Malicious PDF — malware analysis report

Static analysis result for SHA-256 509bc9409f3be0d3…

MALICIOUS

PDF

42.7 KB Created: 2018-11-15 18:31:38 +03:00 Authoring application: QuarkXPress(R) 8.0
MD5: dfac017405b0e57263588c55fe426f9f SHA-1: b2ff888dba45abdab53bec14702d15c6ffac609e SHA-256: 509bc9409f3be0d3d1e00ed1a518a258f7f43f4a1d8126ee4e1366f883549655
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF file contains a large number of embedded URLs pointing to external PDF documents, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged the document as malicious. The primary attack pattern appears to be SEO manipulation or a link farm designed to distribute potentially malicious content hosted on www.gorillawalker.com. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8242

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-quaker-oats-treasury-of-best-recipes.pdf
    • http://www.gorillawalker.com/the-language-of-self-strategies-of-subjectivity-in-the-novels.pdf
    • http://www.gorillawalker.com/a-first-course-in-stochastic-models.pdf
    • http://www.gorillawalker.com/the-economic-effects-of-constitutions-text-only-by-t-persson.pdf
    • http://www.gorillawalker.com/simply-sexual-the-house-of-pleasure-book-1.pdf
    • http://www.gorillawalker.com/wooden-houses-from-log-cabins-to-beach-houses.pdf
    • http://www.gorillawalker.com/designing-embedded-systems-with-pic-microcontrollers-principles-and-applications.pdf
    • http://www.gorillawalker.com/infrastructure-the-book-of-everything-for-the-industrial-landscape.pdf
    • http://www.gorillawalker.com/your-grandpas-funny.pdf
    • http://www.gorillawalker.com/breakaway-careers-the-self-employment-resource-for-freelancers-consultants-and.pdf
    • http://www.gorillawalker.com/rick-steves-england-wales-rick-steves-europe-2000-2014-dvd.pdf
    • http://www.gorillawalker.com/life-and-learning-of-korean-artists-and-craftsmen-rhizoactivity-routledge.pdf
    • http://www.gorillawalker.com/plugged-rewind-agency-volume-2.pdf
    • http://www.gorillawalker.com/mail-order-bride-westward-hope-clean-historical-cowboy-romance-novel.pdf
    • http://www.gorillawalker.com/erotoscope-ungerer.pdf
    • http://www.gorillawalker.com/frommers-born-to-shop-italy-the-ultimate-guide-for-travelers.pdf
    • http://www.gorillawalker.com/dental-anatomy-dental-laboratory-technology-manuals.pdf
    • http://www.gorillawalker.com/international-relations-of-ethiopia-the-strategy-of-a-developing-state.pdf
    • http://www.gorillawalker.com/blues-acoustic-guitar-method-progressive.pdf
    • http://www.gorillawalker.com/crossroads-urban-christian.pdf
    • http://www.gorillawalker.com/all-that-glitters-ain-t-gold-kindle-edition.pdf
    • http://www.gorillawalker.com/the-50-best-rice-cooker-recipes-tasty-fresh-and-easy.pdf
    • http://www.gorillawalker.com/new-zealand-neuseeland-map-1-1-000-000-waterproof.pdf
    • http://www.gorillawalker.com/deluxe-bluegrass-mandolin-method.pdf
    • http://www.gorillawalker.com/defining-peasants-essays-concerning-rural-societies-expolary-economies-and-learning.pdf
    • http://www.gorillawalker.com/weird-and-wonderful-dinosaur-facts.pdf
    • http://www.gorillawalker.com/rough-guide-iceland-5e-by-rough-guides-mar-26-2013.pdf
    • http://www.gorillawalker.com/mia-and-the-dance-for-two-my-first-i-can.pdf
    • http://www.gorillawalker.com/the-truth-about-the-harry-quebert-affair-a-novel.pdf
    • http://www.gorillawalker.com/good-nose-great-legs-the-art-of-wine-from-the.pdf
    • http://www.gorillawalker.com/the-illustrated-book-of-stockings.pdf
    • http://www.gorillawalker.com/the-isle-of-skye.pdf
    • http://www.gorillawalker.com/inventions-of-the-studio-renaissance-to-romanticism-bettie-allison-rand.pdf
    • http://www.gorillawalker.com/charlie-the-chicken-polish-edition.pdf
    • http://www.gorillawalker.com/simultaneous-communication-asl-and-other-classroom-communication-modes.pdf
    • http://www.gorillawalker.com/joining-the-conversation-a-guide-and-handbook-for-writers.pdf
    • http://www.gorillawalker.com/arrow-vengeance.pdf
    • http://www.gorillawalker.com/measure-of-danger.pdf
    • http://www.gorillawalker.com/mr-cheap-s-boston-bargains-factory-outlets-off-price-stores.pdf
    • http://www.gorillawalker.com/global-development-of-organic-agriculture-challenges-and-prospects.pdf
    • http://www.gorillawalker.com/breakaway-careers-the-self-employment-r
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.