Malicious PDF — malware analysis report

Static analysis result for SHA-256 156f51f74ed2f74b…

MALICIOUS

PDF

44.9 KB Created: 2018-11-14 11:31:34 +03:00 Authoring application: PScript5.dll Version 5.2.2 (via iText 2.1.7 by 1T3XT)
MD5: ac7122893b2c14d7b6cc9fe00dbf4328 SHA-1: 201536e6a804b3cd997da51873d6294160d2225e SHA-256: 156f51f74ed2f74baad689c415431ecfa7e944ec71ac231036fae83e51cd69d1
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded external links, as indicated by the PDF_SEO_LINK_FARM heuristic. While no scripts were explicitly extracted, the presence of embedded URLs and the ML classifier's high confidence score suggest malicious intent. The document body is heavily obfuscated, preventing a clear understanding of its direct lure, but the link farm strongly suggests a distribution or SEO manipulation tactic.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8812

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/make-the-maker-s-manual-a-practical-guide-to-the.pdf
    • http://www.gorillawalker.com/the-journey-to-the-interface-how-public-service-design-can.pdf
    • http://www.gorillawalker.com/design-for-manufacturing-and-assembly-concepts-architectures-and-implementation.pdf
    • http://www.gorillawalker.com/this-little-book-is-valuable-it-contains-description-location-and.pdf
    • http://www.gorillawalker.com/stem-integration-in-k-12-education-status-prospects-and-an.pdf
    • http://www.gorillawalker.com/beyond-the-data-warehouse-new-markets-for-parallel-marketing-ovum.pdf
    • http://www.gorillawalker.com/corporate-finance-debt-equity-and-derivative-markets-and-their-intermediaries.pdf
    • http://www.gorillawalker.com/computing-with-instinct-rediscovering-artificial-intelligence-lecture-notes-in-computer.pdf
    • http://www.gorillawalker.com/the-food-clock-a-year-of-cooking-seasonally.pdf
    • http://www.gorillawalker.com/having-a-baby.pdf
    • http://www.gorillawalker.com/the-beauty-of-the-beast-luna-werewolves-14-siren-publishing.pdf
    • http://www.gorillawalker.com/mommy-s-little-hucow-bundle-submissive-hucow-marriage-and-childbirth.pdf
    • http://www.gorillawalker.com/fifth-symposium-optics-in-industry-proceedings-of-spie.pdf
    • http://www.gorillawalker.com/books-by-offset-lithography-1947-exhibit.pdf
    • http://www.gorillawalker.com/in-the-company-of-eck-masters.pdf
    • http://www.gorillawalker.com/a-treatise-on-cosmic-fire.pdf
    • http://www.gorillawalker.com/on-conducting-kindle-edition.pdf
    • http://www.gorillawalker.com/cristo-s-chronicles-book-one-the-king-s-challenge-kindle.pdf
    • http://www.gorillawalker.com/giving-back-real-world-math.pdf
    • http://www.gorillawalker.com/c-mo-recuperar-a-tu-ex-para-hombres-para-hombres.pdf
    • http://www.gorillawalker.com/the-three-big-questions-for-a-frantic-family-a-leadership.pdf
    • http://www.gorillawalker.com/business-process-management-and-the-balanced-scorecard-focusing-processes-on.pdf
    • http://www.gorillawalker.com/kubori-kikiam-strips-for-the-soul-2.pdf
    • http://www.gorillawalker.com/praktische-krankenhaushygiene-ein-leitfaden-zur-verh-tung-von-krankenhausinfektionen-fachschwester.pdf
    • http://www.gorillawalker.com/business-combinations-international-accounting.pdf
    • http://www.gorillawalker.com/carless-in-chicago.pdf
    • http://www.gorillawalker.com/henriette-von-waldeck-oder-die-laube-neuzusammenstellung-german-edition.pdf
    • http://www.gorillawalker.com/non-archimedean-analysis-quantum-paradoxes-dynamical-systems-and-biological-models.pdf
    • http://www.gorillawalker.com/paris-noir-african-americans-in-the-city-of-light.pdf
    • http://www.gorillawalker.com/the-great-pianists-from-mozart-to-the-present.pdf
    • http://www.gorillawalker.com/my-sweet-lord-sheet-music-three-part.pdf
    • http://www.gorillawalker.com/bleak-house-the-death-of-rudolph-van-richten-ad-d.pdf
    • http://www.gorillawalker.com/a-sissy-story-feminized-for-her-how-he-became-a.pdf
    • http://www.gorillawalker.com/lamb-problems-detecting-diagnosing-treating.pdf
    • http://www.gorillawalker.com/quiet-time-piano-vol-2.pdf
    • http://www.gorillawalker.com/fascinating-science-experiments-for-young-people-dover-children-s-science.pdf
    • http://www.gorillawalker.com/true-stories-of-the-korean-comfort-women-the-korean-council.pdf
    • http://www.gorillawalker.com/smoldering-the-prince-of-zammar-3-kindle-edition.pdf
    • http://www.gorillawalker.com/entrevoir-hardcover.pdf
    • http://www.gorillawalker.com/the-norton-anthology-of-english-literature-the-major-authors-ninth.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.