Malicious PDF — malware analysis report

Static analysis result for SHA-256 9be1733f1bafca62…

MALICIOUS

PDF

42.1 KB Created: 2019-03-17 10:25:32 +03:00 Authoring application: PScript5.dll Version 5.2.2 (via Acrobat Distiller 5.0.5 (Windows))
MD5: 57812356510c2fa8f24e1f9d65697139 SHA-1: f2651448ffb383ecc79553aa89df344a7435f290 SHA-256: 9be1733f1bafca62a71529f2616fbb8776e8285cd4ab965c3db563dffe99a1fa
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious File

The PDF was flagged by a machine learning classifier as malicious. Static analysis revealed a large number of embedded external links, characteristic of SEO link farming or a content distribution scheme. The primary heuristic indicates a "PDF_SEO_LINK_FARM" with 32 external links, the first being http://www.gorillawalker.com/port-hope-simpson-historiese-te-meld-stads-newfoundland-and-labrador.pdf. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/port-hope-simpson-historiese-te-meld-stads-newfoundland-and-labrador.pdf
    • http://www.gorillawalker.com/messerschmitt-me-262-arrow-to-the-future-schiffer-military-aviation.pdf
    • http://www.gorillawalker.com/design-and-modeling-for-3d-printing.pdf
    • http://www.gorillawalker.com/hands-to-make-war-the-awakened-book-three-unabridged-audible.pdf
    • http://www.gorillawalker.com/buffy-the-vampire-slayer-revenant.pdf
    • http://www.gorillawalker.com/untying-the-knot.pdf
    • http://www.gorillawalker.com/exit-stage-left-a-brock-and-poole-mystery.pdf
    • http://www.gorillawalker.com/the-knights-of-st-john-torphichen-scotland.pdf
    • http://www.gorillawalker.com/15-weird-facts-you-don-t-know-about-singapore-deluxe.pdf
    • http://www.gorillawalker.com/the-future-of-the-ice-cream-market-in-germany-2011.pdf
    • http://www.gorillawalker.com/falling-forward.pdf
    • http://www.gorillawalker.com/kids-discover-dogs-august-2000-kids-discover-magazine-volume-10.pdf
    • http://www.gorillawalker.com/aussiewood-australia-s-leading-actors-and-directors-tell-how-they.pdf
    • http://www.gorillawalker.com/the-blizzard-the-parched-earth-book-1-kindle-edition.pdf
    • http://www.gorillawalker.com/making-fishery-agreements-work-post-agreement-bargaining-in-the-barents.pdf
    • http://www.gorillawalker.com/unit-course-in-aircraft-sheet-metal-preliminary-course-shop-work.pdf
    • http://www.gorillawalker.com/liberation-theology-an-introductory-guide.pdf
    • http://www.gorillawalker.com/painting-wildlife-in-watercolor.pdf
    • http://www.gorillawalker.com/polar-bears-at-the-zoo-zoo-animals.pdf
    • http://www.gorillawalker.com/being-urban-a-sociology-of-city-life-3rd-edition.pdf
    • http://www.gorillawalker.com/comentario-biblico-del-expositor-mateo.pdf
    • http://www.gorillawalker.com/the-writings-and-later-wisdom-books-bible-and-women-an.pdf
    • http://www.gorillawalker.com/3rd-grade-launch-deck-gizmo-with-other.pdf
    • http://www.gorillawalker.com/treatment-of-disease-in-tcm-disease-of-the-mouth-lips.pdf
    • http://www.gorillawalker.com/handbook-of-risk-management-in-energy-production-and-trading-international.pdf
    • http://www.gorillawalker.com/theater-of-war.pdf
    • http://www.gorillawalker.com/elijah-op-70-part-ii-chorus-be-not-afraid-full.pdf
    • http://www.gorillawalker.com/planning-applications-and-appeals.pdf
    • http://www.gorillawalker.com/anglo-saxon-community-in-j-r-r-tolkien-s-the.pdf
    • http://www.gorillawalker.com/brazilian-derivatives-and-securities-pricing-and-risk-management-of-fx.pdf
    • http://www.gorillawalker.com/insuring-your-business-what-you-need-to-know-to-get.pdf
    • http://www.gorillawalker.com/uniquely-kentucky-state-studies.pdf
    • http://www.gorillawalker.com/us-history-and-government-lesson-plans-for-regents-ap-and.pdf
    • http://www.gorillawalker.com/rituals-of-self-revelation-shishosetsu-as-literary-genre-and-socio.pdf
    • http://www.gorillawalker.com/doona-paperback.pdf
    • http://www.gorillawalker.com/garfield-let-s-party-garfield-pocket-books.pdf
    • http://www.gorillawalker.com/microcomputers-in-engineering-and-science-international-computer-science-series.pdf
    • http://www.gorillawalker.com/polgara-the-sorceress-malloreon.pdf
    • http://www.gorillawalker.com/pakistan-2008-reise-2480.pdf
    • http://www.gorillawalker.com/bobcat.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.