Malicious PDF — malware analysis report

Static analysis result for SHA-256 8f27093a480ea1e1…

MALICIOUS

PDF

42.9 KB Created: 2018-12-02 20:17:54 +03:00 Authoring application: Adobe Acrobat 8.0 (via Adobe Acrobat 8.0 Image Conversion Plug-in)
MD5: babbec483961e08201a7164ea4f99094 SHA-1: ad59d8be00258147357d4c57ec47e30a686c1889 SHA-256: 8f27093a480ea1e157375ba2c68acaccd74e900e2e6dd6a0a615d38d65a6bbb4
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF was flagged by a machine learning classifier and contains a significant number of embedded URLs. The heuristic 'PDF_SEO_LINK_FARM' indicates that these links are likely part of a strategy to manipulate search engine results or distribute content. No scripts were extracted, and the document body was not sufficiently readable to determine a specific lure. The primary attack pattern observed is the mass distribution of external links.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9027

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/special-operations-patrol-vehicles-afghanistan-and-iraq-new-vanguard.pdf
    • http://www.gorillawalker.com/between-river-and-sea-encounters-in-israel-and-palestine.pdf
    • http://www.gorillawalker.com/whom-the-gods-would-destroy.pdf
    • http://www.gorillawalker.com/1980-jct-standard-form-of-building-contract-a-commentary-for.pdf
    • http://www.gorillawalker.com/surface-and-interfacial-aspects-of-cell-adhesion.pdf
    • http://www.gorillawalker.com/gin-tama-vol-34-in-japanese.pdf
    • http://www.gorillawalker.com/erhoffte-versprechen-serie-keeping-promise-rock-2-german-edition.pdf
    • http://www.gorillawalker.com/cop-killer-a-martin-beck-police-mystery-9-vintage-crime.pdf
    • http://www.gorillawalker.com/anne-abrams-engineering-drafter-working-moms.pdf
    • http://www.gorillawalker.com/proyecto-de-un-c-digo-civil-para-el-estado-oriental.pdf
    • http://www.gorillawalker.com/western-front-1917-1918-the-the-history-of-world-war.pdf
    • http://www.gorillawalker.com/pulmonary-infection-advances-in-experimental-medicine-and-biology.pdf
    • http://www.gorillawalker.com/investigational-product-management-in-clinical-trials-case-studies-and-methods.pdf
    • http://www.gorillawalker.com/the-customer-oriented-laboratory-practical-laboratory-management-series.pdf
    • http://www.gorillawalker.com/wildlife-of-the-world.pdf
    • http://www.gorillawalker.com/keys-of-heaven-a-healing-grace-novel-paperback.pdf
    • http://www.gorillawalker.com/healthy-sleep-habits-happy-child-by-weissbluth-marc-revised-edition.pdf
    • http://www.gorillawalker.com/frostbite-a-vampire-academy-novel-kindle-edition.pdf
    • http://www.gorillawalker.com/netter-s-correlative-imaging-neuroanatomy-with-netterreference-com-access-1e.pdf
    • http://www.gorillawalker.com/fun-with-homonyms-crossword-puzzles-and-word-searches-fun-with.pdf
    • http://www.gorillawalker.com/star-wars-blueprints-rebel-edition.pdf
    • http://www.gorillawalker.com/aids-sexuality-and-the-black-church-making-the-wounded-whole.pdf
    • http://www.gorillawalker.com/3-duets-for-the-piano-op-6-country-dance-no.pdf
    • http://www.gorillawalker.com/short-scar-rhytidectomy-two-volume-set.pdf
    • http://www.gorillawalker.com/summer-of-71-a-romance-of-youth-in-timeless-rome.pdf
    • http://www.gorillawalker.com/caravaggio-rizzoli-art-classics.pdf
    • http://www.gorillawalker.com/a-d-d-from-a-to-z-a-comprehensive-guide.pdf
    • http://www.gorillawalker.com/funny-business-an-outsider-s-year-in-japan.pdf
    • http://www.gorillawalker.com/sprachf-rderung-bei-kindern-mit-down-syndrom-mit-ausf-hrlicher.pdf
    • http://www.gorillawalker.com/premium-education-workbooks-math-grade-3.pdf
    • http://www.gorillawalker.com/boy-s-shorts.pdf
    • http://www.gorillawalker.com/new-aspects-of-organic-chemistry-ii-organic-synthesis-for-materials.pdf
    • http://www.gorillawalker.com/spirit-filled-life-student-bible-growing-in-the-power-of.pdf
    • http://www.gorillawalker.com/anatomia-de-los-animales-domesticos-tomo-ii-spanish-edition.pdf
    • http://www.gorillawalker.com/liver-under-constant-attack-from-fat-to-viruses-falk-symposium.pdf
    • http://www.gorillawalker.com/chinese-herbal-tonics.pdf
    • http://www.gorillawalker.com/bearotica-hot-hairy-fiction.pdf
    • http://www.gorillawalker.com/consumer-bankruptcy-third-edition-2013.pdf
    • http://www.gorillawalker.com/learn-german-with-mimi-mimi-and-the-exhibition-a-picture.pdf
    • http://www.gorillawalker.com/excavating-the-past.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.