Malicious PDF — malware analysis report

Static analysis result for SHA-256 2558e9151e67505f…

MALICIOUS

PDF

32.5 KB Created: 2020-02-21 02:26:01 +03:00 Authoring application: QuarkXPress¢â: LaserWriter 8 KH-8.7.1 (via Acrobat Distiller 4.05 for Macintosh)
MD5: c0831f0ae55c1d78f90de5eeb1ccc517 SHA-1: 8b73e03454f12b3d401f342bc8691b97e608cbd9 SHA-256: 2558e9151e67505f525b40d1ca0ed38ed3ace487f319f0ea32ec6ace6acb4652
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1059.001 PowerShell

The PDF file was flagged by a machine learning classifier and contains a large number of external links to other PDF documents hosted on the same domain. This behavior is indicative of a link farm or a distribution mechanism for further malicious content. No scripts were extracted, and the document body was unreadable, limiting the analysis of the specific lure.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8529

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/discovery-of-ancient-america.pdf
    • http://www.gorillawalker.com/mail-order-bride-westward-spirit-clean-historical-cowboy-romance-novel.pdf
    • http://www.gorillawalker.com/gaudi-taschen-wall-calendars.pdf
    • http://www.gorillawalker.com/slovo-the-unfinished-autobiography-of-anc-leader-joe-slovo.pdf
    • http://www.gorillawalker.com/the-hong-kong-story.pdf
    • http://www.gorillawalker.com/my-biker-baby-motorcycle-pregnancy-erotic-romance-legion-mc.pdf
    • http://www.gorillawalker.com/the-history-of-norway-bibliolife-reproduction-series.pdf
    • http://www.gorillawalker.com/the-bunyans.pdf
    • http://www.gorillawalker.com/janani-mothers-daughters-motherhood.pdf
    • http://www.gorillawalker.com/herbal-products-toxicology-and-clinical-pharmacology-forensic-science-and-medicine.pdf
    • http://www.gorillawalker.com/vat-and-the-nhs-a-comprehensive-guide-vat-guides.pdf
    • http://www.gorillawalker.com/readings-in-social-psych-mysearchlab-sac-8th-edition.pdf
    • http://www.gorillawalker.com/a-cop-story.pdf
    • http://www.gorillawalker.com/positive-discipline-for-parenting-in-recovery.pdf
    • http://www.gorillawalker.com/origami-paper-japanese-bird-patterns-8-1-4-48-sheets.pdf
    • http://www.gorillawalker.com/guide-to-distance-learning-the-practical-alternative-to-standard-classroom.pdf
    • http://www.gorillawalker.com/season-of-carols-harp-opt.pdf
    • http://www.gorillawalker.com/vocab-do-ku-challenge-your-brain-with-four-puzzles-in.pdf
    • http://www.gorillawalker.com/the-martial-arts-an-annotated-bibliography.pdf
    • http://www.gorillawalker.com/office-space-planning-designing-for-tomorrow-s-workplace-professional-architecture.pdf
    • http://www.gorillawalker.com/introduction-to-employee-fire-and-life-safety.pdf
    • http://www.gorillawalker.com/rpg-iv-jump-start-3rd-edition.pdf
    • http://www.gorillawalker.com/understanding-worshiping-sri-chakra.pdf
    • http://www.gorillawalker.com/screw-everyone-sleeping-my-way-to-monogamy-unabridged-audible-audio.pdf
    • http://www.gorillawalker.com/linear-controller-design-limits-of-performance-prentice-hall-information-and.pdf
    • http://www.gorillawalker.com/using-quickbooks-accountant-2013-with-cd-rom-and-data-file.pdf
    • http://www.gorillawalker.com/adobe-dreamweaver-cs3.pdf
    • http://www.gorillawalker.com/contemporary-studio-case-furniture-the-inside-story.pdf
    • http://www.gorillawalker.com/collins-gem-german-phrasebook-and-dictionary-collins-gem.pdf
    • http://www.gorillawalker.com/john-s-story-the-last-eyewitness-the-jesus-chronicles-book.pdf
    • http://www.gorillawalker.com/february-selected-poetry-of-boris-pasternak-kindle-edition.pdf
    • http://www.gorillawalker.com/paper-dreams-the-art-and-artists-of-disney-storyboards.pdf
    • http://www.gorillawalker.com/rensal-the-redbit-a-psychoanalytic-fairy-tale-the-karnac-library.pdf
    • http://www.gorillawalker.com/friendship-according-to-humphrey-kindle-edition.pdf
    • http://www.gorillawalker.com/the-canadian-style.pdf
    • http://www.gorillawalker.com/constitutions-in-authoritarian-regimes-comparative-constitutional-law-and-policy.pdf
    • http://www.gorillawalker.com/the-teenage-body-book-a-new-edition-for-a-new.pdf
    • http://www.gorillawalker.com/number-theory-an-introduction-to-proof.pdf
    • http://www.gorillawalker.com/guardians-of-space-and-happiness-the-qed-for-climate-change.pdf
    • http://www.gorillawalker.com/giants-don-t-go-snowboarding-1998-paperback-debbie-dadey-author.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.