Malicious PDF — malware analysis report

Static analysis result for SHA-256 2d99de45195a78d0…

MALICIOUS

PDF

44.0 KB Created: 2018-11-14 08:20:40 +03:00 Authoring application: PScript5.dll Version 5.2.2 (via Acrobat Distiller 5.0.5 (Windows))
MD5: 31b850564bcaee54eaad6597b7301a38 SHA-1: 3281827a2730c88daa8cc2adddef96a9525b7aae SHA-256: 2d99de45195a78d0207c231b9bb61ed4557804cee805e8efb83f89036791f672
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF was flagged by a machine learning classifier and contains a large number of embedded links to external PDF files, suggesting a link farm or distribution mechanism. The document body is heavily obfuscated and unreadable, preventing a deeper analysis of its specific intent. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9016

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/between-hell-and-hope-teaching-humanity-in-an-imperfect-world.pdf
    • http://www.gorillawalker.com/water-the-element-of-life.pdf
    • http://www.gorillawalker.com/la-cuarta-dimensi-n-spanish-edition.pdf
    • http://www.gorillawalker.com/monster-hunter-legion-monster-hunter-book-4-unabridged-audible-audio.pdf
    • http://www.gorillawalker.com/vietnam-oxen-in-the-peaceful-countryside-modern-postcard-1999.pdf
    • http://www.gorillawalker.com/love-is-in-the-heir-it-s-reigning-men-book.pdf
    • http://www.gorillawalker.com/core-performance-the-revolutionary-workout-program-to-transform-your-body.pdf
    • http://www.gorillawalker.com/dsm-iv-tr-breviario-criterios-diagn-sticos-1e-spanish-edition.pdf
    • http://www.gorillawalker.com/mike-peyton-s-floating-assets.pdf
    • http://www.gorillawalker.com/wreck-and-roll-the-hardy-boys-185.pdf
    • http://www.gorillawalker.com/the-pruning-book.pdf
    • http://www.gorillawalker.com/chistes-y-cuentos-solo-para-hombres-spanish-edition.pdf
    • http://www.gorillawalker.com/migrations-and-other-stories.pdf
    • http://www.gorillawalker.com/the-ancient-greeks-cultures-of-the-past.pdf
    • http://www.gorillawalker.com/mushrooms-of-the-great-lake-region-the-fleshy-leathery-and.pdf
    • http://www.gorillawalker.com/landscapes-of-devils-tensions-of-place-and-memory-in-the.pdf
    • http://www.gorillawalker.com/indiana-manufacturers-directory-2014.pdf
    • http://www.gorillawalker.com/jungle-islands-my-south-sea-adventure-adventure-travel.pdf
    • http://www.gorillawalker.com/advances-in-chemical-physics-vol-65.pdf
    • http://www.gorillawalker.com/geriatric-symptom-assessment-workbook-module-3.pdf
    • http://www.gorillawalker.com/measurements-of-ultraviolet-radiation-in-the-united-states-and-comparison.pdf
    • http://www.gorillawalker.com/the-gifted-the-gifted-series-book-1-kindle-edition.pdf
    • http://www.gorillawalker.com/lattice-boltzmann-methods-for-use-in-irregular-channels-theoretical-foundations.pdf
    • http://www.gorillawalker.com/ragdoll-cats-the-ragdoll-cat-owners-manual-ragdoll-cat-care.pdf
    • http://www.gorillawalker.com/bridging-traditions-alchemy-chemistry-and-paracelsian-practices-in-the-early.pdf
    • http://www.gorillawalker.com/rock-island-railroad-travel-on-the-rockets-photo-archives.pdf
    • http://www.gorillawalker.com/chasing-ghosts-failures-and-facades-in-iraq-a-soldier-s.pdf
    • http://www.gorillawalker.com/physiotherapy-practice-in-residential-aged-care-1e.pdf
    • http://www.gorillawalker.com/algebra-problems-and-solutions-from-mathematical-olympiads.pdf
    • http://www.gorillawalker.com/mel-bay-the-student-violinist-beethoven.pdf
    • http://www.gorillawalker.com/understanding-psychological-preparation-for-sport-theory-and-practice-of-elite.pdf
    • http://www.gorillawalker.com/oil-and-gas-earth-s-resources.pdf
    • http://www.gorillawalker.com/sky-s-end.pdf
    • http://www.gorillawalker.com/language-learning-with-technology-ideas-for-integrating-technology-in-the.pdf
    • http://www.gorillawalker.com/rab-and-his-friends-and-other-dog-stories.pdf
    • http://www.gorillawalker.com/orchids-the-time-life-encyclopedia-of-gardening.pdf
    • http://www.gorillawalker.com/digital-circuit-design-for-computer-science-students-an-introductory-textbook.pdf
    • http://www.gorillawalker.com/purpose-driven-life-study-guide-a-six-session-video-based.pdf
    • http://www.gorillawalker.com/mergers-and-acquisitions-law-and-finance-aspen-casebook.pdf
    • http://www.gorillawalker.com/the-bbi-dictionary-of-english-word-combinations-using-the-bbi.pdf
    • http://www.gorillawalker.com/dsm-iv-tr-breviario-criterio
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.