Malicious PDF — malware analysis report

Static analysis result for SHA-256 887ffb8b42a8a129…

MALICIOUS

PDF

44.3 KB Created: 2018-11-26 20:06:03 +03:00 Authoring application: Apache FOP Version 1.0
MD5: 959e67f99fa2cf91c0634964550232b9 SHA-1: 92862e4895959eff104653b317e8fb0ecec13f63 SHA-256: 887ffb8b42a8a129ee2d2cd38d3ecb4ef6d033ebac8a28d4c93b783c78c9e458
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF contains a large number of external links, identified by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged the document as malicious with high confidence. The embedded URLs point to various PDF documents hosted on the same domain, suggesting a link farm or content distribution network. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9171

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/witchcraft-the-ultimate-bible-the-definitive-guide-on-the-practice.pdf
    • http://www.gorillawalker.com/kubota-shop-manual-i-t-shop-service-manuals.pdf
    • http://www.gorillawalker.com/keys-to-the-families-of-british-spiders.pdf
    • http://www.gorillawalker.com/the-skiers-and-snowboarders-travel-guide-to-new-zealand-queenstown.pdf
    • http://www.gorillawalker.com/sleigh-ride-a-holiday-excursion-for-two-pianos-anderson-roe.pdf
    • http://www.gorillawalker.com/questions-jews-ask-reconstructionist-answers-classics-in-judaica.pdf
    • http://www.gorillawalker.com/div.pdf
    • http://www.gorillawalker.com/einstein-s-greatest-blunder-the-cosmological-constant-and-other-fudge.pdf
    • http://www.gorillawalker.com/shaw-and-the-actresses-franchise-league-staging-equality-kindle-edition.pdf
    • http://www.gorillawalker.com/the-permafrost-environment.pdf
    • http://www.gorillawalker.com/robert-penn-warren-s-all-the-king-s-men-study.pdf
    • http://www.gorillawalker.com/resales-of-restricted-securities-2009-ed-securities-law-handbook-series.pdf
    • http://www.gorillawalker.com/my-shemale-trainer-submissive-male-pleasuring-beautiful-transsexual-dominatrix-kindle.pdf
    • http://www.gorillawalker.com/standard-american-21.pdf
    • http://www.gorillawalker.com/molecular-optical-activity-and-the-chiral-discriminations.pdf
    • http://www.gorillawalker.com/to-battle-the-formation-and-history-of-the-14-gallician.pdf
    • http://www.gorillawalker.com/what-holly-heard-fear-street-no-34.pdf
    • http://www.gorillawalker.com/dictionary-of-american-hand-tools-a-pictorial-synopsis-a-schiffer.pdf
    • http://www.gorillawalker.com/john-gielgud-the-authorized-biography.pdf
    • http://www.gorillawalker.com/dietary-supplements-a-framework-for-evaluating-safety.pdf
    • http://www.gorillawalker.com/textbook-on-semiconductors.pdf
    • http://www.gorillawalker.com/blasphemy-and-exaltation-in-judaism-the-charge-against-jesus-in.pdf
    • http://www.gorillawalker.com/haut-5-des-fa-ons-de-faire-de-l-argent.pdf
    • http://www.gorillawalker.com/human-body-book-for-children-learning-anatomy-is-fun.pdf
    • http://www.gorillawalker.com/airport-systems-planning-design-and-management-planning-design-and-management.pdf
    • http://www.gorillawalker.com/evoking-tang-an-anthology-of-classical-chinese-poetry.pdf
    • http://www.gorillawalker.com/start-day-trading-now-a-quick-and-easy-introduction-to.pdf
    • http://www.gorillawalker.com/jezebel-s-bed-crush-high-heel-trampling-fetish-fun-from.pdf
    • http://www.gorillawalker.com/e-m-bounds-classic-collection-on-prayer-large-print-16pt.pdf
    • http://www.gorillawalker.com/prohibited-book.pdf
    • http://www.gorillawalker.com/structural-dynamics-for-the-practising-engineer.pdf
    • http://www.gorillawalker.com/cote-d-ivoire-l-atlas-des-voyages.pdf
    • http://www.gorillawalker.com/dynamique-de-la-manifestation-problemes-et-controverses-french-edition.pdf
    • http://www.gorillawalker.com/uniformes-militares-en-la-guerra-civil-espanola-spanish-edition.pdf
    • http://www.gorillawalker.com/love-through-cobra-s-eye-2-love-poison.pdf
    • http://www.gorillawalker.com/trouver-et-voir-son-point-g-apprivoiser-son-vagin-ressentir.pdf
    • http://www.gorillawalker.com/blackzilla-volume-4-interracial-gangbang-sex-xxx-hardcore-interracial-gangbang.pdf
    • http://www.gorillawalker.com/the-industrial-craftsworker-skill-managerial-stategies-and-workplace-relationships-education.pdf
    • http://www.gorillawalker.com/miss-or-mrs-the-haunted-hotel-the-guilty-river.pdf
    • http://www.gorillawalker.com/colecci-n-de-documentos-in-ditos-relativos-al-descubrimiento-conquista.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.