Malicious PDF — malware analysis report

Static analysis result for SHA-256 9e2e4c726cfdb0d7…

MALICIOUS

PDF

45.2 KB Created: 2018-12-11 20:47:02 +03:00 Authoring application: Acrobat PDFMaker 10.1 для Word (via Adobe PDF Library 10.0)
MD5: 1432e189a8b2bcdfeb2e13c2293c40bd SHA-1: 0899fb671d1537671c1d51b44bbbfe4fccbb327a SHA-256: 9e2e4c726cfdb0d7fdfbd3d2264575b435f08a7b21d6e1a28e6c8f7741d38bc6
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF was flagged by a machine learning classifier and contains a significant number of embedded external links, a technique often used for SEO manipulation or to distribute further malicious content. The heuristic 'PDF_SEO_LINK_FARM' indicates a mass external PDF link farm, with 32 links identified. The ML classifier output of 0.817 suggests a high probability of maliciousness. No scripts were extracted, and the document body was unreadable, limiting further analysis of the specific lure.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8173

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/problem-solving-survival-guide-volume-ii-chapters-15-24-to.pdf
    • http://www.gorillawalker.com/ball-of-confusion-my-life-as-a-temptin-temptation.pdf
    • http://www.gorillawalker.com/writing-arguments-a-rhetoric-with-readings-brief-edition-9th-edition.pdf
    • http://www.gorillawalker.com/the-long-defeat-cultural-trauma-memory-and-identity-in-japan.pdf
    • http://www.gorillawalker.com/an-introduction-to-kierkegaard.pdf
    • http://www.gorillawalker.com/reservation-road-vintage-contemporaries.pdf
    • http://www.gorillawalker.com/from-quarks-to-black-holes-interviewing-the-universe.pdf
    • http://www.gorillawalker.com/paleo-for-beginners-essential-paleo-diet-cookbook-and-guide-with.pdf
    • http://www.gorillawalker.com/basketball.pdf
    • http://www.gorillawalker.com/disney-junior-colouring-pad.pdf
    • http://www.gorillawalker.com/viscoelastic-properties-of-polymers-3rd-edition.pdf
    • http://www.gorillawalker.com/child-psychology-and-pedagogy-the-sorbonne-lectures-1949-1952-northwestern.pdf
    • http://www.gorillawalker.com/play-doh-my-first-100-words-on-the-move.pdf
    • http://www.gorillawalker.com/easy-macaron-recipes-kindle-edition.pdf
    • http://www.gorillawalker.com/a-loop-of-jade.pdf
    • http://www.gorillawalker.com/jesus-trail-and-jerusalem-includes-high-resolution-topographical-maps-from.pdf
    • http://www.gorillawalker.com/literature-film-and-their-hideous-progeny-adaptation-and-elastextity-palgrave.pdf
    • http://www.gorillawalker.com/the-end-of-war.pdf
    • http://www.gorillawalker.com/practice-exam-for-the-principle-and-practice-of-engineering-pe.pdf
    • http://www.gorillawalker.com/delega-if-you-want-it-done-right-you-don-t.pdf
    • http://www.gorillawalker.com/the-west-highland-way-map-guide.pdf
    • http://www.gorillawalker.com/the-silmarillion-kindle-edition.pdf
    • http://www.gorillawalker.com/molly-moon-micky-minus-the-mind-machine.pdf
    • http://www.gorillawalker.com/cambios-medicos-y-sociales-en-una-comunidad-maya-tzeltal-coleccion.pdf
    • http://www.gorillawalker.com/prince2-for-value-driven-project-management-axelos-full-licence-axtmc033.pdf
    • http://www.gorillawalker.com/kiribati-travel-journal-pop-101-998-me.pdf
    • http://www.gorillawalker.com/minecraft-modding-for-kids-for-dummies.pdf
    • http://www.gorillawalker.com/nouveau-guide-de-la-ville-de-florence-et-ses-environs.pdf
    • http://www.gorillawalker.com/brill-s-encyclopedia-of-hinduism-volume-two-handbook-of-oriental.pdf
    • http://www.gorillawalker.com/freud-in-the-pampas-the-emergence-and-development-of-a.pdf
    • http://www.gorillawalker.com/game-theory-bargaining-and-auction-strategies-practical-examples-from-internet.pdf
    • http://www.gorillawalker.com/airbus-the-complete-story.pdf
    • http://www.gorillawalker.com/bad-girls-of-the-bible-workbook.pdf
    • http://www.gorillawalker.com/metapolitics-radical-thinkers.pdf
    • http://www.gorillawalker.com/it-s-rising-time-what-it-really-takes-to-reach.pdf
    • http://www.gorillawalker.com/top-10-of-everything-2010-discover-more-than-just-the.pdf
    • http://www.gorillawalker.com/how-images-think.pdf
    • http://www.gorillawalker.com/the-press-we-deserve-routledge-library-editions-journalism-digital.pdf
    • http://www.gorillawalker.com/dogen-on-meditation-and-thinking-a-reflection-on-his-view.pdf
    • http://www.gorillawalker.com/peppi-pink-lernt-die-zahlen-1-10-und-erstes-rechnen.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.