariots-on-the-highway-a-story-about-israel-about-the.pdf
    • http://www.gorillawalker.com/millie.pdf
    • http://www.gorillawalker.com/glasgow-tales-of-the-city.pdf
    • http://www.gorillawalker.com/podium-finish-kindle-edition.pdf
    • http://www.gorillawalker.com/the-empire-of-the-tetrarchs-imperial-pronouncements-and-government-ad.pdf
    • http://www.gorillawalker.com/the-dante-club-a-novel-paperback.pdf
    • http://www.gorillawalker.com/birds-of-louisiana-a-guide-to-common-notable-species.pdf
    • http://www.gorillawalker.com/dog-scissors-03-german-edition.pdf
    • http://www.gorillawalker.com/eating-in-eden-a-gourmet-vegan-cookbook.pdf
    • http://www.gorillawalker.com/dragon-s-blood-the-pit-dragon-trilogy-volume-one.pdf
    • http://www.gorillawalker.com/the-green-road-a-novel.pdf
    • http://www.gorillawalker.com/complex-algebraic-curves-london-mathematical-society-student-texts.pdf
    • http://www.gorillawalker.com/history-of-the-settlement-and-indian-wars-of-tazewell-county.pdf
    • http://www.gorillawalker.com/we-robots.pdf
    • http://www.gorillawalker.com/east-and-southeast-asia-2014-world-today-stryker.pdf
    • http://www.gorillawalker.com/bedouin-ethnobotany-plant-concepts-and-uses-in-a-desert-pastoral.pdf
    • http://www.gorillawalker.com/state-building-theory-and-practice
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.