Malicious PDF — malware analysis report

Static analysis result for SHA-256 f9cb71c6996b791b…

MALICIOUS

PDF

33.5 KB Created: 2019-09-15 18:29:46 +03:00 Authoring application: Adobe InDesign CS4 (6.0.6) (via Mac OS X 10.9.1 Quartz PDFContext)
MD5: 38921fda0e26bb6d6da6fd24fc25abf8 SHA-1: 13c328a82a6d26e938834e31e6217ce8e3df4774 SHA-256: f9cb71c6996b791b0c21180384367c9fa0600b59c4a4df3b2c4740c3504c6c64
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF was flagged by a critical heuristic for containing a mass external link farm, with 32 links pointing to PDFs on the same domain. The ML classifier also indicated a high probability of maliciousness. The document body appears to be obfuscated or corrupted, preventing analysis of its direct content. The primary attack pattern involves directing users to a large number of external URLs, likely for SEO manipulation or to host further malicious content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8529

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/emergency-relief-operations-international-humanitarian-affairs.pdf
    • http://www.gorillawalker.com/a-few-seconds-of-panic-a-sportswriter-plays-in-the.pdf
    • http://www.gorillawalker.com/10-steps-to-better-living-with-diabetes.pdf
    • http://www.gorillawalker.com/nietzsche-attempt-at-a-mythology-international-nietzsche-studies.pdf
    • http://www.gorillawalker.com/centrifugal-compressors-principles-of-operation-and-control-monograph-series-instrument.pdf
    • http://www.gorillawalker.com/los-angeles-visual-notebook-brown.pdf
    • http://www.gorillawalker.com/count-your-way-through-korea.pdf
    • http://www.gorillawalker.com/manuel-scotland-s-first-serial-killer.pdf
    • http://www.gorillawalker.com/a-reluctant-cinderella.pdf
    • http://www.gorillawalker.com/conquest-and-empire-the-reign-of-alexander-the-great-canto.pdf
    • http://www.gorillawalker.com/leeds-explorer-maps-289-os-explorer-map.pdf
    • http://www.gorillawalker.com/beauty-wellness-dictionary-for-cosmetologists-barbers-estheticians-and-nail-technicians.pdf
    • http://www.gorillawalker.com/collins-glasgow-streetfinder-collins-travel-guides.pdf
    • http://www.gorillawalker.com/t-a-typology-of-t-shirts.pdf
    • http://www.gorillawalker.com/early-music-vol-10-no-1-jan-1982-the-recorder.pdf
    • http://www.gorillawalker.com/activist-documentary-film-in-pakistan-the-emergence-of-a-cinema.pdf
    • http://www.gorillawalker.com/rescue-at-sea-an-international-history-of-lifesaving-coastal-rescue.pdf
    • http://www.gorillawalker.com/garage-band.pdf
    • http://www.gorillawalker.com/spectacular-homes-of-the-heartland-an-exclusive-showcase-of-the.pdf
    • http://www.gorillawalker.com/the-sexual-teachings-of-the-jade-dragon-taoist-methods-for.pdf
    • http://www.gorillawalker.com/self-editing-on-a-penny-a-comprehensive-guide.pdf
    • http://www.gorillawalker.com/bromley-girls.pdf
    • http://www.gorillawalker.com/regents-high-school-english-language-arts-common-core-exam-flashcard.pdf
    • http://www.gorillawalker.com/life-under-glass-inside-story-of-biosphere-2.pdf
    • http://www.gorillawalker.com/chansons-vertes-et-autres-textes-engag-s-l-cologie-fran.pdf
    • http://www.gorillawalker.com/marriage-law-self-study-tutorial-national-higher-education-self-examination.pdf
    • http://www.gorillawalker.com/with-this-kiss-historical-collection-five-beautiful-christian-stories-by.pdf
    • http://www.gorillawalker.com/i-blame-morrisey-my-adventures-with-indie-pop-and-emotional.pdf
    • http://www.gorillawalker.com/metal-fabrication-technology.pdf
    • http://www.gorillawalker.com/the-battle-of-midway-pivotal-moments-in-american-history.pdf
    • http://www.gorillawalker.com/the-silence-of-the-lambs-hannibal-lecter.pdf
    • http://www.gorillawalker.com/wine-country-chef-s-table-extraordinary-recipes-from-napa-and.pdf
    • http://www.gorillawalker.com/the-ark-before-noah-decoding-the-story-of-the-flood.pdf
    • http://www.gorillawalker.com/queen-of-france-a-biography-of-marie-antoinette.pdf
    • http://www.gorillawalker.com/islam-assembled-the-advent-of-the-muslim-congresses.pdf
    • http://www.gorillawalker.com/carolinas-gardener-s-handbook-all-you-need-to-know-to.pdf
    • http://www.gorillawalker.com/assessing-psychological-trauma-and-ptsd.pdf
    • http://www.gorillawalker.com/rebecca-s-choice-amish-romance.pdf
    • http://www.gorillawalker.com/make-more-love-dutch-edition.pdf
    • http://www.gorillawalker.com/clep-principles-of-marketing-exam-secrets-study-guide-clep-test.pdf
    • http://www.gorillawalker.com/leeds
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.