Malicious PDF — malware analysis report

Static analysis result for SHA-256 f58a1f869411b7ed…

MALICIOUS

PDF

41.0 KB Created: 2018-12-07 18:28:17 +03:00 Authoring application: FrameMaker 8.0 (via Acrobat Distiller 10.0.1 (Windows))
MD5: bebd4bb0bee6fc01a2712a37670ca4ec SHA-1: 2e5986efae8609b7cba1e87e1841d40703cccbba SHA-256: f58a1f869411b7edd40260d005258fd7baebe3ee527ea67ba0c5212dd78dc032
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious File

The PDF was flagged by a critical heuristic for containing a large number of external links, suggesting a link farm or SEO abuse. The ML classifier also indicated a high probability of maliciousness. While no scripts were extracted, the sheer volume of embedded URLs points towards a malicious intent, likely to distribute further content or engage in SEO manipulation.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9027

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/geology-and-landscapes-of-scotland.pdf
    • http://www.gorillawalker.com/the-black-phoenix.pdf
    • http://www.gorillawalker.com/be-cool-stay-in-school-with-over-100-reason-to.pdf
    • http://www.gorillawalker.com/the-route-taken-by-the-men-who-raised-me-kindle.pdf
    • http://www.gorillawalker.com/sumo-mouse.pdf
    • http://www.gorillawalker.com/the-gamble-bareknuckle-kindle-edition.pdf
    • http://www.gorillawalker.com/the-royal-line-of-succession.pdf
    • http://www.gorillawalker.com/national-geographic-readers-planets-kindle-edition.pdf
    • http://www.gorillawalker.com/great-pyrenees-calendar-multilingual-edition.pdf
    • http://www.gorillawalker.com/diagnosis-and-management-of-pediatric-sinusitis.pdf
    • http://www.gorillawalker.com/d-h-lawrence-and-the-experience-of-italy.pdf
    • http://www.gorillawalker.com/straight-talk-for-college-seniors-how-to-get-a-high.pdf
    • http://www.gorillawalker.com/successful-lone-star-divorce-how-to-cope-with-a-family.pdf
    • http://www.gorillawalker.com/madrid-y-alrededores-madrid-and-surroundings-guia-total-total-guide.pdf
    • http://www.gorillawalker.com/oliver-twist-unabridged.pdf
    • http://www.gorillawalker.com/the-blackfeet-first-americans-benchmark.pdf
    • http://www.gorillawalker.com/dragon-strike.pdf
    • http://www.gorillawalker.com/a-multicultural-reader-collection-two-many-voices-literature.pdf
    • http://www.gorillawalker.com/wholeness-and-the-implicate-order.pdf
    • http://www.gorillawalker.com/my-first-briefcase-a-junior-executive-board-book-set.pdf
    • http://www.gorillawalker.com/business-12th-edition.pdf
    • http://www.gorillawalker.com/wings-in-orbit-scientific-and-engineering-legacies-of-the-space.pdf
    • http://www.gorillawalker.com/old-testament-figures-in-art-a-guide-to-imagery-guide.pdf
    • http://www.gorillawalker.com/brewer-s-dictionary-of-phrase-and-fable-centenary-edition-revised.pdf
    • http://www.gorillawalker.com/spanish-protestants-and-reformers-in-the-sixteenth-century-a-bibliography.pdf
    • http://www.gorillawalker.com/my-best-friend-claire-my-first-lesbian-experience.pdf
    • http://www.gorillawalker.com/moishele-and-the-flowerless-rosebush.pdf
    • http://www.gorillawalker.com/the-globe-theater-building-world-landmarks.pdf
    • http://www.gorillawalker.com/hangin-with-the-backstreet-boys-an-unauthorized-biography.pdf
    • http://www.gorillawalker.com/preparing-teachers-for-the-21st-century-new-frontiers-of-educational.pdf
    • http://www.gorillawalker.com/insulted-and-the-injured.pdf
    • http://www.gorillawalker.com/vampire-on-the-farm-dial-books-for-young-readers.pdf
    • http://www.gorillawalker.com/italian-for-beginners-languages-for-beginners.pdf
    • http://www.gorillawalker.com/catharine-beecher-a-study-in-american-domesticity-norton-library.pdf
    • http://www.gorillawalker.com/broker-dealer-regulation-4-volume-set.pdf
    • http://www.gorillawalker.com/best-seller-spanish-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/time-management-how-to-multitask-improve-productivity-and-stop-procrastination.pdf
    • http://www.gorillawalker.com/control-your-cash-making-money-make-sense-kindle-edition.pdf
    • http://www.gorillawalker.com/winning-at-math-your-guide-to-learning-mathematics-through-successful.pdf
    • http://www.gorillawalker.com/coffee-break-french-5-lessons-21-25-learn-french-in.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.