Malicious PDF — malware analysis report

Static analysis result for SHA-256 1ab0276f5905e73f…

MALICIOUS

PDF

44.5 KB Created: 2018-12-14 20:01:08 +03:00 Authoring application: Acrobat PDFMaker 11 for Word (via Adobe PDF Library 11.0)
MD5: 46b33bc4cc4ddc4f90b58c87a411eaa1 SHA-1: 8b6516482242688242040f24257446f6d02dad4e SHA-256: 1ab0276f5905e73f8a209f29d937297fd41dc7e44ef1f396fb7cca459a398e46
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF contains a large number of embedded URLs pointing to external PDF files on the same domain, as indicated by the PDF_SEO_LINK_FARM heuristic. This suggests a tactic to manipulate search engine rankings or to serve as a distribution point for further malicious content. The ML_NYX_PDF_MALICIOUS heuristic also flagged the document as malicious. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.7914

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/erotica-alpha-man-trains-big-beautiful-woman-explicit-bbw-romance.pdf
    • http://www.gorillawalker.com/heap-house-book-one-the-iremonger-trilogy.pdf
    • http://www.gorillawalker.com/belgium-the-land-and-the-people.pdf
    • http://www.gorillawalker.com/advanced-practice-palliative-nursing.pdf
    • http://www.gorillawalker.com/cross-border-cooperation-structures-in-europe-learning-from-the-past.pdf
    • http://www.gorillawalker.com/chinese-cooking-for-dummies.pdf
    • http://www.gorillawalker.com/introducing-maven.pdf
    • http://www.gorillawalker.com/ecocities-rebuilding-cities-in-balance-with-nature.pdf
    • http://www.gorillawalker.com/fragments.pdf
    • http://www.gorillawalker.com/the-black-widow-the-catherine-nevin-story.pdf
    • http://www.gorillawalker.com/debating-war-why-arguments-opposing-american-wars-and-interventions-fail.pdf
    • http://www.gorillawalker.com/the-underdog-edge-how-ordinary-people-change-the-minds-of.pdf
    • http://www.gorillawalker.com/loverboy-an-irwin-hasen-story-pb.pdf
    • http://www.gorillawalker.com/bobbsey-twins-05-the-mystery-at-snow-lodge.pdf
    • http://www.gorillawalker.com/button-man-kindle-edition.pdf
    • http://www.gorillawalker.com/introductory-textbook-of-psychiatry-sixth-edition.pdf
    • http://www.gorillawalker.com/cherry-orchard-a-comedy-in-four-acts.pdf
    • http://www.gorillawalker.com/alberto-pinto-signature-interiors.pdf
    • http://www.gorillawalker.com/the-global-money-markets.pdf
    • http://www.gorillawalker.com/covenant-marriage-staying-together-for-life.pdf
    • http://www.gorillawalker.com/kingdom-living-how-to-activate-your-spiritual-authority.pdf
    • http://www.gorillawalker.com/boko-haram-in-nigeria-encyclopedia-confronting-terrorism-from-the-islamic.pdf
    • http://www.gorillawalker.com/terminal-iron-works-the-sculpture-of-david-smith.pdf
    • http://www.gorillawalker.com/savearound-spokane-2014-coupon-book.pdf
    • http://www.gorillawalker.com/green-s-functions-with-applications.pdf
    • http://www.gorillawalker.com/utopia.pdf
    • http://www.gorillawalker.com/yertle-the-turtle-version-2.pdf
    • http://www.gorillawalker.com/100-beauty-techniques.pdf
    • http://www.gorillawalker.com/straight-talk-for-the-new-public-speaker-2nd-edition.pdf
    • http://www.gorillawalker.com/the-empowered-leader-10-keys-to-servant-leadership.pdf
    • http://www.gorillawalker.com/caffeine-makes-me-bleed-and-how-it-can-poison-you.pdf
    • http://www.gorillawalker.com/soul-choices-six-paths-to-find-fulfilling-relationships.pdf
    • http://www.gorillawalker.com/lost-in-language-a-tragicomic-memoir-about-how-one-man.pdf
    • http://www.gorillawalker.com/blues-jazz-rock-rags-book-2-12-original-piano-solos.pdf
    • http://www.gorillawalker.com/management-models-for-corporate-social-responsibility.pdf
    • http://www.gorillawalker.com/advances-in-chemical-physics-fractals-diffusion-and-relaxation-in-disordered.pdf
    • http://www.gorillawalker.com/chemical-for-community-dental-oral-care-medical-technology-midwifery-maternal.pdf
    • http://www.gorillawalker.com/by-thomas-kinkade-thomas-kinkade-the-disney-dreams-collection-2015.pdf
    • http://www.gorillawalker.com/mountain-bike-indiana-an-atlas-of-indiana-s-greatest-off.pdf
    • http://www.gorillawalker.com/the-best-ever-book-of-roofer-jokes-lots-and-lots.pdf
    • http://www.gorillawalker.com/cross-bor
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.