Malicious PDF — malware analysis report

Static analysis result for SHA-256 226ef0693b0125b6…

MALICIOUS

PDF

44.5 KB Created: 2019-04-06 14:57:54 +03:00 Authoring application: Pages (via Mac OS X 10.11.6 Quartz PDFContext)
MD5: d8e912895ba7fec2e8988a383546ea67 SHA-1: c60c86e3418c06f28df9e9ae81c29dc27be69368 SHA-256: 226ef0693b0125b664ce0876bb7fdd97eba10c201bea72646f52b75c3dc6cb53
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF contains a large number of external links, identified by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged the document as malicious. The embedded URLs point to a domain that appears to be used for hosting numerous PDF files, suggesting a link farm or content distribution strategy. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9171

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-unpublished-david-ogilvy.pdf
    • http://www.gorillawalker.com/music-and-manners-in-france-and-germany-a-series-of.pdf
    • http://www.gorillawalker.com/a-visual-course-of-modelling-techniques-170-pictures-showing-how.pdf
    • http://www.gorillawalker.com/over-prairie-trails-new-canadian-library.pdf
    • http://www.gorillawalker.com/jacksonville-diy-city-guide-and-travel-journal-city-notebook-for.pdf
    • http://www.gorillawalker.com/law-s-order-what-economics-has-to-do-with-law.pdf
    • http://www.gorillawalker.com/transport-phenomena-in-rotating-machinery-proceedings-of-2nd-international-symposia.pdf
    • http://www.gorillawalker.com/men-from-the-ministry-how-britain-saved-its-heritage.pdf
    • http://www.gorillawalker.com/fuel-injection-feedback-carburetors-1978-85-automobile-repair-maintenance-series.pdf
    • http://www.gorillawalker.com/the-giving-gift-the-holy-spirit-in-person.pdf
    • http://www.gorillawalker.com/vietnam-marco-polo-guide-marco-polo-guides.pdf
    • http://www.gorillawalker.com/oil-painting-workshop.pdf
    • http://www.gorillawalker.com/introduction-to-paleobiology-and-the-fossil-record.pdf
    • http://www.gorillawalker.com/pathfinder-cards-iron-gods-adventure-path-item-cards-deck.pdf
    • http://www.gorillawalker.com/monuments-and-landscape-in-atlantic-europe-perception-and-society-during.pdf
    • http://www.gorillawalker.com/easy-christmas-carols-instrumental-solos-trombone-book-cd-alfred-s.pdf
    • http://www.gorillawalker.com/decoration-and-furniture-volume-ii-principles-of-modern-design-the.pdf
    • http://www.gorillawalker.com/homeschooling-opposing-viewpoints.pdf
    • http://www.gorillawalker.com/case-studies-in-suicide-experiences-of-mental-heath-professionals.pdf
    • http://www.gorillawalker.com/understanding-statistics-advanced.pdf
    • http://www.gorillawalker.com/introduction-to-systems-philosophy-toward-a-new-paradigm-of-contemporary.pdf
    • http://www.gorillawalker.com/the-soil-and-health-a-study-of-organic-agriculture-clark.pdf
    • http://www.gorillawalker.com/yemen-the-happy-land-flying-together-volume-6.pdf
    • http://www.gorillawalker.com/contracts-transactions-and-litigation-american-casebook.pdf
    • http://www.gorillawalker.com/gymnastics-guidelines-korean-edition.pdf
    • http://www.gorillawalker.com/martin-ortiz-tapia-this-giordano-dancer-is-always-on-the.pdf
    • http://www.gorillawalker.com/gb-5768-1999-road-traffic-signs-and-markings-propaganda-wall.pdf
    • http://www.gorillawalker.com/design-of-modern-control-systems-i-e-e-control-engineering.pdf
    • http://www.gorillawalker.com/water-chlorination-and-chloramination-practices-and-principles-m20-awwa-manual.pdf
    • http://www.gorillawalker.com/the-jungle-books-hardcover-classics.pdf
    • http://www.gorillawalker.com/twentieth-century-crime-fiction-gender-sexuality-and-the-body.pdf
    • http://www.gorillawalker.com/ultimate-guide-to-weight-training-for-racquetball-squash-ultimate-guide.pdf
    • http://www.gorillawalker.com/essays-poems-by-ralph-waldo-emerson-barnes-noble-classics-series.pdf
    • http://www.gorillawalker.com/how-you-can-turn-100-into-30-000-in-60.pdf
    • http://www.gorillawalker.com/hunger-s-mate-the-shadow-shifters-book-5-kindle-edition.pdf
    • http://www.gorillawalker.com/the-legion-bollinger-family-of-the-catawba-river-valley-vol.pdf
    • http://www.gorillawalker.com/north-africa-a-history-from-antiquity-to-the-present.pdf
    • http://www.gorillawalker.com/readings-in-ancient-history.pdf
    • http://www.gorillawalker.com/pop-cakes-in-spanish-spanish-edition.pdf
    • http://www.gorillawalker.com/look-what-came-from-italy.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.