Malicious PDF — malware analysis report

Static analysis result for SHA-256 79fe5785a8d6c782…

MALICIOUS

PDF

42.5 KB Created: 2018-11-14 08:34:40 +03:00 Authoring application: Adobe InDesign CS3 (5.0) (via Adobe PDF Library 8.0)
MD5: a8c0d6eab27e9e6d4743a83a77eaa098 SHA-1: 0aa828856fad0985daa7a1c0b65b8afbc726cc82 SHA-256: 79fe5785a8d6c7828781ba68d29ca1ab5194c727e6598d092cb57fb264d64ba8
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1059.001 PowerShell

The PDF file was flagged by a machine learning classifier as malicious. It contains a large number of embedded URLs pointing to external PDF documents, a technique often used for SEO manipulation or to host malicious content. The ML_NYX_PDF_MALICIOUS heuristic firing strongly supports the malicious verdict. No scripts were extracted, and the document body was heavily obfuscated, preventing a deeper analysis of the specific lure.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9027

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/understanding-and-facilitating-adult-learning-a-comprehensive-analysis-of-principles.pdf
    • http://www.gorillawalker.com/building-regulations-approved-document-b-fire-safety-buildings-other-than.pdf
    • http://www.gorillawalker.com/dinosaurs-kid-s-book-about-tyrannosaurus-rex-the-king-of.pdf
    • http://www.gorillawalker.com/shadow-precinct.pdf
    • http://www.gorillawalker.com/the-physiology-of-fungal-nutrition.pdf
    • http://www.gorillawalker.com/chile-still-a-paradise.pdf
    • http://www.gorillawalker.com/simplify-your-spiritual-life-spiritual-disciplines-for-the-overwhelmed.pdf
    • http://www.gorillawalker.com/the-financial-aid-handbook-getting-the-education-you-want-for.pdf
    • http://www.gorillawalker.com/chinese-animal-designs-cd-rom-and-book-dover-electronic-clip.pdf
    • http://www.gorillawalker.com/behind-the-lodge-door-church-state-and-freemasonry-in-america.pdf
    • http://www.gorillawalker.com/neonatal-intensive-care-handbook-3e.pdf
    • http://www.gorillawalker.com/realidades-level-1-practice-workbook-with-writing-audio-video-activities.pdf
    • http://www.gorillawalker.com/babylon-5-babylon-project.pdf
    • http://www.gorillawalker.com/miyuki-chan-in-wonderland.pdf
    • http://www.gorillawalker.com/ieee-transactions-on-magnetics-march-1987-volume-mag-23-number.pdf
    • http://www.gorillawalker.com/the-calusa-and-their-legacy-south-florida-people-and-their.pdf
    • http://www.gorillawalker.com/james-joyce-and-the-making-of-ulysses.pdf
    • http://www.gorillawalker.com/a-question-for-harry-questions-for-a-highlander-book-5.pdf
    • http://www.gorillawalker.com/city-bound-how-states-stifle-urban-innovation-kindle-edition.pdf
    • http://www.gorillawalker.com/selections-from-the-husia-sacred-wisdom-of-ancient-egypt.pdf
    • http://www.gorillawalker.com/pet-loss-a-spiritual-guide.pdf
    • http://www.gorillawalker.com/the-building-of-a-confident-man-how-to-create-self.pdf
    • http://www.gorillawalker.com/the-peacock-s-stone.pdf
    • http://www.gorillawalker.com/alexey-titarenko-the-city-is-a-novel.pdf
    • http://www.gorillawalker.com/african-methodist-episcopal-zion-hymnal.pdf
    • http://www.gorillawalker.com/the-end-of-being-known-a-memoir-living-out-gay.pdf
    • http://www.gorillawalker.com/bitter-winds-a-memoir-of-my-years-in-china-s.pdf
    • http://www.gorillawalker.com/longman-keys-to-learning-longman-keystone.pdf
    • http://www.gorillawalker.com/practical-diesel-engine-combustion-analysis.pdf
    • http://www.gorillawalker.com/thank-you-very-much-captain-ericsson.pdf
    • http://www.gorillawalker.com/el-zelote-spanish-edition-paperback.pdf
    • http://www.gorillawalker.com/the-barefoot-book-of-earth-tales-one-world-one-planet.pdf
    • http://www.gorillawalker.com/the-sochi-project-an-atlas-of-war-and-tourism-in.pdf
    • http://www.gorillawalker.com/the-creation-of-the-world-and-other-business.pdf
    • http://www.gorillawalker.com/new-york-s-100-best-little-hotels-4th-edition-city.pdf
    • http://www.gorillawalker.com/teaching-and-behavior-support-for-children-and-adults-with-autism.pdf
    • http://www.gorillawalker.com/nicholas-hilliard-the-arte-of-limning.pdf
    • http://www.gorillawalker.com/automative-systems-engineering-approach-and-verification-progress-in-technology.pdf
    • http://www.gorillawalker.com/radar-detectors-are-zapped-as-reason-to-nix-auto-ins.pdf
    • http://www.gorillawalker.com/teach-yourself-backgammon-teach-yourself-games-hobbies-sports.pdf
    • http://www.gorillawalker.com/simplify-your-spiritual-life-spiritual-disciplines-for-the-ove
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.