Malicious PDF — malware analysis report

Static analysis result for SHA-256 f470c3432067252e…

MALICIOUS

PDF

45.8 KB Created: 2018-11-14 11:32:44 +03:00 Authoring application: DVIPSONE 2.2.4 http://www.YandY.com (via Acrobat Distiller 7.0.5 (Windows))
MD5: 88585f66410883254d1e719044a20648 SHA-1: df4fc020145dd1ab14a343ccc6b829740f7d7c9e SHA-256: f470c3432067252e5c0e8a6a9e263bf76eb6c08c94090f367af136585772a764
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF was flagged by a machine learning classifier and contains a significant number of embedded external links. The heuristic PDF_SEO_LINK_FARM indicates a mass external PDF link farm, suggesting the document's primary purpose is to redirect users to numerous other PDF files hosted on the same domain. This is a common technique for SEO manipulation or distributing malicious content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8634

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/scenarios-in-i-t-communicating-and-handling-information-pack-2.pdf
    • http://www.gorillawalker.com/romancing-the-divine-a-story-about-true-love.pdf
    • http://www.gorillawalker.com/the-viking-wars-of-alfred-the-great.pdf
    • http://www.gorillawalker.com/volatile-markets-made-easy-trading-stocks-and-options-for-increased.pdf
    • http://www.gorillawalker.com/around-the-world-with-auntie-mame-signet-book.pdf
    • http://www.gorillawalker.com/verb-phrase-syntax-a-parametric-study-of-english-and-spanish.pdf
    • http://www.gorillawalker.com/china-2030-building-a-modern-harmonious-and-creative-society.pdf
    • http://www.gorillawalker.com/timelinks-sixth-grade-student-practice-and-activity-workbook.pdf
    • http://www.gorillawalker.com/ballade-for-alto-saxophone-and-piano.pdf
    • http://www.gorillawalker.com/lessons-in-the-art-of-war-martial-strategies-for-the.pdf
    • http://www.gorillawalker.com/hellboy-tome-04-la-main-droite-de-la-mort-french.pdf
    • http://www.gorillawalker.com/new-worlds-discoveries-from-our-solar-system.pdf
    • http://www.gorillawalker.com/colon-and-rectal-surgery-anorectal-operations-master-techniques-in-general.pdf
    • http://www.gorillawalker.com/el-ladron-y-la-bailarina-spanish-edition.pdf
    • http://www.gorillawalker.com/water-civilisation-and-power-in-sudan-the-political-economy-of.pdf
    • http://www.gorillawalker.com/scripture-and-counseling-god-s-word-for-life-in-a.pdf
    • http://www.gorillawalker.com/charleston-south-carolina-city-directories-for-the-years-1830-1841.pdf
    • http://www.gorillawalker.com/nasopharyngeal-carcinoma-keys-for-translational-medicine-and-biology-advances-in.pdf
    • http://www.gorillawalker.com/bold-bible-kids-12-character-building-lessons-for-children-s.pdf
    • http://www.gorillawalker.com/art-from-the-heart-mixed-media-collage.pdf
    • http://www.gorillawalker.com/fighting-for-hope-african-american-troops-of-the-93rd-infantry.pdf
    • http://www.gorillawalker.com/world-atlas-four-corners.pdf
    • http://www.gorillawalker.com/the-giant-book-of-christian-sheet-music-easy-piano-giant.pdf
    • http://www.gorillawalker.com/statistical-methods-in-epidemiology-monographs-in-epidemiology-biostatistics.pdf
    • http://www.gorillawalker.com/spiritual-warfare-for-women-winning-the-battle-for-your-home.pdf
    • http://www.gorillawalker.com/anthology-of-romantic-piano-music-an-alfred-masterwork-edition-book.pdf
    • http://www.gorillawalker.com/not-all-princesses-wear-tiaras-empowering-kids-about-gender-roles.pdf
    • http://www.gorillawalker.com/saturn-grand-tour.pdf
    • http://www.gorillawalker.com/european-patent-office-reports-2014-bound-volume.pdf
    • http://www.gorillawalker.com/nature-s-place.pdf
    • http://www.gorillawalker.com/grenada-immigration-laws-and-regulations-handbook-strategic-information-and-basic.pdf
    • http://www.gorillawalker.com/signature-moves-the-finishing-moves-of-sport-entertainment-superstars-paperback.pdf
    • http://www.gorillawalker.com/vampires-encounters-with-the-undead.pdf
    • http://www.gorillawalker.com/blood-music.pdf
    • http://www.gorillawalker.com/the-papers-of-john-c-calhoun-1825-1829-vol-10.pdf
    • http://www.gorillawalker.com/a-treatise-on-insanity-in-which-are-contained-the-principles.pdf
    • http://www.gorillawalker.com/begging-for-it-taboo-interracial-pregnancy-erotica.pdf
    • http://www.gorillawalker.com/the-trouble-with-africa.pdf
    • http://www.gorillawalker.com/nols-backcountry-cooking-creative-menu-planning-for-short-trips-nols.pdf
    • http://www.gorillawalker.com/the-flour-pot-christmas-cookie-book-creating-edible-works-of.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://www.YandY.com
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.