Malicious PDF — malware analysis report

Static analysis result for SHA-256 58250034b2e8b4e2…

MALICIOUS

PDF

42.8 KB Created: 2018-12-15 20:07:42 +03:00 Authoring application: QuarkXPress(R) 9.0
MD5: 445e29b88356b2e39a98937c39807b44 SHA-1: 2ec07dbec4ffb7d8be1ae0c02a151045692b12ad SHA-256: 58250034b2e8b4e24a4a8a1419337ed9c803bc8cf7802dbc44776cc8ceeed962
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF document contains a large number of embedded URLs pointing to external websites, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged the document as malicious. While no scripts were extracted, the sheer volume of links suggests a coordinated effort to direct users to potentially harmful or deceptive content, possibly for SEO manipulation or to serve as a landing page for further attacks.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9027

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/always-prepared-kindle-edition.pdf
    • http://www.gorillawalker.com/east-of-the-sun-a-novel.pdf
    • http://www.gorillawalker.com/it-kindle-edition.pdf
    • http://www.gorillawalker.com/the-maggie-b.pdf
    • http://www.gorillawalker.com/exam-98-368-windows-devices-and-mobility-fundamentals.pdf
    • http://www.gorillawalker.com/concise-and-wordperfect-versions-5-0-and-5-1.pdf
    • http://www.gorillawalker.com/california-evidence-code-2012-ed-california-desktop-codes.pdf
    • http://www.gorillawalker.com/all-about-perennials-ortho-s-all-about-gardening.pdf
    • http://www.gorillawalker.com/veterinary-entomology-arthropod-ectoparasites-of-veterinary-importance.pdf
    • http://www.gorillawalker.com/deep-within-a-woman-s-heart.pdf
    • http://www.gorillawalker.com/a-history-of-women-photographers.pdf
    • http://www.gorillawalker.com/judas-maccabeus-father-of-heaven-organ-sheet-music.pdf
    • http://www.gorillawalker.com/tumors-of-the-adrenal-glands-and-extraadrenal-paraganglia-volume-8.pdf
    • http://www.gorillawalker.com/the-np-guide-essential-knowledge-for-nurse-practitioner-practice.pdf
    • http://www.gorillawalker.com/review-of-the-civil-administration-of-mesopotamia-primary-source-edition.pdf
    • http://www.gorillawalker.com/advances-in-lithium-ion-batteries.pdf
    • http://www.gorillawalker.com/high-resolution-computed-tomography-of-the-lungs-a-pattern-approach.pdf
    • http://www.gorillawalker.com/that-loving-feeling.pdf
    • http://www.gorillawalker.com/ancient-greek-music-a-new-technical-history.pdf
    • http://www.gorillawalker.com/engineering-tools-for-environmental-risk-management-1-environmental-deterioration-and.pdf
    • http://www.gorillawalker.com/gerontological-nursing-by-charlotte-eliopoulos-6th-sixth-edition.pdf
    • http://www.gorillawalker.com/encore-wisconsin.pdf
    • http://www.gorillawalker.com/persepolis-3-persepolis-3-em-portugues-do-brasil.pdf
    • http://www.gorillawalker.com/in-an-enchanted-island-or-a-winter-s-retreat-in.pdf
    • http://www.gorillawalker.com/the-girls-of-atomic-city-the-untold-story-of-the.pdf
    • http://www.gorillawalker.com/holland-s-guide-to-psychoanalytic-psychology-and-literature-and-psychology.pdf
    • http://www.gorillawalker.com/hunting-dinosaurs-in-the-bad-lands-of-the-red-deer.pdf
    • http://www.gorillawalker.com/asperger-syndrome-practical-strategies-for-the-classroom-a-teacher-s.pdf
    • http://www.gorillawalker.com/engineering-design-computational-manual.pdf
    • http://www.gorillawalker.com/chase-en-las-sombras-johnnies-n-1-spanish-edition.pdf
    • http://www.gorillawalker.com/seen-in-the-yemen-travelling-with-freya-stark-and-others.pdf
    • http://www.gorillawalker.com/get-fuzzy-a-contrapelo-spanish-edition.pdf
    • http://www.gorillawalker.com/contest-problem-book-iv-annual-high-school-examinations-1973-1982.pdf
    • http://www.gorillawalker.com/the-zombie-rule-book-a-zombie-apocalypse-survival-guide.pdf
    • http://www.gorillawalker.com/rechtsfragen-des-netzanschlusses-im-stromsektor-nach-17-enwg-unter-ber.pdf
    • http://www.gorillawalker.com/altes-spielbuch-vol-2-recorders.pdf
    • http://www.gorillawalker.com/a-butterflies-picture-book.pdf
    • http://www.gorillawalker.com/beyond-khartoum-a-history-of-subnational-government-in-sudan.pdf
    • http://www.gorillawalker.com/staff-supervision-in-social-care-making-a-real-difference-for.pdf
    • http://www.gorillawalker.com/data-processing-in-chemistry-papers-studies-in-physical-and-theoretical.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.