Malicious PDF — malware analysis report

Static analysis result for SHA-256 44b71011d90567d5…

MALICIOUS

PDF

41.4 KB Created: 2018-11-14 08:16:38 +03:00 Authoring application: FrameMaker 7.0 (via Acrobat Distiller 5.0.5 (Windows); modified using iText® 5.5.4 ©2000-2014 iText Group NV (AGPL-version))
MD5: 4fcf56406c291745c117f7e9862ef089 SHA-1: 6fe41412e5a92701ec3414d10d9e0dd4db28467c SHA-256: 44b71011d90567d54a986d273c84799bc4e939468df7d4a90c7e9717181983bc
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF file was flagged by a critical heuristic for containing a large number of external links, suggesting a link farm or SEO manipulation tactic. The ML classifier also indicated a high probability of maliciousness. While no scripts were extracted, the sheer volume of links to external PDFs points towards a distribution or redirection mechanism, likely to host malicious content or engage in phishing. The document body was heavily obfuscated and unreadable.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8242

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/seeds-of-peace-a-buddhist-vision-for-renewing-society.pdf
    • http://www.gorillawalker.com/occupation-diaries.pdf
    • http://www.gorillawalker.com/intellectual-property-rights-in-china-china-briefing.pdf
    • http://www.gorillawalker.com/three-uses-of-the-knife-on-the-nature-and-purpose.pdf
    • http://www.gorillawalker.com/70-contracts-law-essays-style-and-technique-law-school-e.pdf
    • http://www.gorillawalker.com/nvq-2-care-student-handbook.pdf
    • http://www.gorillawalker.com/economic-crisis-world-food-system-the-battle-against-poverty-pollution.pdf
    • http://www.gorillawalker.com/space-harmony-basic-terms.pdf
    • http://www.gorillawalker.com/public-health-nursing-9912hp-a-partner-for-healthy-populatiions-american.pdf
    • http://www.gorillawalker.com/the-newly-made-mason.pdf
    • http://www.gorillawalker.com/bleach-18-the-deathberry-returns-spanish-edition.pdf
    • http://www.gorillawalker.com/an-analysis-of-methods-for-extracting-aerodynamic-coefficients-from-test.pdf
    • http://www.gorillawalker.com/favorite-ballets-coloring-book-dover-fashion-coloring-book.pdf
    • http://www.gorillawalker.com/culture-and-educational-policy-in-hawai-i-the-silencing-of.pdf
    • http://www.gorillawalker.com/creative-aspects-of-indian-english.pdf
    • http://www.gorillawalker.com/mordheim-a-mighty-tome-of-horror-and-adventure.pdf
    • http://www.gorillawalker.com/effective-business-writing.pdf
    • http://www.gorillawalker.com/pimp-my-cubicle.pdf
    • http://www.gorillawalker.com/cancan.pdf
    • http://www.gorillawalker.com/shout-hosanna-three-easter-dramas-for-children.pdf
    • http://www.gorillawalker.com/the-political-economy-of-water-and-sanitation-routledge-studies-in.pdf
    • http://www.gorillawalker.com/biker-week-at-the-beach-a-taboo-biker-menage.pdf
    • http://www.gorillawalker.com/making-a-match-courtship-in-shakespeare-and-his-society-princeton.pdf
    • http://www.gorillawalker.com/the-making-of-assisi-the-pope-the-franciscans-and-the.pdf
    • http://www.gorillawalker.com/facial-skin-care-korean-edition.pdf
    • http://www.gorillawalker.com/my-little-angel.pdf
    • http://www.gorillawalker.com/leading-the-learner-centered-campus-an-administrator-s-framework-for.pdf
    • http://www.gorillawalker.com/skin-deep-natural-recipes-for-healthy-skin-and-hair.pdf
    • http://www.gorillawalker.com/the-classical-liberal-constitution-the-uncertain-quest-for-limited-government.pdf
    • http://www.gorillawalker.com/best-women-s-erotica.pdf
    • http://www.gorillawalker.com/the-problem-of-pain.pdf
    • http://www.gorillawalker.com/sacraments-discipleship-understanding-baptism-and-the-lord-s-supper-in.pdf
    • http://www.gorillawalker.com/larousse-pocket-dictionary-spanish-english-english-spanish.pdf
    • http://www.gorillawalker.com/artist-you-should-know-profiles-for-kids.pdf
    • http://www.gorillawalker.com/historias-de-rompe-y-rasga-spanish-edition.pdf
    • http://www.gorillawalker.com/sixty-nine.pdf
    • http://www.gorillawalker.com/snowdonia-adventure-atlas-1-25k-a-z-a-z-adventure.pdf
    • http://www.gorillawalker.com/minecraft-bauanleitungen-fur-dummies-german-edition.pdf
    • http://www.gorillawalker.com/see-hear-yoko.pdf
    • http://www.gorillawalker.com/background-notes-gabon-sudoc-s-1-123-g-11-991.pdf
    • http://www.gorillawalker.com/space-harmony-basic-terms.p
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.