Malicious PDF — malware analysis report

Static analysis result for SHA-256 3f72a4b2fd7e84f3…

MALICIOUS

PDF

44.0 KB Created: 2019-03-16 19:41:26 +03:00 Authoring application: AutoCAD 2010 2010 (18.0s (LMS Tech)) (via pdfplot10.hdi 10.0.55.0)
MD5: 2090f4af2d87c4e721814e5c828fcc7f SHA-1: 0a762a1ce137f764b0def8512a5fb6b52f6f636e SHA-256: 3f72a4b2fd7e84f3bb3462f83214a382377dc1f9d05d2bd7d3adc6f3532fd30f
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML_NYX_PDF_MALICIOUS classifier also flagged this file with high confidence. The embedded URLs all point to the same domain, suggesting a link farm or distribution point. No scripts were extracted, and the document body was unreadable, limiting further analysis of the specific lure.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8859

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-chemistry-of-the-actinide-and-transactinide-elements-set-vol.pdf
    • http://www.gorillawalker.com/a-history-of-children-s-play-and-play-environments-toward.pdf
    • http://www.gorillawalker.com/by-castro-mauricio-tango-the-structure-of-the-dance-vol.pdf
    • http://www.gorillawalker.com/learners-with-mild-disabilities-a-characteristics-approach-second-edition.pdf
    • http://www.gorillawalker.com/marriage-minute-quick-and-simple-ways-to-build-a-divorce.pdf
    • http://www.gorillawalker.com/guitar-atlas-brazil-your-passport-to-a-new-world-of.pdf
    • http://www.gorillawalker.com/spear-a-spear-in-flight-volume-1.pdf
    • http://www.gorillawalker.com/results-in-grammar-ks2-results-in-english.pdf
    • http://www.gorillawalker.com/the-skinny-on-outreach-a-big-youth-ministry-topic-in.pdf
    • http://www.gorillawalker.com/software-methods-for-business-reengineering.pdf
    • http://www.gorillawalker.com/haunted-hearts-a-lana-malloy-paranormal-mystery-volume-1.pdf
    • http://www.gorillawalker.com/freezer-meals-for-every-kitchen-box-set-3-in-1.pdf
    • http://www.gorillawalker.com/an-introduction-to-christian-theology-introduction-to-religion.pdf
    • http://www.gorillawalker.com/the-cosmic-new-year-a-course-of-lectures-by-rudolf.pdf
    • http://www.gorillawalker.com/the-wolf-hunters-a-story-of-the-buffalo-plains-classic.pdf
    • http://www.gorillawalker.com/dk-eyewitness-travel-guide-dublin.pdf
    • http://www.gorillawalker.com/scholastic-reader-level-1-clifford-and-the-halloween-parade.pdf
    • http://www.gorillawalker.com/bedtime-collection.pdf
    • http://www.gorillawalker.com/arctic-journal.pdf
    • http://www.gorillawalker.com/the-spyware-affair-dave-duggan-s-revenge-book-3-kindle.pdf
    • http://www.gorillawalker.com/evening-star-from-tannhauser-opera-vocal-and-pianoforte-sheet-music.pdf
    • http://www.gorillawalker.com/discovering-chemistry-with-natural-bond-orbitals.pdf
    • http://www.gorillawalker.com/teach-me-with-pictures-40-fun-picture-scripts-to-develop.pdf
    • http://www.gorillawalker.com/toefl-itp-practice-tests.pdf
    • http://www.gorillawalker.com/elias-de-buxton-punto-de-encuentro-editorial-everest-spanish-edition.pdf
    • http://www.gorillawalker.com/applied-crystallography-proceedings-of-the-xvii-international-conference.pdf
    • http://www.gorillawalker.com/the-sixth-gun-sons-of-the-gun-tp.pdf
    • http://www.gorillawalker.com/an-army-of-ex-lovers-my-life-at-the-gay.pdf
    • http://www.gorillawalker.com/the-complete-idiot-s-guide-to-the-art-of-songwriting.pdf
    • http://www.gorillawalker.com/kjv-lectern-with-apocrypha-black-imitation-a291.pdf
    • http://www.gorillawalker.com/vector-analysis-and-quaternions-by-alexander-macfarlane.pdf
    • http://www.gorillawalker.com/taming-my-mind.pdf
    • http://www.gorillawalker.com/hearing-sciences-a-foundational-approach-the-allyn-bacon-communication-sciences.pdf
    • http://www.gorillawalker.com/warren-ellis-frankenstein-s-womb.pdf
    • http://www.gorillawalker.com/research-methods-for-the-behavioral-sciences-psy-200-300-quantitative.pdf
    • http://www.gorillawalker.com/aluminium-smelting-health-environmental-and-engineering-perspectives.pdf
    • http://www.gorillawalker.com/sinnerman-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/bitter-crossroad-the-zook-family-revisited-volume-2.pdf
    • http://www.gorillawalker.com/fr-d-ric-chopin-a-research-and-information-guide-routledge.pdf
    • http://www.gorillawalker.com/living-with-hepatitis-b-a-survivor-s-guide.pdf
    • http://www.gorillawalker.com/learners-with-m
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.