Malicious PDF — malware analysis report

Static analysis result for SHA-256 3011b6650e6e9be6…

MALICIOUS

PDF

43.4 KB Created: 2018-11-23 08:07:55 +03:00 Authoring application: QuarkXPress(R) 9.54
MD5: f469f8ebbe2a31b5f4d955bcc4c1653d SHA-1: b19393b1c830454ff84c921fc6269f55def23eeb SHA-256: 3011b6650e6e9be6665f89148404d75e469c94fe17b89ebaf1f2cdf5ab96fb92
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF file contains a large number of embedded URLs pointing to other PDF documents on the same domain, as indicated by the PDF_SEO_LINK_FARM heuristic. This suggests a tactic to manipulate search engine results or to distribute a large volume of content, potentially malicious. The ML_NYX_PDF_MALICIOUS classifier also flagged the document with high confidence. No scripts were extracted from this sample, and the document body was heavily obfuscated and truncated, preventing a deeper analysis of its specific intent beyond link distribution.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8859

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/child-and-adolescent-psychiatry-a-companion-to-dulcan-s-textbook.pdf
    • http://www.gorillawalker.com/the-british-on-holiday-charter-tourism-identity-and-consumption-tourism.pdf
    • http://www.gorillawalker.com/the-ultimate-food-lover-s-guide-to-houston-a-second.pdf
    • http://www.gorillawalker.com/soup-van-stories-over-a-polystyrene-cup.pdf
    • http://www.gorillawalker.com/negotiation-genius-how-to-overcome-obstacles-and-achieve-brilliant-results.pdf
    • http://www.gorillawalker.com/introductory-quantum-optics.pdf
    • http://www.gorillawalker.com/the-numerical-treatment-of-differential-equations-grundlehren-der-mathematischen-wissenschaften.pdf
    • http://www.gorillawalker.com/fish-or-cut-bait-a-fish-story-of-sex-non.pdf
    • http://www.gorillawalker.com/the-battle-of-the-tanks-kursk-1943.pdf
    • http://www.gorillawalker.com/angora-napkin-volume-2-harvest-of-revenge.pdf
    • http://www.gorillawalker.com/constructing-east-asia-technology-ideology-and-empire-in-japan-s.pdf
    • http://www.gorillawalker.com/dusk-a-classic-modern-horror-prequel-to-blood-revised-by.pdf
    • http://www.gorillawalker.com/viking-age-everyday-life-during-the-extraordinary-era-of-the.pdf
    • http://www.gorillawalker.com/desperado-s-gold-kindle-edition.pdf
    • http://www.gorillawalker.com/kuma-malinke-historiography-sundiata-keita-to-almamy-samori-toure.pdf
    • http://www.gorillawalker.com/studyguide-for-inorganic-chemistry-by-wulfsberg-gary-isbn-9781891389016.pdf
    • http://www.gorillawalker.com/language-technology-for-cultural-heritage-selected-papers-from-the-latech.pdf
    • http://www.gorillawalker.com/breaking-the-code.pdf
    • http://www.gorillawalker.com/drive-shaft-kindle-edition.pdf
    • http://www.gorillawalker.com/chop-monster-bk-1-trumpet-2.pdf
    • http://www.gorillawalker.com/empire-of-blood.pdf
    • http://www.gorillawalker.com/fitness-for-life-an-individualized-approach.pdf
    • http://www.gorillawalker.com/play-hive-like-a-champion-second-edition-strategy-tactics-and.pdf
    • http://www.gorillawalker.com/neverwylde-the-rim-of-the-world-book-1.pdf
    • http://www.gorillawalker.com/electrochemistry-v-6.pdf
    • http://www.gorillawalker.com/rti-from-all-sides-what-every-teacher-needs-to-know.pdf
    • http://www.gorillawalker.com/predicting-health-behavcl.pdf
    • http://www.gorillawalker.com/jokes-medical-jokes-444-hilarious-medical-jokes-kindle-edition.pdf
    • http://www.gorillawalker.com/cengage-advantage-books-ideas-details.pdf
    • http://www.gorillawalker.com/not-even-a-hint-a-study-guide-for-men.pdf
    • http://www.gorillawalker.com/create-a-positive-health-care-workplace-practical-strategies-to-retain.pdf
    • http://www.gorillawalker.com/forgive-me-leonard-peacock-kindle-edition.pdf
    • http://www.gorillawalker.com/teaching-the-underground-railroad-through-play-teaching-through-games.pdf
    • http://www.gorillawalker.com/forecasting-forest-futures-a-hybrid-modelling-approach-to-the-assessment.pdf
    • http://www.gorillawalker.com/baudelaire-man-of-his-time.pdf
    • http://www.gorillawalker.com/human-nature-a-reader-hackett-readings-in-philosophy.pdf
    • http://www.gorillawalker.com/chance-a-guide-to-gambling-love-the-stock-market-and.pdf
    • http://www.gorillawalker.com/imperfect-endings-a-daughter-s-story-of-love-loss-and.pdf
    • http://www.gorillawalker.com/the-codex-thomas-constantine-mystery-series-volume-2.pdf
    • http://www.gorillawalker.com/schizophrenia-and-othe-psychotic-disorders-understanding-mental-health.pdf
    • http://www.gorillawalker.com/introductory-quantu
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.