Malicious PDF — malware analysis report

Static analysis result for SHA-256 9f084fde609da6a8…

MALICIOUS

PDF

42.7 KB Created: 2018-12-02 20:22:01 +03:00 Authoring application: Adobe InDesign CS (3.0) (via Adobe PDF Library 6.0)
MD5: 107f56d699cf0e1a9742aa4f6a9005b8 SHA-1: 1da2645c1c1febe9ebf1fda7c3a52bb69928ce10 SHA-256: 9f084fde609da6a8d237f125afcf2f952bf4d2ec1e035c62b95c7cff0540a9fd
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF file contains a large number of embedded URLs pointing to external websites, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged this PDF as malicious. While no scripts were extracted, the sheer volume of links suggests a malicious intent, possibly for SEO spam or to redirect users to malicious content. The attack pattern is inferred from the link farm heuristic.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-playdragon-billionaire-a-paranormal-billionaire-romance.pdf
    • http://www.gorillawalker.com/the-complete-book-of-palmistry-includes-secrets-of-indian-thumb.pdf
    • http://www.gorillawalker.com/beyond-the-score-music-as-performance.pdf
    • http://www.gorillawalker.com/discovering-finite-mathematics-and-calculus-with-examples-on-the-ti.pdf
    • http://www.gorillawalker.com/unwholly-unwind.pdf
    • http://www.gorillawalker.com/acrylics-step-by-step-art-school.pdf
    • http://www.gorillawalker.com/vascular-and-interventional-radiology-1e.pdf
    • http://www.gorillawalker.com/faith-development-and-fowler.pdf
    • http://www.gorillawalker.com/the-thames-and-i.pdf
    • http://www.gorillawalker.com/expect-resistance-a-crimethink-field-manual.pdf
    • http://www.gorillawalker.com/the-language-teaching-controversy.pdf
    • http://www.gorillawalker.com/locker-room-humor-a-collection-of-jokes-stories-poems-and.pdf
    • http://www.gorillawalker.com/in-search-of-a-better-world-lectures-and-essays-from.pdf
    • http://www.gorillawalker.com/holiday-in-rio-score.pdf
    • http://www.gorillawalker.com/absolute-pressure-orca-sports.pdf
    • http://www.gorillawalker.com/implementing-world-class-manufacturing-a-bridge-to-your-manufacturing-survival.pdf
    • http://www.gorillawalker.com/revival-volume-2-live-like-you-mean-it-tp-revival.pdf
    • http://www.gorillawalker.com/outlines-of-pyrrhonism-great-books-in-philosophy.pdf
    • http://www.gorillawalker.com/progressive-heritage-the-evolution-of-a-politically-radical-literary-tradition.pdf
    • http://www.gorillawalker.com/the-hall-of-uselessness-collected-essays-new-york-review-books.pdf
    • http://www.gorillawalker.com/the-dead-shall-not-rest.pdf
    • http://www.gorillawalker.com/business-law-a-hands-on-approach.pdf
    • http://www.gorillawalker.com/the-shipwreck-the-story-of-paul-s-rescue-at-sea.pdf
    • http://www.gorillawalker.com/health-policy-politics-access-code.pdf
    • http://www.gorillawalker.com/a-pebble-for-your-pocket-kindle-edition.pdf
    • http://www.gorillawalker.com/reviving-the-american-dream-in-southern-california-how-to-purchase.pdf
    • http://www.gorillawalker.com/the-great-sacrilege.pdf
    • http://www.gorillawalker.com/german-life-magazine-life-in-germany-austria-switzerland-volume-9.pdf
    • http://www.gorillawalker.com/learn-to-juggle-mini-maestro.pdf
    • http://www.gorillawalker.com/health-qigong-12-step-daoyin-health-preservation-exercises.pdf
    • http://www.gorillawalker.com/as-time-goes-by-in-argentina-economic-opportunities-and-challenges.pdf
    • http://www.gorillawalker.com/the-proud-tower-a-portrait-of-the-world-before-the.pdf
    • http://www.gorillawalker.com/quiz-spinners-book-2-fun-filled-facts-and-brain-teasers.pdf
    • http://www.gorillawalker.com/dimensions-of-private-law-categories-and-concepts-in-anglo-american.pdf
    • http://www.gorillawalker.com/european-legal-aspects-of-e-commerce.pdf
    • http://www.gorillawalker.com/women-with-alcoholic-husbands-ambivalence-and-the-trap-of-codependency.pdf
    • http://www.gorillawalker.com/responding-to-crisis-a-rhetorical-approach-to-crisis-communication-routledge.pdf
    • http://www.gorillawalker.com/model-predictive-control-theory-and-design.pdf
    • http://www.gorillawalker.com/the-making-of-a-man-of-god-lessons-from-the.pdf
    • http://www.gorillawalker.com/process-engineering-equipment-handbook.pdf
    • http://www.gorillawalker.com/discovering-finite-mathematics-and-calculus-with-
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.