Malicious PDF — malware analysis report

Static analysis result for SHA-256 9c51d70ddff647ec…

MALICIOUS

PDF

49.8 KB Created: 2018-12-03 17:05:20 +03:00 Authoring application: doPDF Ver 7.1 Build 349 (Windows XP Professional Edition (SP 3) - Version: 5.1.2600 (x86))
MD5: bba74d9fb305b72e14c7028eaba3fc5e SHA-1: d743a8dea2780955d5ebfeddf0efb1766a1ba92b SHA-256: 9c51d70ddff647ecf6c4c8dc2aca6f80b3463d21751a96e5d32b1b2c28475a87
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF file was flagged by an ML classifier as malicious and contains a large number of embedded external links. The heuristic 'PDF_SEO_LINK_FARM' indicates that the document is designed to host a mass of links, likely to manipulate search engine rankings or to distribute further malicious content. No scripts were extracted from this sample, and the document body was unreadable.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8876

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/dna-computing-9th-international-workshop-on-dna-based-computers-dna9.pdf
    • http://www.gorillawalker.com/your-microscope-hobby-how-to-make-multi-colored-filters-rheinberg.pdf
    • http://www.gorillawalker.com/simple-lessons-for-a-better-life-unexpected-inspiration-from-inside.pdf
    • http://www.gorillawalker.com/managerial-accounting-for-managers-3rd-edition-iowa-state-university-looseleaf.pdf
    • http://www.gorillawalker.com/guitar-theory-poster-22-inch-x-34-inch.pdf
    • http://www.gorillawalker.com/la-doulou-french-edition.pdf
    • http://www.gorillawalker.com/heritage-civilization-and-the-jews.pdf
    • http://www.gorillawalker.com/the-co-dependent-relationship-an-essential-guide-to-overcoming-codependency.pdf
    • http://www.gorillawalker.com/all-i-really-need-to-know-in-business-i-learned.pdf
    • http://www.gorillawalker.com/the-sorcerer-s-maze-adventure-quiz-you-say-which-way.pdf
    • http://www.gorillawalker.com/a-woman-who-essays-interviews-scripts-art-performance.pdf
    • http://www.gorillawalker.com/cocaine-politics-drugs-armies-and-the-cia-in-central-america.pdf
    • http://www.gorillawalker.com/singet-dem-herrn-ein-neues-lied-op-91-full-score.pdf
    • http://www.gorillawalker.com/code-of-federal-regulations-title-7-agriculture-pt-700-899.pdf
    • http://www.gorillawalker.com/optimal-health-with-multiple-sclerosis-a-guide-to-integrating-lifestyle.pdf
    • http://www.gorillawalker.com/memory-johns-hopkins-white-papers.pdf
    • http://www.gorillawalker.com/8th-international-congress-of-soil-science-transactions-comptes-rendus-berichte.pdf
    • http://www.gorillawalker.com/engineering-property-comparisons-for-2324-t39-and-2024-t351-aluminium.pdf
    • http://www.gorillawalker.com/supply-chain-management-a-logistics-perspective.pdf
    • http://www.gorillawalker.com/marinisierung-vom-automotor-zum-bootsmotor-german-edition.pdf
    • http://www.gorillawalker.com/this-is-frog-jigsaw-book.pdf
    • http://www.gorillawalker.com/please-stop-smoking.pdf
    • http://www.gorillawalker.com/verdi-don-carlo-io-i-ho-perduta-don-carlos-tenor.pdf
    • http://www.gorillawalker.com/writing-testbenches-functional-verification-of-hdl-models.pdf
    • http://www.gorillawalker.com/dorothy-must-die-stories-volume-2-dorothy-must-die-novella.pdf
    • http://www.gorillawalker.com/concrete-repair-rehabilitation-and-retrofitting-ii-2nd-international-conference-on.pdf
    • http://www.gorillawalker.com/kids-travel-journal-my-first-travel-diary-draw-write-journal.pdf
    • http://www.gorillawalker.com/adrenaline-an-ode-to-love-and-heartbreak.pdf
    • http://www.gorillawalker.com/the-encyclopedia-of-indian-philosophies-volume-4-samkhya-a-dualist.pdf
    • http://www.gorillawalker.com/construction-contract-bond-indemnity-agreement-provisions-defense-research-institute-publication.pdf
    • http://www.gorillawalker.com/nutrition-concepts-online-for-nutrition-essentials-and-diet-therapy-user.pdf
    • http://www.gorillawalker.com/leading-with-data-pathways-to-improve-your-school-leadership-for.pdf
    • http://www.gorillawalker.com/10-woodland-sketches-op-51-clarinet-1-part-qty-3.pdf
    • http://www.gorillawalker.com/consumers-union-blasts-quackenbush-consumers-union-of-the-u-s.pdf
    • http://www.gorillawalker.com/the-shadows-of-power-the-council-on-foreign-relations-and.pdf
    • http://www.gorillawalker.com/the-official-dancehall-dictionary-a-guide-to-jamaican-dialect-and.pdf
    • http://www.gorillawalker.com/vineyards-and-vaqueros-indian-labor-and-the-economic-expansion-of.pdf
    • http://www.gorillawalker.com/the-game.pdf
    • http://www.gorillawalker.com/how-to-raise-a-brat.pdf
    • http://www.gorillawalker.com/revelry-taint-book-1-kindle-edition.pdf
    • http://www.gorillawalker.com/simple-lessons-for-a-better-life-un
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.