Malicious PDF — malware analysis report

Static analysis result for SHA-256 f93b73923934a163…

MALICIOUS

PDF

39.7 KB Created: 2019-01-06 08:09:16 +03:00 Authoring application: Acrobat PDFMaker 10.1 for Word (via Adobe PDF Library 10.0)
MD5: 8b1189251efb873f870141d471204983 SHA-1: 83a54e3d2c00d290f0a121087293b96033704346 SHA-256: f93b73923934a163ec656322bdb55f39ef2c1743f74a26f86dd4607d08a284a9
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged this PDF as malicious. The primary attack pattern appears to be a link farm, likely intended to manipulate search engine results or distribute further malicious content through the linked PDFs. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8872

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/animus-vox-humana-judaica-kindle-edition.pdf
    • http://www.gorillawalker.com/james-joyce-in-the-nineteenth-century.pdf
    • http://www.gorillawalker.com/power-texting-men-the-best-texting-attraction-book-to-get.pdf
    • http://www.gorillawalker.com/yes-you-can-speak-korean-book-1-korean-edition.pdf
    • http://www.gorillawalker.com/claimed-by-the-shifters-a-bbw-shifter-erotic-romance-too.pdf
    • http://www.gorillawalker.com/mega-fun-map-skills-grades-k-1.pdf
    • http://www.gorillawalker.com/tradition-and-composition-in-the-epistula-apostolorum-harvard-dissertations-in.pdf
    • http://www.gorillawalker.com/vitalsource-edition-for-understanding-psychology-access-card-11th-edition.pdf
    • http://www.gorillawalker.com/lumen-captain-martin-bora.pdf
    • http://www.gorillawalker.com/relational-theory-and-the-practice-of-psychotherapy.pdf
    • http://www.gorillawalker.com/men-at-arms-a-discworld-novel.pdf
    • http://www.gorillawalker.com/poland-2004-michelin-national-maps.pdf
    • http://www.gorillawalker.com/aaron-rodgers-football-stars-up-close.pdf
    • http://www.gorillawalker.com/henry-v-s-navy-the-sea-road-to-agincourt-and.pdf
    • http://www.gorillawalker.com/of-soup-i-sing-kindle-edition.pdf
    • http://www.gorillawalker.com/public-relations-for-asia.pdf
    • http://www.gorillawalker.com/one-river-two-cultures-a-history-of-the-bella-coola.pdf
    • http://www.gorillawalker.com/wow-ruby-learns-about-world-of-wellness-stdnt-bk-ornge.pdf
    • http://www.gorillawalker.com/childcraft-dictionary.pdf
    • http://www.gorillawalker.com/vaccine-seems-to-prevent-genital-herpes-in-women-brief-article.pdf
    • http://www.gorillawalker.com/free-love.pdf
    • http://www.gorillawalker.com/republic-of-love.pdf
    • http://www.gorillawalker.com/amsterdam-architecture-a-guide.pdf
    • http://www.gorillawalker.com/great-moments-in-media.pdf
    • http://www.gorillawalker.com/l-endettement-du-tiers-monde-alternatives-economiques-serie-synthese-french.pdf
    • http://www.gorillawalker.com/strange-leadership-40-ways-to-lead-an-innovative-organization.pdf
    • http://www.gorillawalker.com/claims-how-to-collect-insurance-money-without-a-lawyer.pdf
    • http://www.gorillawalker.com/pij.pdf
    • http://www.gorillawalker.com/softball-surprise-jake-maddox-girl-sports-stories.pdf
    • http://www.gorillawalker.com/ravana-roar-of-the-demon-king-a-graphic-novel-campfire.pdf
    • http://www.gorillawalker.com/the-light-at-the-end-of-the-diaper-pail-inspiration.pdf
    • http://www.gorillawalker.com/the-mysteries-of-godliness-a-history-of-mormon-temple-worship.pdf
    • http://www.gorillawalker.com/made-in-great-britain.pdf
    • http://www.gorillawalker.com/davenport-s-pennsylvania-will-and-estate-planning-legal-forms.pdf
    • http://www.gorillawalker.com/the-art-of-comic-book-inking-2nd-edition.pdf
    • http://www.gorillawalker.com/expresate-student-edition-level-3-2008-expr-sate.pdf
    • http://www.gorillawalker.com/mounted-by-a-monster-boxed-set-volume-16.pdf
    • http://www.gorillawalker.com/the-travels-of-the-jesuits-in-ethiopia-1710-by-tellez.pdf
    • http://www.gorillawalker.com/the-complete-keyboard-player-book-2.pdf
    • http://www.gorillawalker.com/fundamentos-de-medicina-osteopatica-2b-edicion-spanish-edition.pdf
    • http://www.gorillawalke
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.