Malicious PDF — malware analysis report

Static analysis result for SHA-256 f23acd79bd253216…

MALICIOUS

PDF

33.1 KB Created: 2019-10-29 07:28:32 +03:00 Authoring application: Adobe Illustrator CS2 (via Adobe PDF library 7.77)
MD5: e144da3db80ec5422c7a9aabee1c7759 SHA-1: 8d3effc0bd2a3178c1172ed206fbd3f25b872b53 SHA-256: f23acd79bd2532161d47272e652691ad0f11e326c94a4b0e3954b128214dc145
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links to external websites, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML_NYX_PDF_MALICIOUS heuristic also flagged the document. The primary attack pattern appears to be directing users to a link farm, likely for SEO manipulation or to serve further malicious content. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8529

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/universal-tarot-premium-tarot.pdf
    • http://www.gorillawalker.com/moe-s-cafe.pdf
    • http://www.gorillawalker.com/secrets-of-good-carb-low-carb-living.pdf
    • http://www.gorillawalker.com/forms-of-contract-set-red-green-yellow-orange-purple-and.pdf
    • http://www.gorillawalker.com/peacekeepers-at-war-beirut-1983-151-the-marine-commander-tells.pdf
    • http://www.gorillawalker.com/ralf-mitsch-why-i-love-tattoos.pdf
    • http://www.gorillawalker.com/the-young-earth-the-real-history-of-the-earth-past.pdf
    • http://www.gorillawalker.com/bob-s-burgers-2015-wall-calendar.pdf
    • http://www.gorillawalker.com/mind-gymnastics-training-thinking-game-chinese-edition.pdf
    • http://www.gorillawalker.com/el-zohar-libro-del-esplendor-coleccion-cabala-y-judaismo-spanish.pdf
    • http://www.gorillawalker.com/teen-health-course-1-health-espotlight-video-series-for-teen.pdf
    • http://www.gorillawalker.com/lincoln-s-gettysburg-address-i-primary-source-investigation-great-historic.pdf
    • http://www.gorillawalker.com/environmental-law-6th-edition.pdf
    • http://www.gorillawalker.com/the-school-for-wives-and-the-learned-ladies-by-moliere.pdf
    • http://www.gorillawalker.com/cornerstones-of-financial-accounting-with-2011-annual-reports-under-armour.pdf
    • http://www.gorillawalker.com/national-southwest-border-counternarcotics-strategy-kindle-edition.pdf
    • http://www.gorillawalker.com/16th-blue-book-dolls-and-values.pdf
    • http://www.gorillawalker.com/the-glass-menagerie-cd.pdf
    • http://www.gorillawalker.com/wait-for-me.pdf
    • http://www.gorillawalker.com/lange-biochemistry-and-genetics-flash-cards-2-e-lange-flashcards.pdf
    • http://www.gorillawalker.com/calculations-for-fishing-gear-designs-fao-fishing-manuals.pdf
    • http://www.gorillawalker.com/hanan-al-cinema-affections-for-the-moving-image-leonardo-book.pdf
    • http://www.gorillawalker.com/vintage-sacks.pdf
    • http://www.gorillawalker.com/let-s-measure-it-big-book-learn-to-read-math.pdf
    • http://www.gorillawalker.com/pirates-of-the-timestream-jason-thanou.pdf
    • http://www.gorillawalker.com/dictionary-of-travel-tourism-and-hospitality-second-edition.pdf
    • http://www.gorillawalker.com/the-death-of-karen-silkwood-oxford-bookworms-library-stage-2.pdf
    • http://www.gorillawalker.com/talk-russian.pdf
    • http://www.gorillawalker.com/script-to-novel-turn-your-screenplay-into-a-novel.pdf
    • http://www.gorillawalker.com/journey-6-ayr-to-skye-great-british-railway-journeys-book.pdf
    • http://www.gorillawalker.com/jackal-the-complete-story-of-the-legendary-terrorist-carlos-the.pdf
    • http://www.gorillawalker.com/recipes-the-cooking-of-japan.pdf
    • http://www.gorillawalker.com/christmas-in-lucky-harbor-simply-irresistible-the-sweetest-thing-lucky.pdf
    • http://www.gorillawalker.com/lasers-and-optical-fibers-in-medicine-physical-techniques-in-biology.pdf
    • http://www.gorillawalker.com/around-the-world-in-80-words-11-18-tyne-wear.pdf
    • http://www.gorillawalker.com/a-los-pies-del-maestro-spanish-edition.pdf
    • http://www.gorillawalker.com/autism-services-across-america-road-maps-for-improving-state-and.pdf
    • http://www.gorillawalker.com/marcus-agrippa-right-hand-man-of-caesar-augustus.pdf
    • http://www.gorillawalker.com/the-bridge-over-the-main-how-a-small-polish-boy.pdf
    • http://www.gorillawalker.com/first-steps-to-free-motion-quilting.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.