Malicious PDF — malware analysis report

Static analysis result for SHA-256 87e73b0d0cd55c48…

MALICIOUS

PDF

44.3 KB Created: 2018-11-30 20:57:03 +03:00 Authoring application: - (via Multivalent Merge)
MD5: 9335502dd2f83078d986a0ca662c26a9 SHA-1: c24c915ba86a9c51c779144d2dcc265616b87f0f SHA-256: 87e73b0d0cd55c482c02aa8ef117790f380f5d941229ec3c496ea3d2f0a43d1d
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1059.001 PowerShell

The PDF was flagged by a critical heuristic for containing a large number of external PDF links, suggesting a link farm or SEO manipulation tactic. While no scripts were extracted, the sheer volume of links to other PDF documents on the same domain indicates a malicious intent to either distribute further content or potentially mislead users. The ML classifier also strongly indicated maliciousness.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9007

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/pie-100-gorgeously-glorious-recipes-100-great-recipes.pdf
    • http://www.gorillawalker.com/systematic-theology-vol-4-church-last-things.pdf
    • http://www.gorillawalker.com/chinese-cooking-favorite-recipes.pdf
    • http://www.gorillawalker.com/american-government-advanced-placement-eighth-edition.pdf
    • http://www.gorillawalker.com/the-monsters-of-templeton.pdf
    • http://www.gorillawalker.com/the-holy-bible-containing-the-old-and-new-testaments-translated.pdf
    • http://www.gorillawalker.com/post-modern-bizarro.pdf
    • http://www.gorillawalker.com/gender-bender-dancers-tg-bundle.pdf
    • http://www.gorillawalker.com/the-sex-side-of-life-the-story-of-mary-ware.pdf
    • http://www.gorillawalker.com/folk-dancing-for-fun.pdf
    • http://www.gorillawalker.com/nicholas-miraculous-the-amazing-career-of-the-redoubtable-dr-nicholas.pdf
    • http://www.gorillawalker.com/the-monsters-breeding-dungeon-2-the-overlord-s-depraved-tales.pdf
    • http://www.gorillawalker.com/economics-of-taxation-12th-edition-2012-13-economics-of-taxation.pdf
    • http://www.gorillawalker.com/margaret-atwood-new-critical-essays-writing-and-subjectivity.pdf
    • http://www.gorillawalker.com/75-smoothies.pdf
    • http://www.gorillawalker.com/weasels-in-a-box-a-not-so-musical-journey-through.pdf
    • http://www.gorillawalker.com/throwaway-daughter.pdf
    • http://www.gorillawalker.com/clearview-triangle-tm-12-inch-60-acrylic-ruler-perfect-for.pdf
    • http://www.gorillawalker.com/manual-de-enfermer-a-intensiva-documenta-spanish-edition.pdf
    • http://www.gorillawalker.com/applied-game-theory-and-strategic-behavior.pdf
    • http://www.gorillawalker.com/natural-herb-gardening.pdf
    • http://www.gorillawalker.com/steal-this-music-how-intellectual-property-law-affects-musical-creativity.pdf
    • http://www.gorillawalker.com/the-miami-vigilante-kindle-edition.pdf
    • http://www.gorillawalker.com/longman-introductory-course-for-the-toefl-test-ibt-student-book.pdf
    • http://www.gorillawalker.com/travel-talk-thai-thai-edition.pdf
    • http://www.gorillawalker.com/co2-laser-cutting.pdf
    • http://www.gorillawalker.com/victima-de-la-globalizaci-n-la-historia-de-como-el.pdf
    • http://www.gorillawalker.com/pigment-compendium-set-pigment-compendium-optical-microscopy-of-historical-pigments.pdf
    • http://www.gorillawalker.com/the-independent-guide-to-universal-orlando-florida-2015-kindle-edition.pdf
    • http://www.gorillawalker.com/how-we-learn-and-why-we-don-t.pdf
    • http://www.gorillawalker.com/simple-sex-how-to-get-out-of-your-head-and.pdf
    • http://www.gorillawalker.com/autobahnkreuze-ornamente-der-geschwindigkeit-wandkalender-2016.pdf
    • http://www.gorillawalker.com/traditional-jams-and-preserves-make-your-own-sweet-and-savoury.pdf
    • http://www.gorillawalker.com/organometallic-syntheses-vol-4.pdf
    • http://www.gorillawalker.com/calvin-and-science-articles-on-calvin-and-calvinism.pdf
    • http://www.gorillawalker.com/takedown-inside-the-hunt-for-al-qaeda.pdf
    • http://www.gorillawalker.com/involving-senior-citizens-in-group-music-therapy.pdf
    • http://www.gorillawalker.com/grobner-shirshov-bases-normal-forms-combinatorial-and-decision-problems-in.pdf
    • http://www.gorillawalker.com/solid-state-batteries-materials-design-and-optimization-the-springer-international.pdf
    • http://www.gorillawalker.com/anna-and-friends-a-fmm-threesome-short-story.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.