Malicious PDF — malware analysis report

Static analysis result for SHA-256 7dd50f9260807e48…

MALICIOUS

PDF

34.1 KB Created: 2019-12-13 06:42:01 +03:00 Authoring application: PScript5.dll Version 5.2 (via Acrobat Distiller 5.0 (Windows))
MD5: d99c808109cb49f4536ee0fba3297bc7 SHA-1: c792565efdfedeef9ecdb990e613abb3394e390c SHA-256: 7dd50f9260807e486dc85c3d0d3e1d17a7599596e6ddbe5d7fe2fa41c3bb4b2e
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF was flagged for containing a large number of external links, a technique often used for SEO manipulation or to distribute malicious content. The ML classifier also indicated a high probability of maliciousness. No scripts were extracted, and the document body was heavily obfuscated, making it difficult to determine the exact payload or user-facing lure.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8529

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/veni-sancte-spiritus-choral-octavo-faber-edition-faber-new-choral.pdf
    • http://www.gorillawalker.com/it-started-with-a-dare.pdf
    • http://www.gorillawalker.com/heroics-for-beginners.pdf
    • http://www.gorillawalker.com/the-battle-of-betazed-star-trek-next-generation-unnumbered.pdf
    • http://www.gorillawalker.com/semiconductor-terahertz-technology-devices-and-systems-at-room-temperature-operation.pdf
    • http://www.gorillawalker.com/taboo-tales-house-on-the-hill.pdf
    • http://www.gorillawalker.com/absolute-space-absolute-time-absolute-motion.pdf
    • http://www.gorillawalker.com/cry-of-the-peacock-a-novel-kindle-edition.pdf
    • http://www.gorillawalker.com/heroes-of-olympus-book-one-the-lost-hero-the-graphic.pdf
    • http://www.gorillawalker.com/the-nag-hammadi-scriptures-the-revised-and-updated-translation-of.pdf
    • http://www.gorillawalker.com/book-of-tofu-food-for-mankind.pdf
    • http://www.gorillawalker.com/ecclesiastes-geneva-series-of-commentaries.pdf
    • http://www.gorillawalker.com/glencoe-physical-iscience-modules-the-nature-of-matter-grade-8.pdf
    • http://www.gorillawalker.com/2014-vintage-guitars-double-view-easel.pdf
    • http://www.gorillawalker.com/the-story-of-the-manhattan-project-monumental-milestones-great-events.pdf
    • http://www.gorillawalker.com/advances-in-the-study-of-behavior-volume-38.pdf
    • http://www.gorillawalker.com/the-daily-message-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/public-policymaking-reexamined.pdf
    • http://www.gorillawalker.com/ogam-the-celtic-oracle-of-the-trees-understanding-casting-and.pdf
    • http://www.gorillawalker.com/global-sport-for-development-critical-perspectives-global-culture-and-sport.pdf
    • http://www.gorillawalker.com/dear-mrs-roosevelt-letters-from-children-of-the-great-depression.pdf
    • http://www.gorillawalker.com/essentials-of-educational-psychology-big-ideas-to-guide-effective-teaching.pdf
    • http://www.gorillawalker.com/this-is-tanzania-a-collection-of-thoughts-and-reflections-from.pdf
    • http://www.gorillawalker.com/winter-demon-bundle.pdf
    • http://www.gorillawalker.com/coloproctology-springer-specialist-surgery-series.pdf
    • http://www.gorillawalker.com/introduction-to-leadership-concepts-and-practice-kindle-edition.pdf
    • http://www.gorillawalker.com/evidence-that-demands-a-verdict-2.pdf
    • http://www.gorillawalker.com/futa-rising-corporal-cherry-s-futanari-adventures-book-3.pdf
    • http://www.gorillawalker.com/recipes-book-for-vegetarian-diet-cooking-chinese-edition.pdf
    • http://www.gorillawalker.com/when-willows-weep-urban-books-paperback.pdf
    • http://www.gorillawalker.com/the-american-dhammapada-palm-leaf-edition-a-twenty-first-century.pdf
    • http://www.gorillawalker.com/jesus-the-one-and-only.pdf
    • http://www.gorillawalker.com/my-travel-journal-retro-building-illustration-travel-planner-journal-6.pdf
    • http://www.gorillawalker.com/xenophobe-s-guide-to-the-swiss.pdf
    • http://www.gorillawalker.com/o-brien-s-radiology-for-the-ambulatory-equine-practitioner.pdf
    • http://www.gorillawalker.com/kaplan-nclex-rn-medications-in-a-box.pdf
    • http://www.gorillawalker.com/study-and-listening-guide-for-a-history-of-western-music.pdf
    • http://www.gorillawalker.com/the-fathers-of-the-church-a-comprehensive-introduction.pdf
    • http://www.gorillawalker.com/new-maths-in-action-s3-3-student-book.pdf
    • http://www.gorillawalker.com/am-i-small-je-suis-petite-moi-children-s-picture.pdf
    • http://www.gorillawalker.com/glencoe-physical-iscience-modules-the-nature-of-matter-g
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.