Malicious PDF — malware analysis report

Static analysis result for SHA-256 3338bcece4e543eb…

MALICIOUS

PDF

42.9 KB Created: 2018-12-07 18:28:53 +03:00 Authoring application: QuarkXPress: pictwpstops filter 1.0 (via Acrobat Distiller 6.0 for Macintosh)
MD5: 4fd5c65d26a46ebad28042a6b0352317 SHA-1: a7e2b3807409e080eb5e9ac8bea6c45474246a73 SHA-256: 3338bcece4e543eb881613555f1f98ccc29664ae4d8412d7a6e15cf09c55b522
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1059.001 PowerShell

The PDF heuristic 'PDF_SEO_LINK_FARM' indicates a large number of external links, suggesting a link farm or distribution mechanism. The ML classifier also flagged the PDF as malicious. While no scripts were extracted, the sheer volume of links to other PDFs points towards a content distribution or SEO-based attack pattern. The embedded URLs are the primary IOCs.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/chtob-znali-so-you-know-izbrannoye-1966-1998-selected-works.pdf
    • http://www.gorillawalker.com/gran-atlas-mcminn-de-anatomia-humana-spanish-edition.pdf
    • http://www.gorillawalker.com/enquire-within-upon-everything-1890.pdf
    • http://www.gorillawalker.com/sugars-and-fats-healthy-eating-with-myplate-kindle-edition.pdf
    • http://www.gorillawalker.com/le-combat-contre-les-gaspilleurs-french-edition.pdf
    • http://www.gorillawalker.com/the-lutheran-chorales-in-the-organ-works-of-j-s.pdf
    • http://www.gorillawalker.com/eye-on-israel-how-america-came-to-view-israel-as.pdf
    • http://www.gorillawalker.com/by-itmb-canada-laos-cambodia-itmb-map-1-1-200.pdf
    • http://www.gorillawalker.com/dinky-dau-love-war-and-the-corps-a-vietnam-war.pdf
    • http://www.gorillawalker.com/filtering-and-prediction-a-primer-student-mathematical-library.pdf
    • http://www.gorillawalker.com/the-debt-4-club-alpha.pdf
    • http://www.gorillawalker.com/alleged-assassination-plots-involving-foreign-leaders-1975-us-senate-report.pdf
    • http://www.gorillawalker.com/freeing-the-dead-sea-scrolls-and-other-adventures-of-an.pdf
    • http://www.gorillawalker.com/oil-and-gas-production-in-kansas-1982.pdf
    • http://www.gorillawalker.com/world-scripture-a-comparative-anthology-of-sacred-texts.pdf
    • http://www.gorillawalker.com/nba-greats-2016-calendar.pdf
    • http://www.gorillawalker.com/safe-schools-now-arming-america-s-teachers.pdf
    • http://www.gorillawalker.com/selling-your-house-nolo-s-essential-guide.pdf
    • http://www.gorillawalker.com/probabilistic-methods-for-bioinformatics-with-an-introduction-to-bayesian-networks.pdf
    • http://www.gorillawalker.com/stone-of-tymora-forgotten-realms.pdf
    • http://www.gorillawalker.com/dark-child-a-novel-zane-presents.pdf
    • http://www.gorillawalker.com/applied-codeology-understanding-the-2005-national-electric-code.pdf
    • http://www.gorillawalker.com/spreadsheet-models-for-urban-and-regional-analysis.pdf
    • http://www.gorillawalker.com/quick-reference-to-neurological-critical-care-nursing-aspen-series-quick.pdf
    • http://www.gorillawalker.com/meatmen-an-anthology-of-gay-male-comics-volume-1.pdf
    • http://www.gorillawalker.com/a-clinical-guide-to-chinese-herbs-and-formulae-1e.pdf
    • http://www.gorillawalker.com/solid-state-lasers-new-developments-and-applications-nato-science-series.pdf
    • http://www.gorillawalker.com/a-shadowy-passage-hanoi-the-ultimate-journey.pdf
    • http://www.gorillawalker.com/mergence-d-une-langue-urbaine-le-sheng-de-nairobi-afrique.pdf
    • http://www.gorillawalker.com/noch-eins-tales-from-the-terrapin-keller.pdf
    • http://www.gorillawalker.com/crit-assess-jung-v-1-critical-assessments-of-leading-psychologists.pdf
    • http://www.gorillawalker.com/puentes-y-fronteras-bridges-and-borders-bridges-and-borders.pdf
    • http://www.gorillawalker.com/del-viernes-negro-a-la-revoluci-n-bolivariana-el-ocaso.pdf
    • http://www.gorillawalker.com/introduction-to-the-theory-of-constraints-toc-management-system-the.pdf
    • http://www.gorillawalker.com/an-introduction-to-buddhism-teachings-history-and-practices-introduction-to.pdf
    • http://www.gorillawalker.com/ense-ando-y-vendiendo-bienes-ra-ces-spanish-edition.pdf
    • http://www.gorillawalker.com/blue-dragon-dark-heavens-book-three-dark-heavens-trilogy.pdf
    • http://www.gorillawalker.com/arcane-the-arinthian-line-volume-1-arinthian-line-series-book.pdf
    • http://www.gorillawalker.com/foreign-exchange-operations-master-trading-agreements-settlement-and-collateral.pdf
    • http://www.gorillawalker.com/the-origin-of-capitalism.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.