Malicious PDF — malware analysis report

Static analysis result for SHA-256 3a9c38928b318874…

MALICIOUS

PDF

47.4 KB Created: 2019-03-18 02:05:06 +03:00 Authoring application: Adobe InDesign CS4 (6.0.4) (via Adobe PDF Library 9.0)
MD5: c06f68845085859982b72d641aadb6c3 SHA-1: 332487af3739197f9889afd1eca103c2ac135dad SHA-256: 3a9c38928b318874362ca369b4f1a3413b33fe79e29c4adec2a26b310e82170a
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1059.001 PowerShell

The PDF was flagged by a machine learning classifier as malicious. A critical heuristic identified a large number of embedded links, suggesting a link farm or distribution mechanism. While no scripts were extracted, the sheer volume of links points to a likely SEO manipulation or content distribution attack pattern. The embedded URLs are the primary IOCs.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8527

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/biomechanical-evaluation-of-the-comfort-of-automobile-clutch-pedal-operation.pdf
    • http://www.gorillawalker.com/armenia-travels-and-studies-in-the-shadow-of-ararat.pdf
    • http://www.gorillawalker.com/the-transparency-society.pdf
    • http://www.gorillawalker.com/theodicy.pdf
    • http://www.gorillawalker.com/a-world-without-war-how-u-s-feminists-and-pacifists.pdf
    • http://www.gorillawalker.com/the-northern-caminos-norte-primitivo-and-ingl-s-cicerone-guides.pdf
    • http://www.gorillawalker.com/the-throw-away-kids-kindle-edition.pdf
    • http://www.gorillawalker.com/the-chosen-women-in-korean-politics-an-anthropological-study.pdf
    • http://www.gorillawalker.com/every-common-bush-kindle-edition.pdf
    • http://www.gorillawalker.com/siberian-tiger-s-love-kindle-edition.pdf
    • http://www.gorillawalker.com/powerxpress-easter-go-tell-music-cd.pdf
    • http://www.gorillawalker.com/origins-a-reformed-look-at-creation-design-and-evolution.pdf
    • http://www.gorillawalker.com/pai-gow-poker-dealer-instruction-manual.pdf
    • http://www.gorillawalker.com/policing-problem-places-crime-hot-spots-and-effective-prevention-studies.pdf
    • http://www.gorillawalker.com/classical-fingerstyle-guitar-techniques-musicians-institute-master-class.pdf
    • http://www.gorillawalker.com/master-dentistry-volume-1-oral-and-maxillofacial-surgery-radiology-pathology.pdf
    • http://www.gorillawalker.com/four-wings-and-a-prayer-caught-in-the-mystery-of.pdf
    • http://www.gorillawalker.com/brain-function-and-oscillations-volume-ii-integrative-brain-function-neurophysiology.pdf
    • http://www.gorillawalker.com/molecular-neuro-oncology-and-its-impact-on-the-clinical-management.pdf
    • http://www.gorillawalker.com/lloyds-maritime-commercial-law-quar-10.pdf
    • http://www.gorillawalker.com/the-coming-gold-silver-share-explosion-how-to-gain-the.pdf
    • http://www.gorillawalker.com/manual-of-in-flight-medical-care.pdf
    • http://www.gorillawalker.com/memory-of-silence-the-guatemalan-truth-commission-report.pdf
    • http://www.gorillawalker.com/seas-of-crisis-a-novel.pdf
    • http://www.gorillawalker.com/switzerland-business-investment-handbook-economy-law-taxation-real-estate-residence.pdf
    • http://www.gorillawalker.com/visual-c-game-programming-for-teens.pdf
    • http://www.gorillawalker.com/ecological-sensitivity-and-global-legal-pluralism-rethinking-the-trade-and.pdf
    • http://www.gorillawalker.com/life-within-the-dorm-and-other-college-related-poems.pdf
    • http://www.gorillawalker.com/return-to-fern-valley.pdf
    • http://www.gorillawalker.com/the-pit-sinkers-of-northumberland-and-durham.pdf
    • http://www.gorillawalker.com/geomythic-earth-readings-and-field-notes-in-planet-geomancy.pdf
    • http://www.gorillawalker.com/a-body-of-vision-representations-of-the-body-in-recent.pdf
    • http://www.gorillawalker.com/step-into-shape-signet.pdf
    • http://www.gorillawalker.com/global-search-engine-marketing-fine-tuning-your-international-search-engine.pdf
    • http://www.gorillawalker.com/truth-focused-interviewing-for-investigators.pdf
    • http://www.gorillawalker.com/laundry-panties-femdom-sissy-erotica.pdf
    • http://www.gorillawalker.com/cal-97-wildflowers.pdf
    • http://www.gorillawalker.com/measure-theory-and-probability-the-wadsworth-brooks-cole-mathematics-series.pdf
    • http://www.gorillawalker.com/dutton-s-introduction-to-physical-therapy-and-patient-skills.pdf
    • http://www.gorillawalker.com/elsevier-adaptive-quizzing-for-pharmacology-retail-access-card-a-patient.pdf
    • http://www.gorillawalker
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.