Malicious PDF — malware analysis report

Static analysis result for SHA-256 491a9d70ca91e6fc…

MALICIOUS

PDF

44.9 KB Created: 2018-11-23 21:09:22 +03:00 Authoring application: Writer (via OpenOffice.org 2.4)
MD5: fc863cc2f7ebc6c9d370ebc619231578 SHA-1: 67b8766f0000e56776cf45f307cd150904b89752 SHA-256: 491a9d70ca91e6fcba22e7e517764156137a4da154c6782a41a8047daa836765
90 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML_NYX_PDF_MALICIOUS classifier also flagged the document with high confidence. The embedded URLs all point to the same domain, suggesting a coordinated effort to manipulate search engine results or distribute content from a single source. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8439

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/i-took-it-personally.pdf
    • http://www.gorillawalker.com/introduction-to-classical-and-quantum-harmonic-oscillators.pdf
    • http://www.gorillawalker.com/storymaze-4-the-golden-udder-storymaze-series.pdf
    • http://www.gorillawalker.com/pro-linux-kernel-module-programming.pdf
    • http://www.gorillawalker.com/an-annotated-bibliography-of-climatic-maps-of-burma.pdf
    • http://www.gorillawalker.com/tattoos-on-the-heart-the-power-of-boundless-compassion-by.pdf
    • http://www.gorillawalker.com/die-mondscheinsonate-roman-1901-german-edition.pdf
    • http://www.gorillawalker.com/chance-or-purpose-creation-evolution-and-a-rational-faith.pdf
    • http://www.gorillawalker.com/thea-flashcard-study-system-thea-test-practice-questions-exam-review.pdf
    • http://www.gorillawalker.com/through-these-brown-eyes-a-novel.pdf
    • http://www.gorillawalker.com/to-march-for-others-the-black-freedom-struggle-and-the.pdf
    • http://www.gorillawalker.com/the-emperors-and-empresses-of-russia-reconsidering-the-romanovs-the.pdf
    • http://www.gorillawalker.com/capital-a-critique-of-political-economy-das-kapital.pdf
    • http://www.gorillawalker.com/halliwell-s-film-video-dvd-guide-2005-halliwell-s-the.pdf
    • http://www.gorillawalker.com/photogrammetry-francis-h-moffitt-international-textbook-in-civil-engineering.pdf
    • http://www.gorillawalker.com/financial-statement-fraud-casebook-baking-the-ledgers-and-cooking-the.pdf
    • http://www.gorillawalker.com/seven-structural-engineers-the-felix-candela-lectures.pdf
    • http://www.gorillawalker.com/stedman-s-orthopaedic-rehab-words-with-chiropractic-occupational-therapy-physical.pdf
    • http://www.gorillawalker.com/the-organization-of-labour-markets-modernity-culture-and-governance-in.pdf
    • http://www.gorillawalker.com/9-arrampicatori-su-10-fanno-gli-stessi-errori-italian-edition.pdf
    • http://www.gorillawalker.com/edward-elgar-symphony-no-2-in-e-flat-miniature-score.pdf
    • http://www.gorillawalker.com/the-literary-thing-history-poetry-and-the-making-of-a.pdf
    • http://www.gorillawalker.com/the-blacksmiths-colonial-craftsmen.pdf
    • http://www.gorillawalker.com/david-chipperfield-1991-2006-el-croquis-87-120-english-and.pdf
    • http://www.gorillawalker.com/houston-harris-county-atlas.pdf
    • http://www.gorillawalker.com/violence-explained-political-analyses.pdf
    • http://www.gorillawalker.com/routledge-library-editions-aristotle-aristotle-new-light-on-his-life.pdf
    • http://www.gorillawalker.com/profiling-a-killer.pdf
    • http://www.gorillawalker.com/the-holocaust-in-the-soviet-union-studies-and-sources-on.pdf
    • http://www.gorillawalker.com/manuel-chaves-rey-en-sus-p.pdf
    • http://www.gorillawalker.com/die-piroge-roman-german-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/book-of-spelling-rules-wordsworth-reference.pdf
    • http://www.gorillawalker.com/german-picture-dictionary-berlitz-kids.pdf
    • http://www.gorillawalker.com/this-is-disciplinary-literacy-reading-writing-thinking-and-doing-content.pdf
    • http://www.gorillawalker.com/coaching-and-mentoring-skills-neteffect-series.pdf
    • http://www.gorillawalker.com/muck-travel-guide-book-of-guam-saipan-1990-isbn-4876381208.pdf
    • http://www.gorillawalker.com/the-book-of-call-response-first-steps-in-music-series.pdf
    • http://www.gorillawalker.com/frost-on-my-moustache-the-arctic-exploits-of-a-lord.pdf
    • http://www.gorillawalker.com/teaching-critical-thinking-in-psychology-a-handbook-of-best-practices.pdf
    • http://www.gorillawalker.com/a-conductor-s-repertory-of-chamber-music-compositions-for-nine.pdf
    • http://www.gorillawalker.com/pro-linux-kernel-module-programming
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.