Malicious PDF — malware analysis report

Static analysis result for SHA-256 9f13036266ca77f3…

MALICIOUS

PDF

44.6 KB Created: 2018-12-15 21:32:10 +03:00 Authoring application: PSCRIPT.DRV Version 4.0 (via Acrobat Distiller 3.02)
MD5: 2a2f9ba2f821dba978c738e4be6d2a4f SHA-1: 34d86ba0d13823000f27fc68c473737d27d36404 SHA-256: 9f13036266ca77f332ef4e369fe2bd188de3621b0d06068de6272cd4fafcffb5
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF file was flagged by a machine learning classifier and contains a large number of embedded links, indicating a potential SEO spam or content distribution attack. The primary attack pattern observed is the PDF_SEO_LINK_FARM heuristic, which suggests the document is designed to host a large number of external links. No scripts were extracted, and the document body was heavily obfuscated, limiting further analysis of the specific intent beyond link distribution.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9171

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/benjamin-and-the-barn-owl-lost-found.pdf
    • http://www.gorillawalker.com/white-shepherd-calendar-just-white-shepherd-calendar-2015-wall-calendars.pdf
    • http://www.gorillawalker.com/you-re-out-of-your-mind-charlie-brown-peanuts.pdf
    • http://www.gorillawalker.com/big-data-a-business-and-legal-guide.pdf
    • http://www.gorillawalker.com/skin-moisturization-second-edition-basic-and-clinical-dermatology.pdf
    • http://www.gorillawalker.com/camping-outdoor-adventure.pdf
    • http://www.gorillawalker.com/locked-out-in-illinois-how-can-you-do-that-to.pdf
    • http://www.gorillawalker.com/the-silent-questions-a-spiritual-odyssey.pdf
    • http://www.gorillawalker.com/mission-addition.pdf
    • http://www.gorillawalker.com/advances-in-chemical-physics-vol-118.pdf
    • http://www.gorillawalker.com/children-of-the-night-a-diana-tregarde-investigation.pdf
    • http://www.gorillawalker.com/textbook-of-urgent-care-management-chapter-28-crisis-communications-mangement.pdf
    • http://www.gorillawalker.com/joel-sternfeld-stranger-passing.pdf
    • http://www.gorillawalker.com/the-medical-digest-or-busy-practitioner-s-vade-mecum-appendix.pdf
    • http://www.gorillawalker.com/haynes-car-electrical-manual-haynes-service-and-repair-manuals-swedish.pdf
    • http://www.gorillawalker.com/electrical-performance-of-electronic-packaging-october-27-29-1997-the.pdf
    • http://www.gorillawalker.com/battle-a-history-of-combat-and-culture.pdf
    • http://www.gorillawalker.com/delta-s-key-to-the-next-generation-toefl-test-advanced.pdf
    • http://www.gorillawalker.com/weapons-of-war-crafty-inventions.pdf
    • http://www.gorillawalker.com/road-rage-to-road-wise.pdf
    • http://www.gorillawalker.com/rome-in-late-antiquity-ad-312-609.pdf
    • http://www.gorillawalker.com/40-days-to-starting-over-no-more-sheets-challenge.pdf
    • http://www.gorillawalker.com/xenostone-the-new-space-age-casting-material.pdf
    • http://www.gorillawalker.com/genius-and-heroin-the-illustrated-catalogue-of-creativity-obsession-and.pdf
    • http://www.gorillawalker.com/postmodernism-movements-in-modern-art.pdf
    • http://www.gorillawalker.com/most-likely-to-succeed-preparing-our-kids-for-the-new.pdf
    • http://www.gorillawalker.com/riders-down-jack-doyle-mysteries-2.pdf
    • http://www.gorillawalker.com/aven-in-the-days-when-the-earth-and-the-heavens.pdf
    • http://www.gorillawalker.com/jon-jayne-s-guide-to-throwing-going-to-and-surviving.pdf
    • http://www.gorillawalker.com/the-missing-scientist-game-famous-five-adventure-games.pdf
    • http://www.gorillawalker.com/cal-97-wild-and-scenic-florida.pdf
    • http://www.gorillawalker.com/mi-sueno-de-america-my-american-dream-spanish-edition.pdf
    • http://www.gorillawalker.com/exploring-guinevere-s-search-for-authenticity-in-the-arthurian-romances.pdf
    • http://www.gorillawalker.com/untold-lives-the-first-generation-of-american-women-psychologists-kings.pdf
    • http://www.gorillawalker.com/lagniappe.pdf
    • http://www.gorillawalker.com/epic-and-sedition-a-case-of-ferdowsi-s-shahnameh.pdf
    • http://www.gorillawalker.com/why-did-my-father-hate-me-at-least-im-not.pdf
    • http://www.gorillawalker.com/music-theory-past-papers-2013-abrsm-grade-3-music-theory.pdf
    • http://www.gorillawalker.com/basic-mathematics-arithmetic-and-algebra.pdf
    • http://www.gorillawalker.com/are-you-listening-fostering-conversations-that-help-young-children-learn.pdf
    • http://www.gorillawalker.com/locked-out-in-illin
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.