Malicious PDF — malware analysis report

Static analysis result for SHA-256 506d4ed578433263…

MALICIOUS

PDF

44.7 KB Created: 2018-12-15 20:11:20 +03:00 Authoring application: Pdf995 (via GNU Ghostscript 7.05)
MD5: d4e8a6e956cc307977fa849408ad0f3a SHA-1: 9e7c6553ef3b5caad2381f3e92aa171c3e322f7b SHA-256: 506d4ed578433263fc57f802af8ba61d91f59639eac2fbbdd1aa77beea89b999
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF was flagged by a machine learning classifier and contains a large number of external links, indicating a potential SEO manipulation or content hosting scheme. No scripts were extracted from this sample. The primary attack pattern observed is the creation of a link farm within the PDF document.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8439

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/big-or-little.pdf
    • http://www.gorillawalker.com/sleazoid-express-a-mind-twisting-tour-through-the-grindhouse-cinema.pdf
    • http://www.gorillawalker.com/maximizing-lead-generation-the-complete-guide-for-b2b-marketers-que.pdf
    • http://www.gorillawalker.com/life-of-pontiac-the-conspirator-the-life-of-pontiac-the.pdf
    • http://www.gorillawalker.com/ancient-mariner.pdf
    • http://www.gorillawalker.com/el-paraiso-de-las-mujeres-novela-spanish.pdf
    • http://www.gorillawalker.com/chris-tomlin-arriving-easy-piano-easy-piano-hal-leonard.pdf
    • http://www.gorillawalker.com/unlaced.pdf
    • http://www.gorillawalker.com/the-sovereign-citizen-denaturalization-and-the-origins-of-the-american.pdf
    • http://www.gorillawalker.com/maquina-del-tiempo-the-time-machine-spanish-edition.pdf
    • http://www.gorillawalker.com/practical-english-for-arabic-speakers-text-only.pdf
    • http://www.gorillawalker.com/back-from-the-dead-the-return-of-the-evil-empire.pdf
    • http://www.gorillawalker.com/the-saboteurs-men-at-war-book-5.pdf
    • http://www.gorillawalker.com/omni-the-omni-duology-volume-1.pdf
    • http://www.gorillawalker.com/handbook-of-medical-image-processing-and-analysis-second-edition-academic.pdf
    • http://www.gorillawalker.com/knowledge-and-knowers-towards-a-realist-sociology-of-education.pdf
    • http://www.gorillawalker.com/living-oil-petroleum-culture-in-the-american-century-oxford-studies.pdf
    • http://www.gorillawalker.com/v-is-for-villain.pdf
    • http://www.gorillawalker.com/that-perfect-someone-malory-family-series.pdf
    • http://www.gorillawalker.com/musculoskeletal-medicine-in-primary-care-an-essential-guide-for-examination.pdf
    • http://www.gorillawalker.com/fundamentals-of-care-of-the-aging-disabled-and-handicapped-in.pdf
    • http://www.gorillawalker.com/japanese-ikat-weaving-the-techniques-of-kasuri.pdf
    • http://www.gorillawalker.com/combo-precalculus-with-mathzone-access-card.pdf
    • http://www.gorillawalker.com/surfactants-in-tribology-2-volume-set.pdf
    • http://www.gorillawalker.com/classic-mallet-trios-beethoven-4-classics-arranged-for-orchestra-bells.pdf
    • http://www.gorillawalker.com/virtual-vandals-net-force-explorers.pdf
    • http://www.gorillawalker.com/caveat-realism-reagan-and-foreign-policy.pdf
    • http://www.gorillawalker.com/el-beso-de-la-princesa-primeros-lectores.pdf
    • http://www.gorillawalker.com/a-paleozoic-geochemical-anomaly-near-jerome-arizona-geological-survey-bulletin.pdf
    • http://www.gorillawalker.com/nightblade-episode-three-nightblade-episodes-book-3-kindle-edition.pdf
    • http://www.gorillawalker.com/judging-under-uncertainty-an-institutional-theory-of-legal-interpretation.pdf
    • http://www.gorillawalker.com/sintering-processes-materials-science-research.pdf
    • http://www.gorillawalker.com/sunset-rising-sunset-vampire-series-book-5.pdf
    • http://www.gorillawalker.com/a-walking-tour-of-philadelphia-center-city-look-up-america.pdf
    • http://www.gorillawalker.com/scare-care.pdf
    • http://www.gorillawalker.com/the-california-wildlife-habitat-garden-how-to-attract-bees-butterflies.pdf
    • http://www.gorillawalker.com/government-in-america-people-politics-and-policy-brief-edition-9th.pdf
    • http://www.gorillawalker.com/jaguar-mk-ii-1959-69-brooklands-books-road-tests-series.pdf
    • http://www.gorillawalker.com/boquitas-pintadas-painted-small-mouths-spanish-edition.pdf
    • http://www.gorillawalker.com/i-don-t-have-a-happy-place-cheerful-stories-of.pdf
    • http://www.gorillawalker.com/maximizing-lead-generation-the-complete-guide-for-b2b-marketers-qu
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.