Malicious PDF — malware analysis report

Static analysis result for SHA-256 4b58ed92398d2d63…

MALICIOUS

PDF

33.6 KB Created: 2020-02-21 02:26:11 +03:00 Authoring application: Adobe InDesign CC 2014 (Windows) (via Adobe PDF Library 11.0)
MD5: 74dac62a0bc0d0fb3501ea461621418f SHA-1: b691234d150ee01071aef2858a325774ecec7798 SHA-256: 4b58ed92398d2d63c001cf84c2a84337065faab578afe088d89864b0854220bf
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1059.001 PowerShell

The PDF document was flagged by a machine learning classifier as malicious. Static analysis revealed a large number of embedded external links, characteristic of a link farm used for SEO poisoning or to distribute malicious content. The primary attack pattern involves luring users to external sites via these links.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8529

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/another-asia-rabindranath-tagore-and-okakura-tenshin-oxford-india-paperbacks.pdf
    • http://www.gorillawalker.com/engineering-fundamentals-an-introduction-to-engineering-activate-learning-with-these.pdf
    • http://www.gorillawalker.com/knights-and-castles-first-look-at-history.pdf
    • http://www.gorillawalker.com/glee-music-from-the-fox-television-show-big-note-piano.pdf
    • http://www.gorillawalker.com/life-america-the-beautiful-a-photographic-journey-coast-to-coast.pdf
    • http://www.gorillawalker.com/captain-beefheart.pdf
    • http://www.gorillawalker.com/reeder-and-felson-s-gamuts-in-bone-joint-and-spine.pdf
    • http://www.gorillawalker.com/eyes-of-emerald.pdf
    • http://www.gorillawalker.com/jaelle-her-book.pdf
    • http://www.gorillawalker.com/victim-of-fate-blades-of-leander-book-2-kindle-edition.pdf
    • http://www.gorillawalker.com/volpone-spanish-edition.pdf
    • http://www.gorillawalker.com/handmade-modern.pdf
    • http://www.gorillawalker.com/reclaiming-participation-christ-as-god-s-life-for-all.pdf
    • http://www.gorillawalker.com/calculo-conceptos-y-contextos-una-variable-spanish-edition.pdf
    • http://www.gorillawalker.com/corporate-responses-to-hiv-aids-case-studies-from-india.pdf
    • http://www.gorillawalker.com/fit-at-last-look-and-feel-better-once-and-for.pdf
    • http://www.gorillawalker.com/men-against-fire-the-problem-of-battle-command-in-future.pdf
    • http://www.gorillawalker.com/beyond-the-sapphire-gate.pdf
    • http://www.gorillawalker.com/between-cultures-tensions-in-the-struggle-for-recognition.pdf
    • http://www.gorillawalker.com/student-laboratory-workbook-for-statistics-the-art-and-science-of.pdf
    • http://www.gorillawalker.com/a-daybook-of-positive-thinking-daily-affirmations-of-gratitude-and.pdf
    • http://www.gorillawalker.com/the-russian-social-democratic-labour-party-1899-1904-documents-of.pdf
    • http://www.gorillawalker.com/addresses-delivered-at-the-twenty-seventh-annual-meeting-of-the.pdf
    • http://www.gorillawalker.com/the-tiananmen-papers.pdf
    • http://www.gorillawalker.com/inspiraci-n-diaria-para-una-vida-con-prop-sito-spanish.pdf
    • http://www.gorillawalker.com/both-sides-of-the-line-the-true-story-of-a.pdf
    • http://www.gorillawalker.com/the-measurement-of-moral-judgement-volume-2-standard-issue-scoring.pdf
    • http://www.gorillawalker.com/great-smokies-from-natural-habitat-to-national-park.pdf
    • http://www.gorillawalker.com/plumbing-basics-basics-series.pdf
    • http://www.gorillawalker.com/aci-350-5-12-specifications-for-environmental-concrete-structures-kindle.pdf
    • http://www.gorillawalker.com/the-unofficial-downton-abbey-cookbook-from-lady-mary-s-crab.pdf
    • http://www.gorillawalker.com/die-kompatibilit-t-islamischer-staatsauffassungen-mit-der-freiheitlich-demokratischen-grundordnung.pdf
    • http://www.gorillawalker.com/adrenaline-2001-the-year-s-best-stories-of-adventure-and.pdf
    • http://www.gorillawalker.com/radicals-portraits-of-a-destructive-passion-by-david-horowitz-sep.pdf
    • http://www.gorillawalker.com/legal-medicine.pdf
    • http://www.gorillawalker.com/resolver-conflictos-y-alcanzar-acuerdos-c-mo-plantear-la-negociaci.pdf
    • http://www.gorillawalker.com/the-golden-room-a-practical-guide-for-death-with-dignity.pdf
    • http://www.gorillawalker.com/introduction-to-fourier-optics-mcgraw-hill-physical-and-quantum-electronics.pdf
    • http://www.gorillawalker.com/marie-curie-groundbreakers.pdf
    • http://www.gorillawalker.com/the-spook-s-battle-book-4-the-wardstone-chronicles.pdf
    • http://www.goril
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.