Malicious PDF — malware analysis report

Static analysis result for SHA-256 50df252bb104979c…

MALICIOUS

PDF

33.5 KB Created: 2019-09-02 21:52:01 +03:00 Authoring application: PDFpen
MD5: 82bf0e27f6f2b1f1a41413740dfcdd26 SHA-1: ae4a5f930e6d568b483087a6e0f9e9a482ee569c SHA-256: 50df252bb104979cdc97411de8d70c7ed0c184260ea27977ffece701f688d76a
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Phishing: Spearphishing Attachment T1059.001 Command and Scripting Interpreter: PowerShell

The PDF file was flagged by a machine learning classifier and contains a large number of external links, indicating a potential SEO spam or link farm attack. The primary heuristic indicates a 'PDF_SEO_LINK_FARM' with 32 external PDF links, suggesting the document's purpose is to redirect users to a large collection of other PDFs hosted on the same domain. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8529

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/funk-wagnalls-new-encyclopedia-vol-9.pdf
    • http://www.gorillawalker.com/radical-relationships.pdf
    • http://www.gorillawalker.com/elijah-op-70-part-i-arioso-woe-unto-them-who.pdf
    • http://www.gorillawalker.com/sport-prison-of-measured-ti.pdf
    • http://www.gorillawalker.com/rhythmical-alchemy-playshop-volume-1-drum-circle-games-book-dvd.pdf
    • http://www.gorillawalker.com/complete-turkish-teach-yourself-enhanced-edition.pdf
    • http://www.gorillawalker.com/diccionario-juridico-2-tomos-english-spanish-espanol-ingles-spanish-edition.pdf
    • http://www.gorillawalker.com/delf-prim-a1-livre-de-l-eleve-cd-audio-french.pdf
    • http://www.gorillawalker.com/eugene-m-schwartz-s-breakthrough-advertising-made-easy-timeless-copywriting.pdf
    • http://www.gorillawalker.com/why-college-matters-to-god-a-student-s-introduction-to.pdf
    • http://www.gorillawalker.com/the-great-songs-of-gershwin-piano-vocal.pdf
    • http://www.gorillawalker.com/concerto-for-clarinet-and-string-orchestra-with-harp-and-piano.pdf
    • http://www.gorillawalker.com/geotechnical-engineering-soil-mechanics.pdf
    • http://www.gorillawalker.com/teen-health-course-2-chapter-11-fast-file-personal-health.pdf
    • http://www.gorillawalker.com/reflections-of-a-jersey-shore-summer.pdf
    • http://www.gorillawalker.com/the-economics-of-foreign-exchange-and-global-finance.pdf
    • http://www.gorillawalker.com/la-guia-completa-sobre-albanileria-y-mamposteria-incluye-trabajos-decorativos.pdf
    • http://www.gorillawalker.com/telesurgery.pdf
    • http://www.gorillawalker.com/advanced-backgammon-vol-1-positional-play.pdf
    • http://www.gorillawalker.com/jesus-personality-theory-exploring-the-five-factor-model-kindle-edition.pdf
    • http://www.gorillawalker.com/alcoholic-liver-disease-bailliere-s-clinical-gastroenterology.pdf
    • http://www.gorillawalker.com/the-democratic-party-opposing-viewpoints.pdf
    • http://www.gorillawalker.com/the-chase-pursuing-holiness-in-your-everyday-life.pdf
    • http://www.gorillawalker.com/honor-bound-my-journey-to-hell-and-back-with-amanda.pdf
    • http://www.gorillawalker.com/heroes-gods-and-monsters-of-the-greek-myths-kindle-edition.pdf
    • http://www.gorillawalker.com/aesthetic-breast-surgery-concepts-techniques.pdf
    • http://www.gorillawalker.com/the-handbook-of-development-communication-and-social-change-global-handbooks.pdf
    • http://www.gorillawalker.com/the-handbook-of-security.pdf
    • http://www.gorillawalker.com/command-and-control-nuclear-weapons-the-damascus-accident-and-the.pdf
    • http://www.gorillawalker.com/fun-with-scientific-experiments-learning-with-fun.pdf
    • http://www.gorillawalker.com/guns-n-roses-use-your-illusion-ii.pdf
    • http://www.gorillawalker.com/handbook-of-solid-state-batteries-2nd-edition-materials-and-energy.pdf
    • http://www.gorillawalker.com/nos-amours-prends-moi-partout-po.pdf
    • http://www.gorillawalker.com/surgery-far-advanced-and-complicated-forms-of-lung-cancer-khirurgiya.pdf
    • http://www.gorillawalker.com/mind-games-emotionally-manipulative-tactics-partners-use-to-control-relationshi.pdf
    • http://www.gorillawalker.com/electric-circuits-fundamentals-5th-edition.pdf
    • http://www.gorillawalker.com/negotiating-construction-law-disputes-leading-lawyers-on-evaluating-disputes-assessing.pdf
    • http://www.gorillawalker.com/reckoning-book-thirteen-sweep-13.pdf
    • http://www.gorillawalker.com/the-early-church-the-penguin-history-of-the-church-v.pdf
    • http://www.gorillawalker.com/top-10-vienna-eyewitness-top-10-travel-guides-kindle-edition.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.