Malicious PDF — malware analysis report

Static analysis result for SHA-256 801516d7e0ba49bb…

MALICIOUS

PDF

43.5 KB Created: 2018-11-21 20:52:48 +03:00 Authoring application: FrameMaker 5.5.6p145 (via Acrobat Distiller 6.0 (Windows))
MD5: 5d7bc765acf684a3024998ed5dfa8139 SHA-1: 4c951a837466ed12c6619cc780d334a20e7f8115 SHA-256: 801516d7e0ba49bb9f882bf656527d4535e6e10d41f7ca517c3ffadf255136e1
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF contains a large number of embedded URLs pointing to various PDF documents on the same domain, as indicated by the PDF_SEO_LINK_FARM heuristic. This suggests a link farm or content distribution tactic. The ML_NYX_PDF_MALICIOUS heuristic further supports the malicious nature of the file. No scripts were extracted, and the document body was heavily obfuscated, making it difficult to determine the exact user-facing lure.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9171

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/what-to-believe-now-applying-epistemology-to-contemporary-issues.pdf
    • http://www.gorillawalker.com/genetic-psychology-monographs-volume-74-first-and-second-half-1966.pdf
    • http://www.gorillawalker.com/wonder-s-promise-thoroughbred-series-2.pdf
    • http://www.gorillawalker.com/alpha-cop-box-set-3-1-part-gay-werewolf-erotica.pdf
    • http://www.gorillawalker.com/best-hikes-with-children-catskills-hudson-river-valley-kindle-edition.pdf
    • http://www.gorillawalker.com/painting-beautiful-skin-tones-with-color-light.pdf
    • http://www.gorillawalker.com/the-nurse-goes-black.pdf
    • http://www.gorillawalker.com/the-sunne-in-splendour-a-novel-of-richard-iii.pdf
    • http://www.gorillawalker.com/out-of-my-mind-an-autobiography.pdf
    • http://www.gorillawalker.com/ten-meter-telescope-technical-demonstration-progress-report-excerpts-july-1981.pdf
    • http://www.gorillawalker.com/reposteria-y-pasteleria-bakery-mas-de-300-recetas-faciles-de.pdf
    • http://www.gorillawalker.com/rift-systems-and-hydrocarbon-accumulation-aapg-structural-geology-school-july.pdf
    • http://www.gorillawalker.com/total-recovery-solving-the-mystery-of-chronic-pain-and-depression.pdf
    • http://www.gorillawalker.com/panchakarma.pdf
    • http://www.gorillawalker.com/the-iron-metabolism-of-normal-young-women-during-consecutive-menstrual.pdf
    • http://www.gorillawalker.com/control-theory-and-optimization-i.pdf
    • http://www.gorillawalker.com/spelling-83.pdf
    • http://www.gorillawalker.com/the-diary-of-alice-james.pdf
    • http://www.gorillawalker.com/acta-tropica-review-of-tropical-science-and-tropical-medicine-volumes.pdf
    • http://www.gorillawalker.com/365-devotions-for-peace.pdf
    • http://www.gorillawalker.com/the-nile-portfolio-10-fine-lithographs.pdf
    • http://www.gorillawalker.com/lucky-glances-entangled-in-laws.pdf
    • http://www.gorillawalker.com/keyboarding-pro-deluxe-online-lessons-56-110-access-web-access.pdf
    • http://www.gorillawalker.com/knowledge-development-in-nursing-theory-and-process-chinn-integrated-theory.pdf
    • http://www.gorillawalker.com/beach-day-max-and-ruby.pdf
    • http://www.gorillawalker.com/the-healthy-homemade-pet-food-cookbook-75-whole-food-recipes.pdf
    • http://www.gorillawalker.com/market-research-in-a-week-teach-yourself-business.pdf
    • http://www.gorillawalker.com/grimm-fairy-tales-presents-the-jungle-book.pdf
    • http://www.gorillawalker.com/finding-home-songs-of-ricky-ian-gordon.pdf
    • http://www.gorillawalker.com/super-service-seven-keys-to-delivering-great-customer-service-even.pdf
    • http://www.gorillawalker.com/bullet-proof-marriage-english-edition-spanish-edition.pdf
    • http://www.gorillawalker.com/applications-of-organometallic-chemistry-in-the-preparation-and-processing-of.pdf
    • http://www.gorillawalker.com/winter-pleasures.pdf
    • http://www.gorillawalker.com/canadian-rockies-trail-guide.pdf
    • http://www.gorillawalker.com/the-year-in-gastroenterology-and-hepatology-volume-2.pdf
    • http://www.gorillawalker.com/paper-and-paper-products-in-finland-download-pdf-digital.pdf
    • http://www.gorillawalker.com/the-salem-gathering-book-3-of-the-council-series.pdf
    • http://www.gorillawalker.com/integrated-chinese-level-1-part-2-character-workbook-traditional-simplified.pdf
    • http://www.gorillawalker.com/the-political-disciple-a-theology-of-public-life-ordinary-theology.pdf
    • http://www.gorillawalker.com/dictionary-of-root-words-greek-and-latin-roots-english-word.pdf
    • http://www.gorill
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.