Malicious PDF — malware analysis report

Static analysis result for SHA-256 53f336bc61b00665…

MALICIOUS

PDF

44.3 KB Created: 2018-12-15 20:06:12 +03:00 Authoring application: Writer (via LibreOffice 4.2)
MD5: 007110bdfeb5ccfd27d813ddad3fa4e0 SHA-1: 0287e0dc7c6e16c0f9637205d6a59b3ecc65c3cc SHA-256: 53f336bc61b00665eda93f11534cccba990f25ae13fab326fa4a9b513a6111ed
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF contains a large number of external links, identified by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged the document as malicious with high confidence. The embedded URLs point to a website that appears to host a collection of PDF files, suggesting a link farm or distribution point for malicious content. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9171

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/knoydart-loch-hourn-and-loch-duich-os-explorer-active-map.pdf
    • http://www.gorillawalker.com/against-all-odds-the-story-of-william-peyton-hubbard-black.pdf
    • http://www.gorillawalker.com/conjugaison-progressive-du-francais-niveau-intermediaire-with-one-cd-audio.pdf
    • http://www.gorillawalker.com/forex-trading-revealed-little-dirty-secrets-and-weird-unknown-tricks.pdf
    • http://www.gorillawalker.com/unless-it-moves-the-human-heart-the-craft-and-art.pdf
    • http://www.gorillawalker.com/molecular-imaging-probes-for-cancer-research.pdf
    • http://www.gorillawalker.com/roadside-songs-of-tuscany-pt-2-kindle-edition.pdf
    • http://www.gorillawalker.com/translating-the-world-science-and-language.pdf
    • http://www.gorillawalker.com/endstation-wirklichkeit-german-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/alrs-volume-6-part-3-pilot-services-vessel-traffic-services.pdf
    • http://www.gorillawalker.com/assume-the-position-kindle-edition.pdf
    • http://www.gorillawalker.com/rivers-of-london-body-work-1-rivers-of-london-body.pdf
    • http://www.gorillawalker.com/people-tamer-1-5-bundle.pdf
    • http://www.gorillawalker.com/brandon-graham-walrus-brandon-graham-s-all-bum-album.pdf
    • http://www.gorillawalker.com/more-than-honey-the-survival-of-bees-and-the-future.pdf
    • http://www.gorillawalker.com/masters-social-work-exam-flashcard-study-system-aswb-test-practice.pdf
    • http://www.gorillawalker.com/i-like-to-be-little.pdf
    • http://www.gorillawalker.com/notes-from-the-other-side-of-night.pdf
    • http://www.gorillawalker.com/emotionally-healthy-spirituality-unleash-a-revolution-in-your-life-in.pdf
    • http://www.gorillawalker.com/alimentazione-naturale-la-medicina-per-l-anima-italian-edition-kindle.pdf
    • http://www.gorillawalker.com/coming-apart-an-informal-history-of-america-in-the-1960.pdf
    • http://www.gorillawalker.com/the-grolier-library-of-north-american-biographies-complete-10-volume.pdf
    • http://www.gorillawalker.com/commenting-and-commentaries-a-reference-guide-to-the-best-bible.pdf
    • http://www.gorillawalker.com/get-started-in-classical-music-teach-yourself-reference.pdf
    • http://www.gorillawalker.com/numerical-methods-and-applications-5th-international-conference-nma-2002-borovets.pdf
    • http://www.gorillawalker.com/louisiana-the-louisiana-experience.pdf
    • http://www.gorillawalker.com/venice-2012-square-12x12-wall-calendar-world-traveller.pdf
    • http://www.gorillawalker.com/military-intelligence-1870-1991-a-research-guide-research-guides-in.pdf
    • http://www.gorillawalker.com/tempted-champions-buffy-the-vampire-slayer.pdf
    • http://www.gorillawalker.com/measure-topology-and-fractal-geometry-undergraduate-texts-in-mathematics.pdf
    • http://www.gorillawalker.com/rough-notes-of-an-exploration-for-an-inter-oceanic-canal.pdf
    • http://www.gorillawalker.com/don-del-cambio-el-una-guia-espiritual-para-transformar-su.pdf
    • http://www.gorillawalker.com/belong-to-me-wicked-lovers.pdf
    • http://www.gorillawalker.com/enigmas-y-paradigmas-enigmas-and-paradigms-una-exploracion-entre-el.pdf
    • http://www.gorillawalker.com/high-voltage-exponential-apocalypse-volume-3.pdf
    • http://www.gorillawalker.com/nunatsuak-stories-of-the-big-land-labrador-and-newfoundland.pdf
    • http://www.gorillawalker.com/tu-parles-francais.pdf
    • http://www.gorillawalker.com/the-empty-chair-finding-hope-and-joytimeless-wisdom-from-a.pdf
    • http://www.gorillawalker.com/optical-coherence-tomography-in-current-glaucoma-practice-pearls-and-pitfalls.pdf
    • http://www.gorillawalker.com/researching-social-life.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.