Malicious PDF — malware analysis report

Static analysis result for SHA-256 95b2b0018606fdbd…

MALICIOUS

PDF

38.6 KB Created: 2018-11-14 08:18:14 +03:00 Authoring application: PScript5.dll Version 5.2.2 (via Acrobat Distiller 10.1.4 (Windows))
MD5: 4595a873dbfb08959c7574fe35b39af7 SHA-1: d9851fcf590687914fbc9102c03d3c895d5cf176 SHA-256: 95b2b0018606fdbd5405caf36a8cadd193e8e26e3305c817d6e9ab3c9943252f
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF contains a large number of external links, identified by the PDF_SEO_LINK_FARM heuristic. The ML_NYX_PDF_MALICIOUS classifier also flagged the document as malicious. The embedded URLs suggest a link farm designed to manipulate search engine results or redirect users to potentially malicious content. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8500

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-trade-in-domestic-workers-causes-mechanisms-and-consequences-of.pdf
    • http://www.gorillawalker.com/by-ted-moores-kayak-craft-paperback.pdf
    • http://www.gorillawalker.com/the-big-book-of-nurikabe-over-450-nurikabe-puzzles.pdf
    • http://www.gorillawalker.com/a-choice-of-french-poems-transmutations-into-english.pdf
    • http://www.gorillawalker.com/shtetl-jews-under-soviet-rule-eastern-poland-on-the-eve.pdf
    • http://www.gorillawalker.com/grade-3-addition-subtraction-kumon-math-workbooks.pdf
    • http://www.gorillawalker.com/god-s-way-of-reconciliation-studies-in-ephesians-ii.pdf
    • http://www.gorillawalker.com/schaum-s-easy-outline-calculus.pdf
    • http://www.gorillawalker.com/ski-to-die-the-bill-johnson-story.pdf
    • http://www.gorillawalker.com/the-twelve-steps-a-guide-for-adults-with-attention-deficit.pdf
    • http://www.gorillawalker.com/the-little-book-of-bath.pdf
    • http://www.gorillawalker.com/the-golden-boy-haworth-gay-lesbian-studies.pdf
    • http://www.gorillawalker.com/skin-care-bible-from-compendium-of-materia-medica-and-the.pdf
    • http://www.gorillawalker.com/cartograf-a-hispano-colonial-de-chile.pdf
    • http://www.gorillawalker.com/riot-act-orca-soundings.pdf
    • http://www.gorillawalker.com/a-charming-wish-a-magical-cures-mystery-book-3-unabridged.pdf
    • http://www.gorillawalker.com/oink-sandpiper-paperbacks.pdf
    • http://www.gorillawalker.com/the-diary-of-philip-hone-1828-1851-v1-1889.pdf
    • http://www.gorillawalker.com/i-judge-you-when-you-use-poor-grammar-a-collection.pdf
    • http://www.gorillawalker.com/language-arts-essentials.pdf
    • http://www.gorillawalker.com/saturn-early-bird-astronomy.pdf
    • http://www.gorillawalker.com/chinese-version-of-photoshop-cs2-wedding-digital-photo-processing-and.pdf
    • http://www.gorillawalker.com/teacher-edition-california-mathematics-concepts-skill-and-problem-solving-6.pdf
    • http://www.gorillawalker.com/tokto-yongu-taehan-minguk-ui-yongto-yongu-nonchong-korean-edition.pdf
    • http://www.gorillawalker.com/friendship-and-poetry-studies-in-danish-neo-latin-literature.pdf
    • http://www.gorillawalker.com/the-oil-protein-diet-cookbook.pdf
    • http://www.gorillawalker.com/windows-7-bible.pdf
    • http://www.gorillawalker.com/immaculate-kindle-edition.pdf
    • http://www.gorillawalker.com/algebra-ii-grades-8-10-the-100-series-153.pdf
    • http://www.gorillawalker.com/intelligent-trading-systems-applying-artificial-intelligence-to-financial-markets.pdf
    • http://www.gorillawalker.com/focus-level-4-scope-students-book.pdf
    • http://www.gorillawalker.com/creative-inc-the-ultimate-guide-to-running-a-successful-freelance.pdf
    • http://www.gorillawalker.com/medical-women-and-victorian-fiction.pdf
    • http://www.gorillawalker.com/black-intention-for-recorder.pdf
    • http://www.gorillawalker.com/pillsbury-christmas-2007-hardcover.pdf
    • http://www.gorillawalker.com/adventures-with-a-microscope.pdf
    • http://www.gorillawalker.com/spirit-stones-of-china-the-ian-and-susan-wilson-collection.pdf
    • http://www.gorillawalker.com/american-heliocentric-ephemeris-for-1901-2000.pdf
    • http://www.gorillawalker.com/symmetry.pdf
    • http://www.gorillawalker.com/painless-vocabulary-barron-s-painless-series.pdf
    • http://www.gorillawalker.com/god-s-way-of-reconciliation
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.