Malicious PDF — malware analysis report

Static analysis result for SHA-256 39f93364d55ce793…

MALICIOUS

PDF

43.3 KB Created: 2018-11-15 02:40:53 +03:00 Authoring application: Adobe InDesign CS6 (Macintosh) (via Acrobat Distiller 10.1.12 (Macintosh))
MD5: 7925d1737fb8c34d9ec3edbeb9734cd6 SHA-1: 4e35162cdde71a4d5b134f644f0ca830a4c4e50c SHA-256: 39f93364d55ce79362c824ec80ec61f21b6d07b3bf84d019f2d49fe3c077dba1
90 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell

The PDF was flagged by a critical heuristic for containing a large number of external links, suggesting a link farm or SEO manipulation tactic. The ML classifier also indicated a high probability of maliciousness. While no scripts were extracted, the sheer volume of links points towards a malicious intent, likely to distribute further malicious content or engage in SEO spam.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9171

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/in-the-blink-of-an-eye-hardcover.pdf
    • http://www.gorillawalker.com/merleau-ponty-arguments-of-the-philosophers.pdf
    • http://www.gorillawalker.com/recovering-the-body-a-philosophical-story.pdf
    • http://www.gorillawalker.com/nature-s-ultimate-anti-cancer-pill-the-ip-6-with.pdf
    • http://www.gorillawalker.com/strategic-supply-chain.pdf
    • http://www.gorillawalker.com/powder-river-season-two-a-radio-dramatization.pdf
    • http://www.gorillawalker.com/breakfast-at-the-wolseley.pdf
    • http://www.gorillawalker.com/national-guide-atlas-of-the-kingdom-of-saudi-arabia.pdf
    • http://www.gorillawalker.com/goosebumps-horrorland-3-monster-blood-for-breakfast-audio.pdf
    • http://www.gorillawalker.com/putting-modernism-together-literature-music-and-painting-1872-1927-hopkins.pdf
    • http://www.gorillawalker.com/alpha-knows-best-wicked-good-witches-book-2-kindle-edition.pdf
    • http://www.gorillawalker.com/killing-pretty-a-sandman-slim-novel-sandman-slim-series-book.pdf
    • http://www.gorillawalker.com/her-journey-her-series-book-2.pdf
    • http://www.gorillawalker.com/who-needs-a-desert-a-desert-ecosystem-ecosystem-series.pdf
    • http://www.gorillawalker.com/can-board-chairmen-get-measles-thirty-years-of-great-cartoons.pdf
    • http://www.gorillawalker.com/algebra-2.pdf
    • http://www.gorillawalker.com/poor-souls-kindle-edition.pdf
    • http://www.gorillawalker.com/dk-eyewitness-travel-guide-austria-revised-edition-by-dk-publishing.pdf
    • http://www.gorillawalker.com/handwriting-skills-copybook-2-development-of-handwriting-skills.pdf
    • http://www.gorillawalker.com/design-incubator-a-prototype-for-new-design-practice.pdf
    • http://www.gorillawalker.com/reflections-on-the-art-of-living-a-joseph-campbell-companion.pdf
    • http://www.gorillawalker.com/computational-techniques-for-fluid-dynamics-vol-1-fundamental-and-general.pdf
    • http://www.gorillawalker.com/crime-and-punishment-of-ig-farben.pdf
    • http://www.gorillawalker.com/better-than-beauty-a-guide-to-charm.pdf
    • http://www.gorillawalker.com/ethnicity-islam-and-nationalism-muslim-politics-in-the-north-west.pdf
    • http://www.gorillawalker.com/the-pro-s-guide-to-win-the-lottery-how-to.pdf
    • http://www.gorillawalker.com/thou-shall-prosper-ten-commandments-for-making-money-unabridged-audible.pdf
    • http://www.gorillawalker.com/medical-terminology-the-language-of-health-care.pdf
    • http://www.gorillawalker.com/chloe-s-vegan-desserts-more-than-100-exciting-new-recipes.pdf
    • http://www.gorillawalker.com/welcome-to-the-world-of-squirrels.pdf
    • http://www.gorillawalker.com/speak-like-churchill-stand-like-lincoln-1st-first-edition-text.pdf
    • http://www.gorillawalker.com/energy-conversion-second-edition-mechanical-and-aerospace-engineering-series.pdf
    • http://www.gorillawalker.com/china-journal-1889-1900-an-american-missionary-family-during-the.pdf
    • http://www.gorillawalker.com/thrash-metal-guitar-method-bk-cd-troy-stetina.pdf
    • http://www.gorillawalker.com/collective-myopia-in-japanese-organizations-a-transcultural-approach-for-identifying.pdf
    • http://www.gorillawalker.com/maps-for-the-overhead-neighborhoods-and-communities.pdf
    • http://www.gorillawalker.com/the-archaeology-of-new-york-state.pdf
    • http://www.gorillawalker.com/water-soluble-polymers-for-petroleum-recovery.pdf
    • http://www.gorillawalker.com/the-mystery-lottery-pool-color-code.pdf
    • http://www.gorillawalker.com/his-one-night-mistress-harlequin-comics-kindle-edition.pdf
    • http://www.gorillawalker.com/powder-river-season-two-a-radio-d
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.