Malicious PDF — malware analysis report

Static analysis result for SHA-256 f0d566e241537f32…

MALICIOUS

PDF

42.2 KB Created: 2018-12-15 20:10:17 +03:00 Authoring application: FrameMaker 9.0 (via Acrobat Distiller 9.4.5 (Windows))
MD5: fbe5062aa293d17b47cd054537f14d41 SHA-1: 6c91cdff60da62643c0ce68e3c0c684a7df11974 SHA-256: f0d566e241537f32590e2cdfc9f0500f3f131efcead5351ca57376b22369b116
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious File

The PDF was flagged by a machine learning classifier and contains a large number of embedded external links, a technique often used for SEO manipulation or to distribute further malicious content. The primary heuristic indicates a 'PDF_SEO_LINK_FARM' with 32 external links. While no scripts were extracted, the sheer volume of links suggests a malicious intent to redirect users or manipulate search engine results.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/fatigue-and-fracture-mechanics-volume-37.pdf
    • http://www.gorillawalker.com/food-microbiology-a-laboratory-manual.pdf
    • http://www.gorillawalker.com/vacation-work-overseas-summer-jobs-2000-summer-jobs-worldwide.pdf
    • http://www.gorillawalker.com/namibia-travel-guide.pdf
    • http://www.gorillawalker.com/greater-phoenix-the-desert-in-bloom-urban-tapestry-series.pdf
    • http://www.gorillawalker.com/mathematical-and-statistical-methods-for-genetic-analysis-statistics-for-biology.pdf
    • http://www.gorillawalker.com/tm-38-301-1-us-army-technical-manual-joint-oil.pdf
    • http://www.gorillawalker.com/li-dai-gao-seng-shi-xuan-mandarin-chinese-edition.pdf
    • http://www.gorillawalker.com/humanist-christology-of-paul.pdf
    • http://www.gorillawalker.com/food-remedies-facts-about-foods-and-their-medicinal-uses.pdf
    • http://www.gorillawalker.com/equipment-leasing.pdf
    • http://www.gorillawalker.com/bravo-chico-canta-bravo-spanish-edition.pdf
    • http://www.gorillawalker.com/the-shroud.pdf
    • http://www.gorillawalker.com/the-best-of-irish-breads-and-baking.pdf
    • http://www.gorillawalker.com/the-whisper-of-god-for-kids-52-week-devotional-encouraging.pdf
    • http://www.gorillawalker.com/concrete-pipe-for-the-new-millennium-astm-special-technical-publication.pdf
    • http://www.gorillawalker.com/ber-die-zeit-der-olympien.pdf
    • http://www.gorillawalker.com/empire-maker-aleksandr-baranov-and-russian-colonial-expansion-into-alaska.pdf
    • http://www.gorillawalker.com/general-nathanael-greene-and-the-american-revolution-in-the-south.pdf
    • http://www.gorillawalker.com/clark-fork-river-irrigation-diversions-project-final-report.pdf
    • http://www.gorillawalker.com/understanding-mastercam.pdf
    • http://www.gorillawalker.com/pull-the-lever-who-s-on-the-farm-a-lively.pdf
    • http://www.gorillawalker.com/pup-idol-top-of-the-pups.pdf
    • http://www.gorillawalker.com/encyclopaedia-of-the-worlds-of-doctor-who-a-d-knight.pdf
    • http://www.gorillawalker.com/god-man-mortality-the-perspective-of-bediuzzaman-said-nursi.pdf
    • http://www.gorillawalker.com/izglitibas-iestades-vaditaja-karjeras-sakums-jauno-izglitibas-iestazu-vaditaju-atlase.pdf
    • http://www.gorillawalker.com/frederick-douglass-a-biography-greenwood-biographies.pdf
    • http://www.gorillawalker.com/scott-rolls-the-dice-part-two-kindle-edition.pdf
    • http://www.gorillawalker.com/china-enterprise-credit-rating-guide-chinese-edition.pdf
    • http://www.gorillawalker.com/dolls-kids-can-make.pdf
    • http://www.gorillawalker.com/backbone-the-modern-man-s-ultimate-guide-to-purpose-passion.pdf
    • http://www.gorillawalker.com/the-junior-doctor-s-guide-to-gastroenterology.pdf
    • http://www.gorillawalker.com/will-smith-hip-hop-hip-hop-mason-crest-paperback.pdf
    • http://www.gorillawalker.com/indiana-bird-watching.pdf
    • http://www.gorillawalker.com/math-for-soil-scientists.pdf
    • http://www.gorillawalker.com/stiff-the-curious-lives-of-human-cadavers-paperback.pdf
    • http://www.gorillawalker.com/maritime-transport-services-in-the-law-of-the-sea-and.pdf
    • http://www.gorillawalker.com/master-drawings-from-the-cleveland-museum-of-art.pdf
    • http://www.gorillawalker.com/lent-a-guide-to-the-eucharist-and-hours-liturgical-seasons.pdf
    • http://www.gorillawalker.com/the-neutered-mother-the-sexual-family-and-other-twentieth-century.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.