Malicious PDF — malware analysis report

Static analysis result for SHA-256 f42a988bd02168c8…

MALICIOUS

PDF

43.1 KB Created: 2018-11-26 08:22:41 +03:00 Authoring application: - (via Acrobat Distiller 3.0 for Power Macintosh)
MD5: ecb9f44c17b13e043d9d00362c2541e3 SHA-1: b57ba29700a422e1b3217e4fb4a670e1aacf8391 SHA-256: f42a988bd02168c8ef948aa87cdd610732a81ddfcc8629e9fb18690176041845
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1059.001 PowerShell

The PDF file was flagged by a machine learning classifier and contains a large number of embedded links to external PDF files, indicating a potential SEO spam or link distribution attack. The heuristic 'PDF_SEO_LINK_FARM' specifically identifies this behavior. While no scripts were extracted, the sheer volume of links suggests an attempt to either distribute malicious content or manipulate search engine results.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/affine-diffusions-and-related-processes-simulation-theory-and-applications-bocconi.pdf
    • http://www.gorillawalker.com/the-dark-crusade.pdf
    • http://www.gorillawalker.com/encyclopedia-of-xanth-a-crossroads-adventure-in-the-world-of.pdf
    • http://www.gorillawalker.com/essential-ophthalmic-surgery-1e.pdf
    • http://www.gorillawalker.com/too-hot-to-handle-sweet-wind-wild-wind-too-hot.pdf
    • http://www.gorillawalker.com/the-pianist-s-guide-to-practical-technique-vol-1-111.pdf
    • http://www.gorillawalker.com/rancho-la-brea-a-record-of-pleistocene-life-in-california.pdf
    • http://www.gorillawalker.com/27-pieces-sonatinas-and-sonatas-vol-1-for-piano-kalmus.pdf
    • http://www.gorillawalker.com/the-principal-the-pleasure-club.pdf
    • http://www.gorillawalker.com/the-tyranny-of-the-two-party-system.pdf
    • http://www.gorillawalker.com/naic-takes-first-steps-on-regulation-on-internet-national-association.pdf
    • http://www.gorillawalker.com/king-air-c90a-b-the-training-workbook.pdf
    • http://www.gorillawalker.com/structural-geology-and-volcanism-of-owens-valley-region-caligornia-a.pdf
    • http://www.gorillawalker.com/muscles-injury-illness-and-health-body-focus.pdf
    • http://www.gorillawalker.com/reproductive-system-sparkcharts.pdf
    • http://www.gorillawalker.com/limnology-of-lake-lansing-michigan-michigan-state-university-institute-of.pdf
    • http://www.gorillawalker.com/the-gate-in-the-wall.pdf
    • http://www.gorillawalker.com/the-watchmen-s-cry.pdf
    • http://www.gorillawalker.com/the-adolescent-girl.pdf
    • http://www.gorillawalker.com/punk-the-whole-story.pdf
    • http://www.gorillawalker.com/telecommunications-cabling-installation.pdf
    • http://www.gorillawalker.com/cciev5-advanced-workbook-first-edition-covering-version-4-and-5.pdf
    • http://www.gorillawalker.com/federalizing-the-muse-united-states-arts-policy-and-the-national.pdf
    • http://www.gorillawalker.com/the-affirmative-action-hoax-diversity-the-importance-of-character-and.pdf
    • http://www.gorillawalker.com/administracion-high-school-spanish-edition.pdf
    • http://www.gorillawalker.com/pelagius-s-expositions-of-thirteen-epistles-of-st-paul-introduction.pdf
    • http://www.gorillawalker.com/the-nuclear-shell-model-study-edition.pdf
    • http://www.gorillawalker.com/holt-mcdougal-custom-solutions-integrated-math-i-west-virginia-problem.pdf
    • http://www.gorillawalker.com/the-male-dancer-bodies-spectacle-and-sexuality.pdf
    • http://www.gorillawalker.com/through-life-engineering-services-motivation-theory-and-practice-decision-engineering.pdf
    • http://www.gorillawalker.com/taxation-in-asean-and-china-local-institutions-regionalism-global-systems.pdf
    • http://www.gorillawalker.com/the-battle-lord-s-lady-the-battle-lord-saga-book.pdf
    • http://www.gorillawalker.com/death-penalty.pdf
    • http://www.gorillawalker.com/the-global-model-of-constitutional-rights.pdf
    • http://www.gorillawalker.com/cake-basics-70-recipes-illustrated-step-by-step-my-cooking.pdf
    • http://www.gorillawalker.com/rewiring-desire.pdf
    • http://www.gorillawalker.com/bombshell-the-life-and-death-of-jean-harlow.pdf
    • http://www.gorillawalker.com/meaningful-use-essentials-your-first-2-years.pdf
    • http://www.gorillawalker.com/statelessness-with-special-reference-to-the-united-states-a-study.pdf
    • http://www.gorillawalker.com/wax-trash-and-vinyl-treasures-record-collecting-as-a-social.pdf
    • http://www.gorillawalker.com/27-pieces-sonatinas-and-sonatas-v
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.