Malicious PDF — malware analysis report

Static analysis result for SHA-256 8c92ec392642665b…

MALICIOUS

PDF

35.3 KB Created: 2019-11-23 19:52:24 +03:00 Authoring application: dvips(k) 5.99 Copyright 2010 Radical Eye Software (via Acrobat Distiller 9.4.5 (Windows))
MD5: 438d5a11e728c4aab092b52146a2fcbe SHA-1: 02ac78b30493ffb85b346033172fc04575c91dbf SHA-256: 8c92ec392642665bec9e618743a6f44dc9d25d3a365bcbfb11552fc5a1eb3c75
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF file exhibits characteristics of a link farm, embedding numerous external URLs that point to other PDF documents. This technique is often used for SEO manipulation or to serve as a distribution point for further malicious payloads. The ML classifier also flagged this PDF as malicious with a high probability. No scripts were extracted, and the document body was heavily obfuscated, limiting further analysis of the specific lure.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8255

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/coaching-mini-soccer-a-tried-and-tested-program-of-essential.pdf
    • http://www.gorillawalker.com/empire-s-workshop-latin-america-the-united-states-and-the.pdf
    • http://www.gorillawalker.com/one-evil-summer-fear-street-no-25.pdf
    • http://www.gorillawalker.com/understanding-healthcare-financial-management-seventh-edition.pdf
    • http://www.gorillawalker.com/bread-the-ultimate-loaf.pdf
    • http://www.gorillawalker.com/the-kids-behind-the-label-an-inside-look-at-adhd.pdf
    • http://www.gorillawalker.com/puritan-protagonist-president-thomas-clap-of-yale-college.pdf
    • http://www.gorillawalker.com/the-odyssey-missing-presumed-dead-adapted-for-the-stage.pdf
    • http://www.gorillawalker.com/all-night-vigil-3-blest-the-man-choral-sheet-music.pdf
    • http://www.gorillawalker.com/quantum-mechanics-the-theoretical-minimum-kindle-edition.pdf
    • http://www.gorillawalker.com/transworld-snowboarding-magazine-october-2012.pdf
    • http://www.gorillawalker.com/a-beethoven-enigma-performance-practice-and-the-piano-sonata-opus.pdf
    • http://www.gorillawalker.com/ocean-environmental-management-a-primer-on-the-role-of-the.pdf
    • http://www.gorillawalker.com/blank-cookbook-my-recipes-and-notes-big-book-edition.pdf
    • http://www.gorillawalker.com/beautiful-lego-wild.pdf
    • http://www.gorillawalker.com/the-texas-rv-professor-presents-atwood-water-heater-repair-for.pdf
    • http://www.gorillawalker.com/nobuyoshi-araki-kaori.pdf
    • http://www.gorillawalker.com/advanced-process-dynamics-and-control.pdf
    • http://www.gorillawalker.com/caribbean-food-cultures-culinary-practices-and-consumption-in-the-caribbean.pdf
    • http://www.gorillawalker.com/settler-society-in-the-english-leeward-islands-1670-1776.pdf
    • http://www.gorillawalker.com/peyton-manning-precision-passer-lerner-sports-achievers.pdf
    • http://www.gorillawalker.com/communicate-in-french-speaking.pdf
    • http://www.gorillawalker.com/vocabulary-book-for-advanced-asl-students-a-student-workbook-of.pdf
    • http://www.gorillawalker.com/the-blue-bear-a-true-story-of-friendship-tragedy-and.pdf
    • http://www.gorillawalker.com/pet-play-erotica-kitty-kat.pdf
    • http://www.gorillawalker.com/satellitenortung-und-navigation-grundlagen-wirkungsweise-und-anwendung-globaler-satellitennavigationssysteme-german.pdf
    • http://www.gorillawalker.com/exhibiting-gender.pdf
    • http://www.gorillawalker.com/how-to-plan-a-great-second-life-why-not-live.pdf
    • http://www.gorillawalker.com/constitutions-of-the-world-3rd-edition.pdf
    • http://www.gorillawalker.com/clinician-s-thesaurus-5th-edition-the-guidebook-for-writing-psychological.pdf
    • http://www.gorillawalker.com/the-original-hawks-of-outremer-the-cormac-fitzgeoffrey-stories-kindle.pdf
    • http://www.gorillawalker.com/dan-rizzie.pdf
    • http://www.gorillawalker.com/business-reengineering-der-radikale-ansatz-nach-hammer-champy-german-edition.pdf
    • http://www.gorillawalker.com/eat-while-shredding-tummy-fat-with-these-30-easy-affordable.pdf
    • http://www.gorillawalker.com/the-alien-s-army-alien-egg-implantation-instant-pregnancy-kindle.pdf
    • http://www.gorillawalker.com/the-jesuit-ratio-studiorum-400th-anniversary-perspectives.pdf
    • http://www.gorillawalker.com/seminar-marketing-sales-training-techniques-for-the-financial-professional.pdf
    • http://www.gorillawalker.com/selected-themes-from-the-motion-picture-harry-potter-and-the.pdf
    • http://www.gorillawalker.com/body-music-diary-of-a-black-belt-in-asia-paperback.pdf
    • http://www.gorillawalker.com/index-filicum-supplementum-quintum-pro-annis-1961-1975.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.