Malicious PDF — malware analysis report

Static analysis result for SHA-256 59dee522e6ea4619…

MALICIOUS

PDF

41.9 KB Created: 2018-11-15 19:36:12 +03:00 Authoring application: Adobe InDesign CS5 (7.0.5) (via Adobe PDF Library 9.9)
MD5: e6fca5d308c49ed6263a7c6b0081732f SHA-1: 68d245f2e08367ce6129c399f0f763382173b540 SHA-256: 59dee522e6ea461999e01abb8fd1d52d3705553f9e812906532bda5cac29e39a
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF contains a large number of embedded URLs pointing to external PDF files on the same domain, as indicated by the 'PDF_SEO_LINK_FARM' heuristic. This suggests a tactic to manipulate search engine results or to distribute a large volume of content, potentially malicious. No scripts were extracted, and the document body was unreadable, limiting further analysis of the specific lure.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9027

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/diccionario-historico-biografico-del-peru-volume-8-spanish-edition.pdf
    • http://www.gorillawalker.com/innovation-for-a-low-carbon-economy-economic-institutional-and-management.pdf
    • http://www.gorillawalker.com/lost-tribes-of-north-carolina-part-ii-colonial-granville-county.pdf
    • http://www.gorillawalker.com/puppy-love-volume-2-kindle-edition.pdf
    • http://www.gorillawalker.com/techniques-of-propaganda-and-persuasion-kindle-edition.pdf
    • http://www.gorillawalker.com/architecture-in-use.pdf
    • http://www.gorillawalker.com/living-inside-our-hope-a-steadfast-radical-s-thoughts-on.pdf
    • http://www.gorillawalker.com/night-of-the-tentacle.pdf
    • http://www.gorillawalker.com/brust-arbeitskarten-f.pdf
    • http://www.gorillawalker.com/how-to-make-a-noise-analog-synthesis.pdf
    • http://www.gorillawalker.com/broken-lullabies-a-historical-steampunk.pdf
    • http://www.gorillawalker.com/the-wild-truth.pdf
    • http://www.gorillawalker.com/african-literatures-and-beyond-a-florilegium-cross-cultures.pdf
    • http://www.gorillawalker.com/therapeutic-play-activities-for-hospitalized-children.pdf
    • http://www.gorillawalker.com/dk-eyewitness-travel-guide-kenya-by-williams-lizzie-2009-paperback.pdf
    • http://www.gorillawalker.com/how-to-defend-yourself-in-3-seconds-or-less-the.pdf
    • http://www.gorillawalker.com/learn-how-to-win-at-video-poker-instructional-dvd.pdf
    • http://www.gorillawalker.com/leviticus-tyndale-old-testament-commentaries.pdf
    • http://www.gorillawalker.com/too-cute-chihuahua-studio-pets-by-myrna.pdf
    • http://www.gorillawalker.com/float-pilkington-s-glass-revolution.pdf
    • http://www.gorillawalker.com/critical-care-pearls-the-pearls-series.pdf
    • http://www.gorillawalker.com/fried-why-you-burn-out-and-how-to-revive-by.pdf
    • http://www.gorillawalker.com/the-berkeley-manuscript-greek-and-latin-music-theory.pdf
    • http://www.gorillawalker.com/freedom-captured-book-4.pdf
    • http://www.gorillawalker.com/frog-and-the-wide-world-english-punjabi-frog-series.pdf
    • http://www.gorillawalker.com/the-boxcar-children-collection-volume-21-library-edition-the-growling.pdf
    • http://www.gorillawalker.com/return-to-eden-an-herbal-medicine-field-guide-volume-1.pdf
    • http://www.gorillawalker.com/the-worst-is-yet-to-come-allied-prisoners-of-world.pdf
    • http://www.gorillawalker.com/switched-in-space-gender-swap-ff-transformation-erotica-kindle-edition.pdf
    • http://www.gorillawalker.com/rogue-trader-how-i-brought-down-barings-bank-and-shook.pdf
    • http://www.gorillawalker.com/a-functional-outcome-disability-study-of-patients-treated-for-low.pdf
    • http://www.gorillawalker.com/filling-our-father-s-house.pdf
    • http://www.gorillawalker.com/dinosaurs-a-pop-up-book.pdf
    • http://www.gorillawalker.com/owls-don-t-blink-and-turn-on-the-heat.pdf
    • http://www.gorillawalker.com/packaging-materials-in-indonesia-to-2015-market-review-download-pdf.pdf
    • http://www.gorillawalker.com/recherche-femme-parfaite-collection-litt-raire-dirig-e-par-martine.pdf
    • http://www.gorillawalker.com/the-civil-war-in-north-carolina.pdf
    • http://www.gorillawalker.com/theorizing-classical-sociology.pdf
    • http://www.gorillawalker.com/cambridge-english-for-schools-1-student-s-book.pdf
    • http://www.gorillawalker.com/volver-a-roma-back-to-rome-spanish-edition.pdf
    • http://www.gorillawalker.com/pu
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.