Malicious PDF — malware analysis report

Static analysis result for SHA-256 ffb42e85af17575d…

MALICIOUS

PDF

43.9 KB Created: 2019-04-03 18:18:59 +03:00 Authoring application: (Infix Pro) (via PDFKit.NET 3.0.58.0)
MD5: bd5122acf27af8013c1f52abcf3541d9 SHA-1: 5a4609173bb0be830e32badebe27f4246ad00107 SHA-256: ffb42e85af17575d93c377f39e65ffb6f2bc27952d4a27e0ce361eb6f4c4b0c8
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF was flagged by a machine learning classifier and contains a significant number of embedded links to other PDF files on the same domain, indicating a link farm. This technique is often used for SEO manipulation or to distribute a large volume of content, potentially including malicious payloads. No scripts were extracted, and the document body was unreadable.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8452

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/clarkesworld-issue-81.pdf
    • http://www.gorillawalker.com/the-crossover-kindle-edition.pdf
    • http://www.gorillawalker.com/gay-erotic-stories-gay-erotica-club-unlimited-gay-romance-erotic.pdf
    • http://www.gorillawalker.com/the-instructor-the-man-and-the-job-a-handbook-for.pdf
    • http://www.gorillawalker.com/background-notes-czech-republic-sudoc-s-1-123-c-99.pdf
    • http://www.gorillawalker.com/taking-the-lead-alec-london-series.pdf
    • http://www.gorillawalker.com/the-truth-about-the-harbinger-addressing-the-controversy-and-discovering.pdf
    • http://www.gorillawalker.com/spelling-success.pdf
    • http://www.gorillawalker.com/the-path-to-corporate-nirvana-applying-the-relationship-age-framework.pdf
    • http://www.gorillawalker.com/the-art-of-aromatherapy.pdf
    • http://www.gorillawalker.com/position-play-in-three-cushion-billiards.pdf
    • http://www.gorillawalker.com/cracking-the-sat-ii-spanish-2003-2004-edition-college-test.pdf
    • http://www.gorillawalker.com/becoming-a-truck-driver-the-raw-truth-about-truck-driving.pdf
    • http://www.gorillawalker.com/el-gaucho-martin-fierro-the-gaucho-martin-fierro-bilingual-edition.pdf
    • http://www.gorillawalker.com/civil-litigation-and-dispute-resolution-legal-english-exercise-book.pdf
    • http://www.gorillawalker.com/the-pot-book-a-complete-guide-to-cannabis-kindle-edition.pdf
    • http://www.gorillawalker.com/the-breakdown-of-democratic-regimes.pdf
    • http://www.gorillawalker.com/multimedia-deals-in-the-music-industry-reports-presented-at-the.pdf
    • http://www.gorillawalker.com/the-norton-history-of-the-human-sciences-norton-history-of.pdf
    • http://www.gorillawalker.com/page-one-inside-the-new-york-times-and-the-future.pdf
    • http://www.gorillawalker.com/spectral-elements-for-transport-dominated-equations-lecture-notes-in-computational.pdf
    • http://www.gorillawalker.com/the-violin-masterpieces-of-guarneri-del-ges.pdf
    • http://www.gorillawalker.com/an-introduction-to-fire-dynamics.pdf
    • http://www.gorillawalker.com/calling-all-customers-calling-all-book-3.pdf
    • http://www.gorillawalker.com/siegels-constitutional-law-essay-multi-choice-q-a-fifth-edition.pdf
    • http://www.gorillawalker.com/dreamscapes-magical-menagerie-creating-fantasy-creatures-and-animals-with-watercolor.pdf
    • http://www.gorillawalker.com/christian-counseling-healing-the-tribes-of-man.pdf
    • http://www.gorillawalker.com/hall-effect-devices-second-edition-series-in-sensors.pdf
    • http://www.gorillawalker.com/now-playing-at-the-valencia-pulitzer-prize-winning-essays-on.pdf
    • http://www.gorillawalker.com/the-church-hesitant-a-portrait-of-the-church-of-england.pdf
    • http://www.gorillawalker.com/fat-shortcuts.pdf
    • http://www.gorillawalker.com/atlas-of-human-histology-ultrastructure.pdf
    • http://www.gorillawalker.com/head-first-c-second-edition-head-first-guides.pdf
    • http://www.gorillawalker.com/web-based-learning-solutions-for-communities-of-practice-developing-virtual.pdf
    • http://www.gorillawalker.com/basics-of-legal-writing.pdf
    • http://www.gorillawalker.com/the-element-of-evil-the-element-series-volume-2.pdf
    • http://www.gorillawalker.com/the-formula-how-algorithms-solve-all-our-problems-and-create.pdf
    • http://www.gorillawalker.com/fishes-an-introduction-to-ichthyology-second-edition-s5.pdf
    • http://www.gorillawalker.com/thunder-bay-diy-city-guide-and-travel-journal-city-notebook.pdf
    • http://www.gorillawalker.com/cardiothoracic-critical-care-1e.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.