Malicious PDF — malware analysis report

Static analysis result for SHA-256 448815125bc8681e…

MALICIOUS

PDF

42.8 KB Created: 2018-12-07 18:28:51 +03:00 Authoring application: PScript5.dll Version 5.2 (via Acrobat Distiller 8.0.0 (Windows))
MD5: f299ead63952dc16d0f5b4231336e9cc SHA-1: a4529ad126105425ee060e43fce046dfa3560c9e SHA-256: 448815125bc8681e5f3682507449c20f9581a1e82d69883e3167346d412766b8
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged the document as malicious. While no scripts were extracted, the sheer volume of links suggests a malicious intent, possibly to manipulate search engine results or to serve as a distribution point for further malicious content. The document body itself is heavily obfuscated and does not provide clear textual clues.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8872

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-architecture-of-the-well-tempered-environment.pdf
    • http://www.gorillawalker.com/creative-alliances-the-transnational-designs-of-indigenous-women-s-poetry.pdf
    • http://www.gorillawalker.com/rheology-of-the-earth-deformation-and-flow-processes-in-geophysics.pdf
    • http://www.gorillawalker.com/serenade-valse-piano-after-2nd-waltz-from-jazz-suite-second.pdf
    • http://www.gorillawalker.com/our-a-cappella-a-cappella-series-book-2-volume-2.pdf
    • http://www.gorillawalker.com/step-by-step-sandwiches.pdf
    • http://www.gorillawalker.com/feline-aids-a-pet-owners-guide.pdf
    • http://www.gorillawalker.com/linux-tcp-ip-network-administration.pdf
    • http://www.gorillawalker.com/i-m-allergic-to-wheat.pdf
    • http://www.gorillawalker.com/beth-the-baby-boat-discovers-treasure-a-children-s-picture.pdf
    • http://www.gorillawalker.com/chinese-children-s-animal-and-plant-encyclopedia-plant-family-paperback.pdf
    • http://www.gorillawalker.com/training-with-the-master-lessons-with-morihei-ueshiba-founder-of.pdf
    • http://www.gorillawalker.com/globalization-and-media-global-village-of-babel.pdf
    • http://www.gorillawalker.com/all-the-missing-souls-a-personal-history-of-the-war.pdf
    • http://www.gorillawalker.com/the-road-to-kuala-lumpur.pdf
    • http://www.gorillawalker.com/the-minister-as-crisis-counselor.pdf
    • http://www.gorillawalker.com/life-by-the-numbers.pdf
    • http://www.gorillawalker.com/cooking-with-greek-yogurt-healthy-recipes-for-buffalo-blue-cheese.pdf
    • http://www.gorillawalker.com/pleasing-professor-petersen-volume-1.pdf
    • http://www.gorillawalker.com/two-years-before-the-mast-volume-1-of-3-easyread.pdf
    • http://www.gorillawalker.com/the-field-of-blackbirds-a-jeff-bradley-thriller-kindle-edition.pdf
    • http://www.gorillawalker.com/variety-international-film-guide-2006-the-definitive-annual-review-of.pdf
    • http://www.gorillawalker.com/good-housekeeping-special-diet-cookbook-originally-published-as-good-housekeeping.pdf
    • http://www.gorillawalker.com/lettres-d-amour-en-somalie-french-edition.pdf
    • http://www.gorillawalker.com/muellerism.pdf
    • http://www.gorillawalker.com/medicina-legal-spanish-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/colorado-month-to-month-gardening-2nd-edition.pdf
    • http://www.gorillawalker.com/wild-bill-the-legend-and-life-of-william-o-douglas.pdf
    • http://www.gorillawalker.com/on-thinking-the-human.pdf
    • http://www.gorillawalker.com/my-bread-the-revolutionary-no-work-no-knead-method.pdf
    • http://www.gorillawalker.com/riding-some-kind-of-unusual-skull-sleigh-on-the-arts.pdf
    • http://www.gorillawalker.com/the-crb-commodity-yearbook-2002.pdf
    • http://www.gorillawalker.com/clicking-17-trends-that-drive-your-business-and-your-life.pdf
    • http://www.gorillawalker.com/mastering-ansible.pdf
    • http://www.gorillawalker.com/uncle-tom-s-cabin-illustrated-by-jo-m-bramenson-a.pdf
    • http://www.gorillawalker.com/stenciling-the-arts-crafts-home.pdf
    • http://www.gorillawalker.com/okanagan-slow-road.pdf
    • http://www.gorillawalker.com/trench-fighting-of-world-war-i.pdf
    • http://www.gorillawalker.com/call-it-courage-teacher-guide.pdf
    • http://www.gorillawalker.com/revision-revisited-research-in-the-teaching-of-rhetoric-composition.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.