Malicious PDF — malware analysis report

Static analysis result for SHA-256 44a7dc8d9d83766d…

MALICIOUS

PDF

42.3 KB Created: 2018-12-08 04:08:12 +03:00 Authoring application: dvips 5.72 Copyright 1997 Radical Eye Software (www.radicaleye.com) (via Acrobat Distiller 5.0.5 (Windows))
MD5: 8224e987c9196eba765d04ecb3281b85 SHA-1: 380ef302ebacb9f7d02233727c3d89bd3bf1f7fd SHA-256: 44a7dc8d9d83766d88f28aff7edb8fbb2eb76e431c3a505ac385b6628bf29a47
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1059.001 PowerShell

The PDF file was flagged by a machine learning classifier as malicious and contains a large number of embedded external links. The heuristic 'PDF_SEO_LINK_FARM' indicates a mass external PDF link farm, with the first URL being http://www.gorillawalker.com/pork-harvest-to-home.pdf. This suggests the document is likely used for SEO manipulation or to distribute further malicious content through these links.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/pork-harvest-to-home.pdf
    • http://www.gorillawalker.com/multiscale-methods-in-computational-mechanics-progress-and-accomplishments-lecture-notes.pdf
    • http://www.gorillawalker.com/coffee-ads-2013.pdf
    • http://www.gorillawalker.com/prescription-medicide-reissue-edition-by-kevorkian-jack-1991.pdf
    • http://www.gorillawalker.com/bar-manual-negotiation-2005-6-blackstone-bar-manual.pdf
    • http://www.gorillawalker.com/arthur-turns-green-arthur-adventure-series.pdf
    • http://www.gorillawalker.com/mccall-s-cooking-school-recipe-card-eggs-cheese-11-quiche.pdf
    • http://www.gorillawalker.com/modeling-legal-decision-process-for-information-technology-applications-law-and.pdf
    • http://www.gorillawalker.com/oxford-dictionary-of-english-idioms-bilingual-edition-2nd-edition-chinese.pdf
    • http://www.gorillawalker.com/medvedev-the-october-revolution-cloth.pdf
    • http://www.gorillawalker.com/board-trac-2009-snowboarding-report-download-pdf-digital.pdf
    • http://www.gorillawalker.com/national-geographic-may-1961-vol-119-no-5.pdf
    • http://www.gorillawalker.com/the-essential-hopi-prophecies.pdf
    • http://www.gorillawalker.com/thermal-properties-and-some-miscellaneous-aspects-of-high-temperature-superconductors.pdf
    • http://www.gorillawalker.com/camping-caravan-and-motorbike-routes-sardinia-guide-italy-kindle-edition.pdf
    • http://www.gorillawalker.com/online-marketing-for-small-businesses-in-easy-steps-includes-social.pdf
    • http://www.gorillawalker.com/it-is-solved-by-walking.pdf
    • http://www.gorillawalker.com/harry-smith-s-last-throw-the-eight-cape-frontier-war.pdf
    • http://www.gorillawalker.com/biochemical-engineering-and-biotechnology-second-edition.pdf
    • http://www.gorillawalker.com/best-of-paul-mccartney-for-easy-piano.pdf
    • http://www.gorillawalker.com/rats-complete-care-guide.pdf
    • http://www.gorillawalker.com/cocina-mexicana-para-el-mundo-saberes-y-sabores-de-alicia.pdf
    • http://www.gorillawalker.com/build-a-doodle-farm.pdf
    • http://www.gorillawalker.com/on-the-art-of-writing-lectures-delivered-in-the-universit.pdf
    • http://www.gorillawalker.com/movie-box.pdf
    • http://www.gorillawalker.com/how-to-build-a-habitable-planet-the-story-of-earth.pdf
    • http://www.gorillawalker.com/singapore-shopping.pdf
    • http://www.gorillawalker.com/cheddar-gorge-climbs-a-photo-guide-to-the-finest-winter.pdf
    • http://www.gorillawalker.com/the-art-of-christian-listening.pdf
    • http://www.gorillawalker.com/regulation-of-lawyers-statutes-and-standards-concise-edition.pdf
    • http://www.gorillawalker.com/flemish-portraits-from-the-15th-to-the-17th-century-a.pdf
    • http://www.gorillawalker.com/bali-jack-taylor-s-travel-diaries-book-1-kindle-edition.pdf
    • http://www.gorillawalker.com/the-prisoner-broken-book-1.pdf
    • http://www.gorillawalker.com/forgotten-gems-from-the-twilight-zone-a-collection-of-television.pdf
    • http://www.gorillawalker.com/icrp-publication-72-age-dependent-doses-to-the-members-of.pdf
    • http://www.gorillawalker.com/location-is-still-everything-the-surprising-influence-of-the-real.pdf
    • http://www.gorillawalker.com/lake-placid-high-peaks-adirondack-park-national-geographic-trails-illustrated.pdf
    • http://www.gorillawalker.com/travel-journal-st-philip-barbados.pdf
    • http://www.gorillawalker.com/i-principi-del-telemarketing-le-dieci-regole-del-successo.pdf
    • http://www.gorillawalker.com/eduardo-el-primer-d-a-de-colegio-edward-first-day.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.