Malicious PDF — malware analysis report

Static analysis result for SHA-256 89758885a2550178…

MALICIOUS

PDF

42.2 KB Created: 2018-12-03 17:53:02 +03:00 Authoring application: - (via Foxit Phantom Printer Version 3.0.3.0804)
MD5: 943e2c4450e267edc683a576d6ac38c5 SHA-1: 10259c875122e4a8f2066b1ee0e2a4683b49667b SHA-256: 89758885a25501789bba5bf061f306b5af54596c07ffcb4136c3994de0fcd982
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF file was flagged by a machine learning classifier and contains a large number of external links, many of which point to other PDF files on the same domain. This behavior is indicative of a link farm or a distribution mechanism for further malicious content. The primary attack pattern observed is the embedding of numerous URLs, likely intended to manipulate search engine results or to serve as a lure for users to download potentially harmful files.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/friedmans-criminal-law-friedman-s-practice.pdf
    • http://www.gorillawalker.com/boating-and-fishing-newfoundland-labrador-canada-1965-1966-photo-albums.pdf
    • http://www.gorillawalker.com/uspoken-language-what-the-arabian-saw-kindle-edition.pdf
    • http://www.gorillawalker.com/business-forecasting-9th-edition-book-only-hardcover.pdf
    • http://www.gorillawalker.com/lords-of-hawksfell-manor-gabriel-s-guests-patrick-s-pledge.pdf
    • http://www.gorillawalker.com/writing-sat-subject-test-series-passbooks-college-board-sat-subject.pdf
    • http://www.gorillawalker.com/principles-of-radio-communication.pdf
    • http://www.gorillawalker.com/how-to-get-ripped-abs-six-pack-abs-in-6.pdf
    • http://www.gorillawalker.com/top-16-things-to-see-and-do-in-stockholm-top.pdf
    • http://www.gorillawalker.com/the-cricket-in-times-square-study-guide.pdf
    • http://www.gorillawalker.com/still-as-a-mountain-powerful-as-thunder-simple-taoist-exercises.pdf
    • http://www.gorillawalker.com/accent-on-ensembles-bk-1-trumpet-baritone-t-c-accent.pdf
    • http://www.gorillawalker.com/craniomaxillofacial-trauma-an-issue-of-atlas-of-the-oral-and.pdf
    • http://www.gorillawalker.com/the-lost-continent-travels-in-small-town-america.pdf
    • http://www.gorillawalker.com/divide-project-integrate-book-2-kindle-edition.pdf
    • http://www.gorillawalker.com/the-four-horsemen-riding-to-liberty-in-post-napoleonic-europe.pdf
    • http://www.gorillawalker.com/aquaculture-ecosystems-adaptability-and-sustainability.pdf
    • http://www.gorillawalker.com/althusser-and-his-contemporaries-philosophy-s-perpetual-war-post-contemporary.pdf
    • http://www.gorillawalker.com/managerial-accounting-4th-edition-by-jiambalvo-james-hardcover.pdf
    • http://www.gorillawalker.com/french-english-dictionary-information-reference.pdf
    • http://www.gorillawalker.com/invincible-inside-arsenal-s-unbeaten-2003-2004-season.pdf
    • http://www.gorillawalker.com/lovers-on-all-saints-day-stories.pdf
    • http://www.gorillawalker.com/fashion-hair-styling-by-masa-1998-isbn-4880305502-japanese-import.pdf
    • http://www.gorillawalker.com/genesis-art-book-illustrated-edition.pdf
    • http://www.gorillawalker.com/knife-skills-trudi-wells-cozy-mystery-series-book-1.pdf
    • http://www.gorillawalker.com/banking-the-world-empirical-foundations-of-financial-inclusion.pdf
    • http://www.gorillawalker.com/building-theories-of-organization-the-constitutive-role-of-communication-routledge.pdf
    • http://www.gorillawalker.com/textbook-for-nursing-assistants-a-humanistic-approach-to-caregiving-2nd.pdf
    • http://www.gorillawalker.com/theory-and-practice-of-crown-and-fixed-partial-prosthodontics.pdf
    • http://www.gorillawalker.com/clinical-endodontics-a-textbook.pdf
    • http://www.gorillawalker.com/music-theory-for-dummies.pdf
    • http://www.gorillawalker.com/floral-alphabet-coloring-book-dover-design-coloring-books.pdf
    • http://www.gorillawalker.com/kissing-mr-right-by-michelle-major-trivia-on-books.pdf
    • http://www.gorillawalker.com/america-s-working-women-a-documentary-history-1600-to-the.pdf
    • http://www.gorillawalker.com/little-maggie-s-enema-discipline-billionaire-age-play-abdl-domestic.pdf
    • http://www.gorillawalker.com/handbook-for-travellers-in-india-pakistan-nepal-bangladesh-sri-lanka.pdf
    • http://www.gorillawalker.com/u-s-life-saving-service-heroes-rescues-and-architecture-of.pdf
    • http://www.gorillawalker.com/coating-and-drying-defects-troubleshooting-operating-problems.pdf
    • http://www.gorillawalker.com/the-call-of-god.pdf
    • http://www.gorillawalker.com/under-the-lights-a-daylight-falls-novel.pdf
    • http://www.gorillawalker.com/how-to-get-ripped-abs-six-pa
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.