Malicious PDF — malware analysis report

Static analysis result for SHA-256 fda58029710a0418…

MALICIOUS

PDF

45.4 KB Created: 2018-11-14 08:37:30 +03:00 Authoring application: Adobe PageMaker 7.0 (via Acrobat Distiller 5.0.5 for Macintosh)
MD5: 0d6cdd63ba8943e9b8462c3174428210 SHA-1: 5e58f528f54087b519c723d21c1c2ea39ae1aedb SHA-256: fda58029710a0418c9d1ea61bd65979500086595ae80f5efee3069344770dcc6
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF contains a large number of embedded links to external PDF files, all hosted on the same domain. This behavior is indicative of a link farm or a redirection mechanism, likely intended to lead users to malicious content or to manipulate search engine rankings. The ML classifier also flagged this PDF as malicious.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8173

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-wombles-beautiful-boating-weather.pdf
    • http://www.gorillawalker.com/migritude.pdf
    • http://www.gorillawalker.com/lectures-on-behavioral-macroeconomics.pdf
    • http://www.gorillawalker.com/fast-facts-psoriasis.pdf
    • http://www.gorillawalker.com/health-policy-and-the-disadvantaged.pdf
    • http://www.gorillawalker.com/an-introduction-to-tai-chi.pdf
    • http://www.gorillawalker.com/motor-vehicles-and-car-bodies-industry-cluster-report-download-pdf.pdf
    • http://www.gorillawalker.com/estimating-in-building-construction-7th-edition-print-replica-kindle-edition.pdf
    • http://www.gorillawalker.com/le-corbusier-obras-y-proyectos-spanish-portuguese-bilingual-edition.pdf
    • http://www.gorillawalker.com/apm-best-practices-realizing-application-performance-management-books-for-professionals.pdf
    • http://www.gorillawalker.com/collector-s-originality-guide-for-farmall-regular-and-f-series.pdf
    • http://www.gorillawalker.com/classical-rhetoric-with-aristotle-teacher-key.pdf
    • http://www.gorillawalker.com/complete-keyboard-works-ii-suites-music-scores.pdf
    • http://www.gorillawalker.com/evidence-text-problems-and-cases-casebook.pdf
    • http://www.gorillawalker.com/concepts-in-competitive-mathematics-second-edition.pdf
    • http://www.gorillawalker.com/barratry-its-origin-history-and-meaning-in-the-maritime-laws.pdf
    • http://www.gorillawalker.com/misunderstanding-the-internet-communication-and-society.pdf
    • http://www.gorillawalker.com/complete-set-23-volumes-3-vol-dictionary-world-atlas-encyclopeadia.pdf
    • http://www.gorillawalker.com/electromagnetic-waves-proceedings-of-symposium-by-mathematics-research-center-u.pdf
    • http://www.gorillawalker.com/weight-watchers-a-14-day-weight-watchers-diet-plan-for.pdf
    • http://www.gorillawalker.com/the-wealth-choice-success-secrets-of-black-millionaires.pdf
    • http://www.gorillawalker.com/tinder-fails-the-most-wtf-moments-from-the-world-s.pdf
    • http://www.gorillawalker.com/suzuki-viola-school-volumes-3-4-compact-disc-preucil.pdf
    • http://www.gorillawalker.com/the-rhythm-of-prose-an-experimental-investigation-of-individual-difference.pdf
    • http://www.gorillawalker.com/oxygen-transport-to-tissue-xx-advances-in-experimental-medicine-and.pdf
    • http://www.gorillawalker.com/1965-war-the-inside-story.pdf
    • http://www.gorillawalker.com/casenote-legal-briefs-evidence-keyed-to-weinstein-mansfield-abrams-berger.pdf
    • http://www.gorillawalker.com/supervision-in-the-hospitality-industry.pdf
    • http://www.gorillawalker.com/complete-organ-player-hymn-book.pdf
    • http://www.gorillawalker.com/pip-the-dog-and-freddy-the-frog-rhyming-stories.pdf
    • http://www.gorillawalker.com/cleavage-breakaway-fiction-for-real-girls.pdf
    • http://www.gorillawalker.com/what-s-living-in-your-kitchen-hidden-life.pdf
    • http://www.gorillawalker.com/simon-vida-de-bolivar-narrativas-historicas-spanish-edition.pdf
    • http://www.gorillawalker.com/ertragsbesteuerung-von-unternehmen-in-der-europ-ischen-union-er-rterung.pdf
    • http://www.gorillawalker.com/appearance-and-aesthetics-in-dental-practice-dental-practitioner-handbook.pdf
    • http://www.gorillawalker.com/god-is-great-mosaic-paperback.pdf
    • http://www.gorillawalker.com/beach-swingers-sex-series-1.pdf
    • http://www.gorillawalker.com/critical-listening-skills-for-audio-professionals.pdf
    • http://www.gorillawalker.com/l-cole-bruxelloise-d-tude-des-religions-150-ans-d.pdf
    • http://www.gorillawalker.com/uglies-shay-s-story-graphic-novel-uglies-manga.pdf
    • http://www.gorillawalker.com/apm-best-practices-realizing-application-performance-management-
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.