Malicious PDF — malware analysis report

Static analysis result for SHA-256 821eda79cd0b7f51…

MALICIOUS

PDF

46.0 KB Created: 2018-11-14 21:15:04 +03:00 Authoring application: PScript5.dll Version 5.2 (via ePapyrus PSI 8.51)
MD5: 371689ad2a30712d148ee2d96fb727a1 SHA-1: 502426c03d2cab2dcf6bce683d446504b915a4e4 SHA-256: 821eda79cd0b7f51566aed7855c3c53f3a78172ddb99714b4f544b237e910f34
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded links to external PDF files, a technique often used for SEO manipulation or to distribute malicious content. While no scripts were explicitly extracted, the PDF structure and the heuristic 'PDF_SEO_LINK_FARM' strongly suggest an attempt to redirect users to a potentially harmful website. The ML classifier also flagged this PDF as malicious.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8812

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/analysis-of-the-behaviour-of-advanced-reactor-pressure-vessel-steels.pdf
    • http://www.gorillawalker.com/las-diosas-de-cada-mujer-una-nueva-psicologia-femenina.pdf
    • http://www.gorillawalker.com/sous-la-glace-chamonix-une-promenade-dans-une-grotte-de.pdf
    • http://www.gorillawalker.com/musculoskeletal-trauma-implications-for-sports-injury-management.pdf
    • http://www.gorillawalker.com/antibiotic-resistance-implications-for-global-health-and-novel-intervention-strategies.pdf
    • http://www.gorillawalker.com/the-bucks-camp-log-1916-1928.pdf
    • http://www.gorillawalker.com/defy-your-doctor-and-be-healed.pdf
    • http://www.gorillawalker.com/pankration-the-traditional-greek-combat-sport-modern-martial-art.pdf
    • http://www.gorillawalker.com/beds-outstanding-projects-from-one-of-america-s-best-craftsmen.pdf
    • http://www.gorillawalker.com/bitcoin-wealth-guide-learn-how-to-become-a-bitcoin-millionaire.pdf
    • http://www.gorillawalker.com/happy-day-coloring-collection-art-coloring-pages-to-relax-enjoy.pdf
    • http://www.gorillawalker.com/difiores-atlas-of-histology-with-functional-correlations-11th-edition.pdf
    • http://www.gorillawalker.com/killer-whales.pdf
    • http://www.gorillawalker.com/the-home-based-bookstore-start-your-own-business-selling-used.pdf
    • http://www.gorillawalker.com/the-confederate-army-combat-uniforms-of-the-civil-war-vol.pdf
    • http://www.gorillawalker.com/greek-lyric-volume-iii-stesichorus-ibycus-simonides-and-others-loeb.pdf
    • http://www.gorillawalker.com/veterinary-pharmacology-korean-edition.pdf
    • http://www.gorillawalker.com/encyclopedia-of-political-theory.pdf
    • http://www.gorillawalker.com/advanced-poker.pdf
    • http://www.gorillawalker.com/driving-scenic-new-zealand-a-guide-to-touring-new-zealand.pdf
    • http://www.gorillawalker.com/the-witchfire-trilogy-collected-edition-dungeons-dragons-d20-3-5.pdf
    • http://www.gorillawalker.com/common-worship-additional-eucharistic-prayers-with-guidance-on-celebrating-the.pdf
    • http://www.gorillawalker.com/creation-of-the-modern-middle-east-set.pdf
    • http://www.gorillawalker.com/port-out-starboard-home-and-other-language-myths.pdf
    • http://www.gorillawalker.com/liszt-carolyne-and-the-vatican-the-story-of-a-thwarted.pdf
    • http://www.gorillawalker.com/abraham-lincoln-the-prairie-years-and-the-war-years-unabridged.pdf
    • http://www.gorillawalker.com/leadership-development-paths-to-self-insight-and-professional-growth-applied.pdf
    • http://www.gorillawalker.com/armored-cav-a-guided-tour-of-an-armored-cavalry-regiment.pdf
    • http://www.gorillawalker.com/an-historical-account-of-the-rise-and-progress-of-the.pdf
    • http://www.gorillawalker.com/s-o-s-meteors-blake-and-mortimer-6-adventures-of.pdf
    • http://www.gorillawalker.com/steve-cotter-the-complete-guide-to-kettlebell-lifting.pdf
    • http://www.gorillawalker.com/afrikan-matriarchal-foundations-the-igbo-case.pdf
    • http://www.gorillawalker.com/comedy-scenes-for-student-actors-short-sketches-for-young-performers.pdf
    • http://www.gorillawalker.com/primer-nivel-aprende-violin-facilmente-spanish-edition-of-step-one.pdf
    • http://www.gorillawalker.com/moon-guatemala-moon-handbooks.pdf
    • http://www.gorillawalker.com/glycemic-index-cookbook-for-dummies.pdf
    • http://www.gorillawalker.com/i-m-neither-here-nor-there-mexicans-quotidian-struggles-with.pdf
    • http://www.gorillawalker.com/your-brain-at-work.pdf
    • http://www.gorillawalker.com/the-lowdown-in-high-town-an-r-r-johnson-novel.pdf
    • http://www.gorillawalker.com/studies-in-indian-and-anglo-indian-fiction.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.