Malicious PDF — malware analysis report

Static analysis result for SHA-256 570fb19b8d6cd84b…

MALICIOUS

PDF

43.0 KB Created: 2018-11-15 18:34:26 +03:00 Authoring application: PScript5.dll Version 5.2 (via Acrobat Distiller 5.0.5 (Windows))
MD5: 2b4fc8c2f89d74439a9cc76b24b4f128 SHA-1: 59ecae1f1bff43b540a6bf6805d3b6f02f3a5338 SHA-256: 570fb19b8d6cd84b06c1ee5cbcb8d187d4991127dd4eda80b3c27f3336fca676
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged this document as malicious. The primary attack pattern appears to be a link farm designed to manipulate search engine results or distribute additional malicious content through the linked PDFs. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8242

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/blueprints-your-plan-for-learning-land-law.pdf
    • http://www.gorillawalker.com/gulf-war-diary-kindle-edition.pdf
    • http://www.gorillawalker.com/magicians-of-the-gods-the-forgotten-wisdom-of-earth-s.pdf
    • http://www.gorillawalker.com/the-tutor-a-novel.pdf
    • http://www.gorillawalker.com/cricket-literature-and-culture.pdf
    • http://www.gorillawalker.com/get-it-done-write-a-cover-letter.pdf
    • http://www.gorillawalker.com/border-insecurity-why-big-money-fences-and-drones-aren-t.pdf
    • http://www.gorillawalker.com/the-case-the-rolling-bones-perry-mason.pdf
    • http://www.gorillawalker.com/historical-geology-5th-edition.pdf
    • http://www.gorillawalker.com/low-cholesterol-diet-30-minute-low-cholesterol-recipes-kindle-edition.pdf
    • http://www.gorillawalker.com/developing-innovation-systems-mexico-in-a-global-context-science-technology.pdf
    • http://www.gorillawalker.com/just-say-know-talking-with-kids-about-drugs-and-alcohol.pdf
    • http://www.gorillawalker.com/get-started-in-beginner-s-brazilian-portuguese-learn-brazilian-portuguese.pdf
    • http://www.gorillawalker.com/autism-and-asperger-syndrome-busting-the-myths.pdf
    • http://www.gorillawalker.com/entertaining-international-cooking-collection.pdf
    • http://www.gorillawalker.com/colony.pdf
    • http://www.gorillawalker.com/microbial-life-second-edition.pdf
    • http://www.gorillawalker.com/prose-anthology-of-ww-i-a.pdf
    • http://www.gorillawalker.com/lords-of-chaos-the-bloody-rise-of-the-satanic-metal.pdf
    • http://www.gorillawalker.com/the-making-of-the-other-half-jacob-a-riis-and.pdf
    • http://www.gorillawalker.com/mosby-s-respiratory-care-online-for-egan-s-fundamentals-of.pdf
    • http://www.gorillawalker.com/mother-india-selections-from-the-controversial-1927-text-edited-and.pdf
    • http://www.gorillawalker.com/the-must-have-2013-sudoku-puzzle-book-365-sudoku-puzzle.pdf
    • http://www.gorillawalker.com/scrum-a-breathtakingly-brief-and-agile-introduction.pdf
    • http://www.gorillawalker.com/beatitudes-eight-steps-to-happiness.pdf
    • http://www.gorillawalker.com/when-learning-happens.pdf
    • http://www.gorillawalker.com/avionic-systems-design-and-software-imeche-seminar-publications.pdf
    • http://www.gorillawalker.com/star-trek-into-darkness-piano-solo-songbook.pdf
    • http://www.gorillawalker.com/land-snails-and-slugs-of-russia-and-adjacent-countries-faunistica.pdf
    • http://www.gorillawalker.com/the-history-of-money-from-bartering-to-banking.pdf
    • http://www.gorillawalker.com/things-to-do-now-that-you-re-a-mom.pdf
    • http://www.gorillawalker.com/state-of-the-art-of-earthquake-engineering-in-nuclear-power.pdf
    • http://www.gorillawalker.com/robert-schumann-kalmus-study-scores-sheet-music-no-1105-three.pdf
    • http://www.gorillawalker.com/cruising-guide-to-the-eastern-caribbean-venezuela-v-4.pdf
    • http://www.gorillawalker.com/adventures-in-swaziland-the-story-of-a-south-african-boer.pdf
    • http://www.gorillawalker.com/the-western-canon-the-books-and-school-of-the-ages.pdf
    • http://www.gorillawalker.com/breakfast-sandwiches-the-ultimate-recipe-guide.pdf
    • http://www.gorillawalker.com/battle-earth-kindle-edition.pdf
    • http://www.gorillawalker.com/backache-what-exercises-work-breakthrough-relief-for-the-rest-of.pdf
    • http://www.gorillawalker.com/drugs-society-and-criminal-justice-2nd-edition.pdf
    • http://www.gorillawalker.com/t
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.