Malicious PDF — malware analysis report

Static analysis result for SHA-256 972fb76b449554b9…

MALICIOUS

PDF

43.0 KB Created: 2019-04-30 16:22:18 +03:00 Authoring application: PScript5.dll Version 5.2 (via Acrobat Distiller 8.0.0 (Windows))
MD5: c8aa0479ad88730a12e8c578c6a17365 SHA-1: 331bae51cca503ac8a175627bb3419b005db7a7b SHA-256: 972fb76b449554b9b3fc71c23409712f66b7ed44bb6e31dbfa7f5d2dba338b29
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 User Execution: Malicious File

The PDF contains a large number of embedded URLs pointing to external PDF files, as indicated by the 'PDF_SEO_LINK_FARM' heuristic. The ML classifier also flagged this PDF as malicious. The document body is heavily obfuscated and contains numerous URLs, suggesting a link farm for SEO manipulation or to distribute additional malicious content. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9027

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/linger-longer-lessons-from-a-contemplative-life.pdf
    • http://www.gorillawalker.com/the-everything-guide-to-raising-a-two-year-old-from.pdf
    • http://www.gorillawalker.com/working-in-a-world-of-hurt-trauma-and-resilience-in.pdf
    • http://www.gorillawalker.com/praying-hyde-missionary-to-india.pdf
    • http://www.gorillawalker.com/star-wars-workbook-preschool-abc-fun.pdf
    • http://www.gorillawalker.com/global-studies-africa.pdf
    • http://www.gorillawalker.com/essentials-of-oceanography-books-a-la-carte-plus-masteringoceanography-with.pdf
    • http://www.gorillawalker.com/general-engineering-fm-3-34-400.pdf
    • http://www.gorillawalker.com/ework-in-eu-candidate-countries-ies-report.pdf
    • http://www.gorillawalker.com/stocks-bonds-options-futures-investments-and-their-markets.pdf
    • http://www.gorillawalker.com/the-quiet-diplomacy-of-liberation-international-politics-and-south-africa.pdf
    • http://www.gorillawalker.com/nelson-handwriting-tchrs-new-nelson-handwriting.pdf
    • http://www.gorillawalker.com/european-journey-belgium-the-key-to-europe.pdf
    • http://www.gorillawalker.com/centaur-types.pdf
    • http://www.gorillawalker.com/snatched-a-british-black-comedy.pdf
    • http://www.gorillawalker.com/on-track-to-success-in-30-days-energize-your-real.pdf
    • http://www.gorillawalker.com/what-makes-a-degas-a-degas.pdf
    • http://www.gorillawalker.com/roulette-strategies-roulette.pdf
    • http://www.gorillawalker.com/everything-is-awesome-from-the-lego-movie-big-note-piano.pdf
    • http://www.gorillawalker.com/saraswati-s-secret-river-fun-in-devlok.pdf
    • http://www.gorillawalker.com/tai-chi-step-by-step-skills-in-motion.pdf
    • http://www.gorillawalker.com/graphing-calculator-manual-for-college-algebra-and-trigonometry-precalculus.pdf
    • http://www.gorillawalker.com/roots-of-english.pdf
    • http://www.gorillawalker.com/foundations-of-decision-analysis.pdf
    • http://www.gorillawalker.com/der-witz-und-seine-beziehung-zum-unbewu-ten-der-humor.pdf
    • http://www.gorillawalker.com/rabble-rouser-for-peace-the-authorized-biography-of-desmond-tutu.pdf
    • http://www.gorillawalker.com/a-guide-to-the-ancient-world.pdf
    • http://www.gorillawalker.com/other-minds-critical-essays-1969-1994.pdf
    • http://www.gorillawalker.com/resonant-mems-principles-modeling-implementation-and-applications-advanced-micro-and.pdf
    • http://www.gorillawalker.com/walk-as-jesus-walked-discovery-guide-5-faith-lessons.pdf
    • http://www.gorillawalker.com/atopy-overcome-cooking-yaguchi-expression-super-natural-health-law-1995.pdf
    • http://www.gorillawalker.com/international-transfer-pricing-a-survey-of-uk-and-non-uk.pdf
    • http://www.gorillawalker.com/money-making-opportunities-for-teens-who-are-computer-savvy-make.pdf
    • http://www.gorillawalker.com/the-psychopharmacologists-3-v-3.pdf
    • http://www.gorillawalker.com/by-mendocino-press-the-smoothie-recipe-book-for-weight-loss.pdf
    • http://www.gorillawalker.com/business-information-how-to-find-it-how-to-use-it.pdf
    • http://www.gorillawalker.com/projective-geometry-a-blaisdell-book-in-the-pure-and-applied.pdf
    • http://www.gorillawalker.com/balm-in-gilead-acting-edition.pdf
    • http://www.gorillawalker.com/the-life-and-times-of-muhammad-rasul-allah-universalizing-the.pdf
    • http://www.gorillawalker.com/horse-market-investing-the-stock-market-system-for-horse-players.pdf
    • http://www.gorillawalker.com/essentials-of-oceanography-books-a-la-carte-plus-masteringoceanography-with
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.