Malicious PDF — malware analysis report

Static analysis result for SHA-256 9344bcc62900be01…

MALICIOUS

PDF

46.5 KB Created: 2018-11-23 08:05:36 +03:00 Authoring application: C2 v4.2.0220 build 670 - c2_rendition_config : Techlit_Active (via Acrobat Distiller 10.0.0 (Windows); modified using iText 2.1.7 by 1T3XT)
MD5: d2c288f1f8a29aafe80f300eaa303360 SHA-1: 60440655be9001fdbae5ac9e9a0b078bbe145bf9 SHA-256: 9344bcc62900be011cc6dda137570a803b9330f9e6aac96a5e45a22cc240e925
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF was flagged by a machine learning classifier as malicious. A critical heuristic identified a large number of embedded external links, suggesting a link farm or a method to distribute further malicious content. While no scripts were extracted, the sheer volume of links to PDFs on a single domain points to a coordinated effort to manipulate search engine results or host potentially harmful documents.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8518

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/advancing-public-policy-evaluation-learning-from-international-experiences.pdf
    • http://www.gorillawalker.com/olfaction-taste-and-cognition.pdf
    • http://www.gorillawalker.com/the-international-politics-of-eurasia-v-6-the-nuclear-challenge.pdf
    • http://www.gorillawalker.com/ethical-communications-for-lawyers-upholding-professional-responsibility.pdf
    • http://www.gorillawalker.com/piano-tuner-vol-1.pdf
    • http://www.gorillawalker.com/the-lucifer-files-kindle-edition.pdf
    • http://www.gorillawalker.com/melmon-and-morrelli-s-clinical-pharmacology.pdf
    • http://www.gorillawalker.com/canada-and-the-united-states-transnational-and-transgovernmental-relations.pdf
    • http://www.gorillawalker.com/way-people-live-life-during-the-black-death.pdf
    • http://www.gorillawalker.com/food-and-health.pdf
    • http://www.gorillawalker.com/a-do-it-yourself-guide-to-street-supercharging-how-to.pdf
    • http://www.gorillawalker.com/five-six-grab-your-crucifix-rebekka-franck-3.pdf
    • http://www.gorillawalker.com/climbing-new-zealand-a-crag-guide-for-the-travelling-rock.pdf
    • http://www.gorillawalker.com/the-implementation-of-china-s-nationality-policy-in-the-northeastern.pdf
    • http://www.gorillawalker.com/purchasing-in-the-21st-century-a-guide-to-state-of.pdf
    • http://www.gorillawalker.com/rascals-and-racehorses-a-sporting-man-s-life.pdf
    • http://www.gorillawalker.com/making-sense-of-paul-a-basic-introduction-to-pauline-theology.pdf
    • http://www.gorillawalker.com/southern-ontario-recreational-atlas-canadian-road-recreational-atlas-series.pdf
    • http://www.gorillawalker.com/cut-out-gourd-techniques.pdf
    • http://www.gorillawalker.com/hilarious-handwriting-age-5-6-letts-magical-skills.pdf
    • http://www.gorillawalker.com/modern-methods-of-pipe-fabrication.pdf
    • http://www.gorillawalker.com/the-religious-foundations-of-internationalism-a-study-in-international-relations.pdf
    • http://www.gorillawalker.com/train-journeys-of-the-world.pdf
    • http://www.gorillawalker.com/zen-its-history-and-teachings-and-impact-on-humanity-pillars.pdf
    • http://www.gorillawalker.com/smt-soldering-handbook-second-edition.pdf
    • http://www.gorillawalker.com/making-candied-fruit-and-vegetables-a-selection-of-recipes-and.pdf
    • http://www.gorillawalker.com/reference-book-of-american-business-north-dakota-third-quarter.pdf
    • http://www.gorillawalker.com/progress-notes-the-changing-face-of-oral-and-maxillofacial-surgery.pdf
    • http://www.gorillawalker.com/password-log-book-internet-password-organizer.pdf
    • http://www.gorillawalker.com/the-invertebrates-function-and-form-a-laboratory-guide-first-edition.pdf
    • http://www.gorillawalker.com/seeking-bauls-of-bengal.pdf
    • http://www.gorillawalker.com/cognitive-therapy-for-delusions-voices-and-paranoia.pdf
    • http://www.gorillawalker.com/the-forex-millionaire-escape-your-brokers-lies-bust-through-the.pdf
    • http://www.gorillawalker.com/em4-upgrade-manipulative-kit.pdf
    • http://www.gorillawalker.com/ebene-fl-chentragwerke-grundlagen-der-modellierung-und-berechnung-von-scheiben.pdf
    • http://www.gorillawalker.com/mira-calligraphiae-monumenta-a-sixteenth-century-calligraphic-manuscript-inscribed-by.pdf
    • http://www.gorillawalker.com/richard-nongard-s-big-book-of-hypnosis-scripts-how-to.pdf
    • http://www.gorillawalker.com/mastering-peyote-stitch-15-inspiring-projects.pdf
    • http://www.gorillawalker.com/te-deum-in-d-major-hwv-278-full-score-a6959.pdf
    • http://www.gorillawalker.com/the-pitching-bible-the-seven-secrets-of-a-successful-business.pdf
    • http://www.gorillawa
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.