Malicious PDF — malware analysis report

Static analysis result for SHA-256 1f91d2bb0902635d…

MALICIOUS

PDF

40.4 KB Created: 2019-02-13 03:31:11 +03:00 Authoring application: PScript5.dll Version 5.2.2 (via iText 2.1.7 by 1T3XT)
MD5: d25ec068f281fb29fea9a3356a33f5c4 SHA-1: c7ccfdb5341537d125029dbd690d12a422545532 SHA-256: 1f91d2bb0902635d8e3f35417fea76a2729c1a1cd7dacc918287301f68df800d
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF contains a large number of embedded links to external PDF files, a technique often used for SEO manipulation or to distribute a variety of malicious content. The ML classifier also flagged this PDF as malicious with a high probability. No scripts were extracted, and the document body was heavily obfuscated, preventing a deeper analysis of the specific lure.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8872

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/deck-of-priest-spells-ad-d-2nd-ed-game-accessory.pdf
    • http://www.gorillawalker.com/the-wiersbe-bible-study-series-minor-prophets-vol-2-demonstrating.pdf
    • http://www.gorillawalker.com/comptia-strata-green-it-certblaster-ilt.pdf
    • http://www.gorillawalker.com/ethics-and-public-administration-bureaucracies-public-administration-and-public-policy.pdf
    • http://www.gorillawalker.com/carnival-in-rio.pdf
    • http://www.gorillawalker.com/the-anglo-american-ballad-a-folklore-casebook-routledge-library-editions.pdf
    • http://www.gorillawalker.com/the-development-of-the-american-presidency.pdf
    • http://www.gorillawalker.com/beginner-s-guide-how-to-become-an-architect-architecture-career.pdf
    • http://www.gorillawalker.com/german-sniper-rifles-propaganda-photo-hardcover-2011-author-albrecht-wacker.pdf
    • http://www.gorillawalker.com/wharton-revisited.pdf
    • http://www.gorillawalker.com/when-johnny-comes-marching-home-music-of-the-civil-war.pdf
    • http://www.gorillawalker.com/bridge-tnt-and-competitive-bidding-batsford-bridge-series.pdf
    • http://www.gorillawalker.com/handbook-of-microwave-and-optical-components-microwave-passive-and-antenna.pdf
    • http://www.gorillawalker.com/the-consequences.pdf
    • http://www.gorillawalker.com/metropolitan-migrants-the-migration-of-urban-mexicans-to-the-united.pdf
    • http://www.gorillawalker.com/secrets-of-the-voice-read-people-and-influence-others-using.pdf
    • http://www.gorillawalker.com/refugio-trilogia-enclave-spanish-edition.pdf
    • http://www.gorillawalker.com/triad-book-five-of-the-courtland-chronicles.pdf
    • http://www.gorillawalker.com/shtf-race-wars-episode-two-an-ongoing-shtf-survival-series.pdf
    • http://www.gorillawalker.com/food-allergies-for-dummies-paperback-2007-author-robert-a-wood.pdf
    • http://www.gorillawalker.com/road-warriors.pdf
    • http://www.gorillawalker.com/digital-satellite-services-installation-and-maintenance.pdf
    • http://www.gorillawalker.com/teaching-beginning-writing.pdf
    • http://www.gorillawalker.com/every-landlord-s-guide-to-finding-great-tenants.pdf
    • http://www.gorillawalker.com/modelling-freight-transport-elsevier-insights.pdf
    • http://www.gorillawalker.com/life-after-hockey.pdf
    • http://www.gorillawalker.com/perl-for-bioinformatics.pdf
    • http://www.gorillawalker.com/messenger-all-the-bible-teaches-about-kindle-edition.pdf
    • http://www.gorillawalker.com/collins-and-lyne-s-microbiological-methods-8ed.pdf
    • http://www.gorillawalker.com/hockey-the-greatest-players.pdf
    • http://www.gorillawalker.com/the-ocean-wise-cookbook-seafood-recipes-that-are-good-for.pdf
    • http://www.gorillawalker.com/sharpen-your-tactics-1125-brilliant-sacrifices-combinations-and-studies.pdf
    • http://www.gorillawalker.com/17-mile-drive.pdf
    • http://www.gorillawalker.com/human-rights-confronting-myths-and-misunderstandings.pdf
    • http://www.gorillawalker.com/dave-matthews-band-busted-stuff-play-it-like-it-is.pdf
    • http://www.gorillawalker.com/kurdish-phrasebook-and-culture-a-beginner-s-guide-to-developing.pdf
    • http://www.gorillawalker.com/discovering-behavioral-neuroscience-an-introduction-to-biological-psychology.pdf
    • http://www.gorillawalker.com/are-ufos-real-unexplained-what-s-the-evidence.pdf
    • http://www.gorillawalker.com/the-luneburg-variation.pdf
    • http://www.gorillawalker.com/seeking-sophia-kindle-edition.pdf
    • http://www.gorillawalker.com/the-anglo-american-ballad-a-folklore-c
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.