Malicious PDF — malware analysis report

Static analysis result for SHA-256 2d930c9d3962b539…

MALICIOUS

PDF

45.1 KB Created: 2019-04-06 14:57:29 +03:00 Authoring application: PScript5.dll Version 5.2 (via Acrobat Distiller 6.0 (Windows))
MD5: a2b902fed61b62c21770170cb656f212 SHA-1: d175f81a04088102ead583ade7614c7e405b797f SHA-256: 2d930c9d3962b539b873d88b6984b1974b5ed7996ea9b255fb64e54d35c3c30d
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML_NYX_PDF_MALICIOUS heuristic also flagged the document. While no scripts were extracted, the sheer volume of links suggests a malicious intent, possibly for SEO spam or to distribute malware disguised as legitimate documents. The attack pattern is inferred from the link farm heuristic.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8634

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/side-by-side-extra-2-etext-student-access-code-pack.pdf
    • http://www.gorillawalker.com/dead-as-a-doornail-southern-vampire-mysteries-book-5.pdf
    • http://www.gorillawalker.com/american-indian-culture-and-research-journal-volume-17-numbers-1.pdf
    • http://www.gorillawalker.com/druss-the-legend.pdf
    • http://www.gorillawalker.com/how-to-make-money-online-with-affiliate-marketing.pdf
    • http://www.gorillawalker.com/arthritis-cancer-diabetes-prostate-problems.pdf
    • http://www.gorillawalker.com/does-your-tongue-need-healing.pdf
    • http://www.gorillawalker.com/psychology-the-science-of-mind-and-behavior.pdf
    • http://www.gorillawalker.com/vygotsky-philosophy-and-education.pdf
    • http://www.gorillawalker.com/becoming-mobius-the-complex-matter-of-education.pdf
    • http://www.gorillawalker.com/node-js-by-example.pdf
    • http://www.gorillawalker.com/legend-of-enderzilla-a-minecraft-novel-ft-sky-and-ssundee.pdf
    • http://www.gorillawalker.com/yasgur-s-homeopathic-dictionary-and-holistic-health-reference.pdf
    • http://www.gorillawalker.com/nanotechnology-in-catalysis-nanostructure-science-and-technology-v-1-2.pdf
    • http://www.gorillawalker.com/reading-african-american-experiences-in-the-obama-era-theory-advocacy.pdf
    • http://www.gorillawalker.com/into-the-fire-writings-on-women-politics-and-new-zealand.pdf
    • http://www.gorillawalker.com/watching-the-disciples-learning-from-their-mistakes-a-lenten-study.pdf
    • http://www.gorillawalker.com/ansel-adams-and-the-photographers-of-the-american-west.pdf
    • http://www.gorillawalker.com/distance-cycling.pdf
    • http://www.gorillawalker.com/saving-free-trade-a-pragmatic-approach.pdf
    • http://www.gorillawalker.com/decentralization-in-uganda-explaining-successes-and-failures-in-local-governance.pdf
    • http://www.gorillawalker.com/the-fran-with-four-brains-franny-k-stein-mad-scientist.pdf
    • http://www.gorillawalker.com/mossad-la-historia-secreta.pdf
    • http://www.gorillawalker.com/blues-guitar-licks.pdf
    • http://www.gorillawalker.com/tristan-da-cunha-history-people-language.pdf
    • http://www.gorillawalker.com/child-abuse-and-stress-disorders-psychological-disorders-kindle-edition.pdf
    • http://www.gorillawalker.com/optical-illusions-lab-the-ultimate-optical-illusions-pack.pdf
    • http://www.gorillawalker.com/assembly-mulls-n-j-auto-bill-an-article-from-national.pdf
    • http://www.gorillawalker.com/mingus-mingus-two-memoirs-limelight.pdf
    • http://www.gorillawalker.com/practice-makes-perfect-italian-vocabulary-builder-practice-makes-perfect-series.pdf
    • http://www.gorillawalker.com/management-theories-and-strategic-practices-for-decision-making.pdf
    • http://www.gorillawalker.com/der-dorfjahrmarkt-eine-komische-oper-in-zwei-aufz-gen-german.pdf
    • http://www.gorillawalker.com/history-trauma-and-healing-in-postcolonial-narratives-reconstructing-identities-future.pdf
    • http://www.gorillawalker.com/johns-hopkins-handbook-of-in-vitro-fertilization-and-assisted-reproductive.pdf
    • http://www.gorillawalker.com/housewives-at-play-what-a-woman-wants.pdf
    • http://www.gorillawalker.com/xiangjiang-su-di-xun-zhao-xiangjiang-jiu-gu-shi-xi.pdf
    • http://www.gorillawalker.com/ohlt-clil-methodology.pdf
    • http://www.gorillawalker.com/the-rising-of-the-shield-hero-volume-01-the-manga.pdf
    • http://www.gorillawalker.com/horse-whisperings.pdf
    • http://www.gorillawalker.com/the-encyclopedia-of-hypnotherapy-stage-hypnosis-complete-mind-therapy.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.