Malicious PDF — malware analysis report

Static analysis result for SHA-256 f639354b7ac53087…

MALICIOUS

PDF

41.6 KB Created: 2019-03-18 08:33:57 +03:00 Authoring application: PScript5.dll Version 5.2.2 (via Acrobat Distiller 10.1.4 (Windows))
MD5: 2048d8d646552fd88b32a90812e177c2 SHA-1: ed525a206e1596c34926db90c2de0943831b1b3b SHA-256: f639354b7ac530870007dee26c0a0e039cee7d7643be31c3869e7e27b4308eb7
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious File

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged the document as malicious. The primary attack pattern appears to be a link farm, likely for SEO manipulation or to distribute further malicious content, rather than a direct exploit within the PDF itself. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8872

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/appearance-and-aesthetics-in-dental-practice-dental-practitioner-handbook.pdf
    • http://www.gorillawalker.com/cleavage-breakaway-fiction-for-real-girls.pdf
    • http://www.gorillawalker.com/revisiting-the-piano-solo-pnomichael-nyman.pdf
    • http://www.gorillawalker.com/in-the-stables.pdf
    • http://www.gorillawalker.com/through-mathematical-eyes-exploring-functional-relationships-in-math-and-science.pdf
    • http://www.gorillawalker.com/l-cole-bruxelloise-d-tude-des-religions-150-ans-d.pdf
    • http://www.gorillawalker.com/the-making-of-star-trek.pdf
    • http://www.gorillawalker.com/lennie-niehaus-plays-the-blues-eb-edition-book-cd-set.pdf
    • http://www.gorillawalker.com/oxygen-transport-to-tissue-xx-advances-in-experimental-medicine-and.pdf
    • http://www.gorillawalker.com/pip-the-dog-and-freddy-the-frog-rhyming-stories.pdf
    • http://www.gorillawalker.com/classical-rhetoric-with-aristotle-teacher-key.pdf
    • http://www.gorillawalker.com/migritude.pdf
    • http://www.gorillawalker.com/backpacking-oregon-from-rugged-coastline-to-mountain-meadow.pdf
    • http://www.gorillawalker.com/el-zoologico-matematico-the-zoo-math-matematicas-del-zoologico-spanish.pdf
    • http://www.gorillawalker.com/wet-weekend-a-second-spritzing-of-lesbian-gold-even-more.pdf
    • http://www.gorillawalker.com/simon-vida-de-bolivar-narrativas-historicas-spanish-edition.pdf
    • http://www.gorillawalker.com/the-prince-a-novella-the-selection.pdf
    • http://www.gorillawalker.com/complete-set-23-volumes-3-vol-dictionary-world-atlas-encyclopeadia.pdf
    • http://www.gorillawalker.com/tinder-fails-the-most-wtf-moments-from-the-world-s.pdf
    • http://www.gorillawalker.com/cross-border-insolvency.pdf
    • http://www.gorillawalker.com/the-rhythm-of-prose-an-experimental-investigation-of-individual-difference.pdf
    • http://www.gorillawalker.com/the-wombles-beautiful-boating-weather.pdf
    • http://www.gorillawalker.com/d-b-country-report-macedonia-download-pdf-digital.pdf
    • http://www.gorillawalker.com/studyguide-for-discrete-mathematics-and-its-applications-by-rosen-kenneth.pdf
    • http://www.gorillawalker.com/an-introduction-to-tai-chi.pdf
    • http://www.gorillawalker.com/concepts-in-competitive-mathematics-second-edition.pdf
    • http://www.gorillawalker.com/rural-ethnic-minority-youth-and-families-in-the-united-states.pdf
    • http://www.gorillawalker.com/god-is-great-mosaic-paperback.pdf
    • http://www.gorillawalker.com/uglies-shay-s-story-graphic-novel-uglies-manga.pdf
    • http://www.gorillawalker.com/business-and-competitive-analysis-effective-application-of-new-and-classic.pdf
    • http://www.gorillawalker.com/intellectual-property-in-the-new-technological-age.pdf
    • http://www.gorillawalker.com/complete-organ-player-hymn-book.pdf
    • http://www.gorillawalker.com/misunderstanding-the-internet-communication-and-society.pdf
    • http://www.gorillawalker.com/what-s-living-in-your-kitchen-hidden-life.pdf
    • http://www.gorillawalker.com/critical-listening-skills-for-audio-professionals.pdf
    • http://www.gorillawalker.com/1965-war-the-inside-story.pdf
    • http://www.gorillawalker.com/china-express.pdf
    • http://www.gorillawalker.com/le-corbusier-obras-y-proyectos-spanish-portuguese-bilingual-edition.pdf
    • http://www.gorillawalker.com/nothing-special-volume-1.pdf
    • http://www.gorillawalker.com/a-reluctant-companion-after-the-end.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.