Malicious PDF — malware analysis report

Static analysis result for SHA-256 fe33174d762a2eaa…

MALICIOUS

PDF

41.4 KB Created: 2018-12-15 08:35:28 +03:00 Authoring application: Adobe PageMaker 6.5 (via Acrobat Distiller 3.0 for Windows)
MD5: a004c6a24e0e2c2fcf0c5418c46296f1 SHA-1: dec772fb04d13a10cbb2b35897fad2b8f420a2ff SHA-256: fe33174d762a2eaa138e7245cdd0ed403661d1cbf3c6e0ff77e57b0559324600
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF file was flagged by a machine learning classifier as malicious. Static analysis revealed a large number of embedded external links, a technique often used for SEO poisoning or to distribute further malicious content. The primary heuristic identified a 'PDF_SEO_LINK_FARM' with 32 external links, suggesting a deceptive or manipulative purpose.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9027

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/by-emily-von-euw-100-best-juices-smoothies-and-healthy.pdf
    • http://www.gorillawalker.com/man-of-steel-superman-s-superpowers-i-can-read-book.pdf
    • http://www.gorillawalker.com/young-charles-sumner-and-the-legacy-of-the-american-enlightenment.pdf
    • http://www.gorillawalker.com/death-spins-the-platter-ellery-queen-mysteries.pdf
    • http://www.gorillawalker.com/geography-texas-guided-reading-workbook.pdf
    • http://www.gorillawalker.com/sheet-music-1950-that-s-a-plenty-ray-gilbert-lew.pdf
    • http://www.gorillawalker.com/grossman-s-cardiac-catheterization-angiography-and-intervention.pdf
    • http://www.gorillawalker.com/for-the-good-of-the-rider.pdf
    • http://www.gorillawalker.com/cognitive-behavioral-therapy.pdf
    • http://www.gorillawalker.com/time-in-a-bottle-mastering-the-experience-of-life.pdf
    • http://www.gorillawalker.com/practical-methods-for-legal-investigations-concepts-and-protocols-in-civil.pdf
    • http://www.gorillawalker.com/my-big-mouth-10-songs-i-wrote-that-almost-got.pdf
    • http://www.gorillawalker.com/hacer-que-su-las-galletas-y-pasteles-en-el-hogar.pdf
    • http://www.gorillawalker.com/the-official-scrabble-players-dictionary-fifth-edition.pdf
    • http://www.gorillawalker.com/third-edition-medical-terminology-abbreviations-mini-dictionary-to-read-the.pdf
    • http://www.gorillawalker.com/netiquette-internet-etiquette-in-the-age-of-the-blog.pdf
    • http://www.gorillawalker.com/baby-signs-for-animals-baby-signs-harperfestival.pdf
    • http://www.gorillawalker.com/also-hat-gott-die-welt-geliebt-bwv-68-full-score.pdf
    • http://www.gorillawalker.com/the-watercolorist-s-essential-notebook-landscapes.pdf
    • http://www.gorillawalker.com/these-hamptons.pdf
    • http://www.gorillawalker.com/the-rise-of-renegade-x.pdf
    • http://www.gorillawalker.com/how-rabbit-got-his-ears-a-mayan-indian-story.pdf
    • http://www.gorillawalker.com/winning-at-innovation-the-a-to-f-model-hardback-common.pdf
    • http://www.gorillawalker.com/autobiography-of-friedrich-froebel-tr-and-annotated-by-emilie-michaelis.pdf
    • http://www.gorillawalker.com/usaf-and-vnaf-a-1-skyraider-units-of-the-vietnam.pdf
    • http://www.gorillawalker.com/the-meccan-revelations-volume-1-of-37-al-futuhat-al.pdf
    • http://www.gorillawalker.com/coaching-perspectives-iii.pdf
    • http://www.gorillawalker.com/time-and-drumming.pdf
    • http://www.gorillawalker.com/without-anesthesia-a-novel.pdf
    • http://www.gorillawalker.com/aero-therapeutics-or-the-treatment-of-lung-diseases-by-climate.pdf
    • http://www.gorillawalker.com/introduction-of-macromolecular-science-polymeric-materials-into-the-foundational-course.pdf
    • http://www.gorillawalker.com/the-use-of-language-center-for-the-study-of-language.pdf
    • http://www.gorillawalker.com/encyclopedia-of-earth-observations.pdf
    • http://www.gorillawalker.com/jack-russell-terriers-18-month-2014-calendar-multilingual-edition.pdf
    • http://www.gorillawalker.com/in-search-of-shipwrecks.pdf
    • http://www.gorillawalker.com/clawhammer-banjo-from-scratch-a-guide-for-the-claw-less.pdf
    • http://www.gorillawalker.com/sparky-barcelona-bayern-and-back.pdf
    • http://www.gorillawalker.com/school-of-udhra-paperback.pdf
    • http://www.gorillawalker.com/never-goodnight.pdf
    • http://www.gorillawalker.com/tangram-1-600-ancient-chinese-puzzles-evergreen-series.pdf
    • http://www.gorillawalker.com/grossman-s-cardiac-catheterization-angiography-and-intervention
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.