Malicious PDF — malware analysis report

Static analysis result for SHA-256 4c4be0d9adb5a483…

MALICIOUS

PDF

44.0 KB Created: 2018-11-23 08:07:41 +03:00 Authoring application: PScript5.dll Version 5.2.2 (via Acrobat Distiller 10.1.4 (Windows))
MD5: 107629f8e3573f9d9369a36acf5b22f3 SHA-1: 16468504123d36d09c79566b2ced71c47899cc54 SHA-256: 4c4be0d9adb5a4834a1873de85ead61be9bd3880534e71abff362edefafaaff5
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML_NYX_PDF_MALICIOUS classifier also flagged this file with high confidence. While no scripts were extracted, the sheer volume of links suggests a malicious intent, possibly for SEO manipulation or to distribute further malware. The document body was heavily obfuscated and unreadable.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9016

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/rainy-day-fun-cards-fun-card-decks.pdf
    • http://www.gorillawalker.com/assessment-of-young-children-with-special-needs-a-context-based.pdf
    • http://www.gorillawalker.com/violin-solos-on-balkan-folk-songs-and-dances.pdf
    • http://www.gorillawalker.com/book-of-kidssongs-2-a-holler-along-handbook-for-home.pdf
    • http://www.gorillawalker.com/easter-island-ile-de-paques-isla-de-pascua.pdf
    • http://www.gorillawalker.com/legacy-of-discord-voices-of-the-vietnam-era.pdf
    • http://www.gorillawalker.com/women-in-mexico-a-past-unveiled-llilas-translations-from-latin.pdf
    • http://www.gorillawalker.com/quantum-theory-of-many-body-systems-techniques-and-applications-graduate.pdf
    • http://www.gorillawalker.com/sowing-with-confidence.pdf
    • http://www.gorillawalker.com/ordinary-resurrections-children-in-the-years-of-hope-unabridged-audible.pdf
    • http://www.gorillawalker.com/kawasaki-kz500-550-zx550-79-85.pdf
    • http://www.gorillawalker.com/gousha-city-map-tucson.pdf
    • http://www.gorillawalker.com/trauma-cranico-e-terapia-occupazionale-guida-all-autonomia-nella-vita.pdf
    • http://www.gorillawalker.com/my-trip-with-the-tsar-a-novel.pdf
    • http://www.gorillawalker.com/moon-spotlight-salt-lake-city-park-city.pdf
    • http://www.gorillawalker.com/great-women-of-the-suffrage-movement-we-the-people-industrial.pdf
    • http://www.gorillawalker.com/coaching-websites-that-convert-build-a-client-attracting-website-avoid.pdf
    • http://www.gorillawalker.com/terrorizing-women-feminicide-in-the-americas.pdf
    • http://www.gorillawalker.com/physical-properties-of-iii-v-semiconductor-compounds.pdf
    • http://www.gorillawalker.com/retire-the-right-way-with-the-dynamic-duo.pdf
    • http://www.gorillawalker.com/the-decorations-medals-ribbons-badges-and-insignia-of-the-united.pdf
    • http://www.gorillawalker.com/the-ultimate-burns-supper-book-a-practical-but-irreverant-guide.pdf
    • http://www.gorillawalker.com/the-new-zealand-bed-and-breakfast-book-homes-farms-guest.pdf
    • http://www.gorillawalker.com/an-introduction-to-contemporary-metaethics.pdf
    • http://www.gorillawalker.com/the-days-of-his-presence-experiencing-the-fullness-of-christ.pdf
    • http://www.gorillawalker.com/jumpstarters-for-abbreviations-grades-4-8.pdf
    • http://www.gorillawalker.com/modern-persian-reader.pdf
    • http://www.gorillawalker.com/sports-illustrated-greatest-pictures-memorable-images-from-sports-history.pdf
    • http://www.gorillawalker.com/cyberbullying-introducing-issues-with-opposing-viewpoints.pdf
    • http://www.gorillawalker.com/robert-e-lee-vol-1.pdf
    • http://www.gorillawalker.com/jaws-a-novel.pdf
    • http://www.gorillawalker.com/an-heir-for-the-billionaire-his-every-desire-part-two.pdf
    • http://www.gorillawalker.com/by-denise-f-polit-nursing-research-generating-and-assessing-evidence.pdf
    • http://www.gorillawalker.com/david-worshiped-a-living-god.pdf
    • http://www.gorillawalker.com/the-mount-st-helens-volcano-take-ten-books.pdf
    • http://www.gorillawalker.com/contemporary-mathematics-for-business-and-consumers.pdf
    • http://www.gorillawalker.com/girls-know-best-advice-for-girls-from-girls-on-just.pdf
    • http://www.gorillawalker.com/the-cultural-politics-of-jazz-collectives-this-is-our-music.pdf
    • http://www.gorillawalker.com/theophrastean-studies-on-natural-science-physics-and-metaphysics-ethics-religion.pdf
    • http://www.gorillawalker.com/driving-on-the-edge-the-art-and-science-of-race.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.