Malicious PDF — malware analysis report

Static analysis result for SHA-256 1bd35fd3d3e95d95…

MALICIOUS

PDF

43.7 KB Created: 2018-11-14 11:32:09 +03:00 Authoring application: FrameMaker 10.0.2 (via Acrobat Distiller 10.1.15 (Windows))
MD5: 9b219085ce1dcf79679afdad1fd4e6bb SHA-1: c72a95f9a8c809634c376ab5e773fd6067cacfd4 SHA-256: 1bd35fd3d3e95d95ec924c0fa610c7793e1321b14ac3aa24b2311809171982d4
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged the document as malicious. The primary attack pattern appears to be a link farm, likely for SEO manipulation or to distribute further malicious content. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8859

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/keyboarding-made-simple-learn-the-best-techniques-for-keyboarding-like.pdf
    • http://www.gorillawalker.com/chulito-a-novel.pdf
    • http://www.gorillawalker.com/hindu-nationalism-a-reader.pdf
    • http://www.gorillawalker.com/the-germans-in-flanders-1915-1916-images-of-war.pdf
    • http://www.gorillawalker.com/nocturne-in-e-flat-sheet-simply-classics.pdf
    • http://www.gorillawalker.com/justinguitar-com-intermediate-method.pdf
    • http://www.gorillawalker.com/antique-maps-2013-wall-calendar.pdf
    • http://www.gorillawalker.com/integrated-korean-high-advance-2-klear-textbooks-in-korean-language.pdf
    • http://www.gorillawalker.com/religion-and-rise-of-capitalism.pdf
    • http://www.gorillawalker.com/black-greek-101-the-culture-customs-and-challenges-of-black.pdf
    • http://www.gorillawalker.com/biography-and-genealogy-master-index-cumulation-of-supplements-1981-1985.pdf
    • http://www.gorillawalker.com/echoes-in-the-night.pdf
    • http://www.gorillawalker.com/alicia-s-agreement-ii-backdoor-in-the-backwoods.pdf
    • http://www.gorillawalker.com/adesso-blog-le-22-immutabili-leggi-del-blogging-italian-edition.pdf
    • http://www.gorillawalker.com/slightly-out-of-focus-modern-library.pdf
    • http://www.gorillawalker.com/sinner-shiver.pdf
    • http://www.gorillawalker.com/empezando-tu-d-a-bien-devociones-para-cada-ma-ana.pdf
    • http://www.gorillawalker.com/back-roads-germany-eyewitness-travel-back-roads.pdf
    • http://www.gorillawalker.com/decorating-pack-vacation-bible-school-2012-adventures-on-promise-island.pdf
    • http://www.gorillawalker.com/karate-boy.pdf
    • http://www.gorillawalker.com/applications-of-gaas-mesfets.pdf
    • http://www.gorillawalker.com/devocionales-para-una-mujer-de-gran-valor-52-devocionales-para.pdf
    • http://www.gorillawalker.com/primer-paso-toca-acordes-para-teclado-step-one-keyboard-chords.pdf
    • http://www.gorillawalker.com/behold-the-trees-significant-trees-significant-events.pdf
    • http://www.gorillawalker.com/the-promise-laser-envelope.pdf
    • http://www.gorillawalker.com/molecular-biology-for-environmental-engineers-environmental-science-and-technology-a.pdf
    • http://www.gorillawalker.com/coatings-for-biomedical-applications-woodhead-publishing-series-in-biomaterials.pdf
    • http://www.gorillawalker.com/the-shadow-banking-system-creating-transparency-in-the-financial-markets.pdf
    • http://www.gorillawalker.com/foot-and-ankle-trauma-2e.pdf
    • http://www.gorillawalker.com/treating-child-sex-offenders-and-victims-a-practical-guide.pdf
    • http://www.gorillawalker.com/mother-goose-abc.pdf
    • http://www.gorillawalker.com/guerra-de-guerrillas-en-la-distribucion-comercial-warfare-in-the.pdf
    • http://www.gorillawalker.com/drugs-on-the-street-voices-smart-apple-media.pdf
    • http://www.gorillawalker.com/into-cambodia-spring-campaign-summer-offensive-1970.pdf
    • http://www.gorillawalker.com/laboratory-exercises-in-paleobotany-and-vertebrate-paleontology.pdf
    • http://www.gorillawalker.com/public-service-operations-management-a-research-handbook-digital.pdf
    • http://www.gorillawalker.com/fine-art-wedding-photography-how-to-capture-images-with-style.pdf
    • http://www.gorillawalker.com/agency-face-lift-so-long-hcfa-hello-cms-reorganization-into.pdf
    • http://www.gorillawalker.com/intermediate-accounting-2014-fasb-update.pdf
    • http://www.gorillawalker.com/getting-the-most-from-the-grill-an-article-from-food.pdf
    • http://www.gorillawalker.com/nocturne-in-
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.