Malicious PDF — malware analysis report

Static analysis result for SHA-256 9f7458996699720f…

MALICIOUS

PDF

40.2 KB Created: 2019-02-14 08:13:31 +03:00 Authoring application: PScript5.dll Version 5.2.2 (via Acrobat Distiller 10.1.2 (Windows))
MD5: 0779d2a7d0771f6e9bd9291a3f3b1eb4 SHA-1: bd9f5efc60ad6ff9be95e689cde6da8f97ba2601 SHA-256: 9f7458996699720fd002f38db11b8b4b2db8f3d09d63c3f5dc3aee629e6c3a83
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1059.001 PowerShell

The PDF file was flagged by a machine learning classifier as malicious and contains a large number of embedded links to external PDF files, suggesting a link farm or SEO abuse. While no scripts were extracted, the sheer volume of links points towards a malicious intent, possibly to distribute further malware or engage in phishing. The ML classifier's high confidence score supports this assessment.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9027

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/digital-filmmaking-an-introduction-digital-filmmaker-series.pdf
    • http://www.gorillawalker.com/dark-journey.pdf
    • http://www.gorillawalker.com/kays-art-department-desk-diary-2008.pdf
    • http://www.gorillawalker.com/frommer-s-24-great-walks-in-chicago.pdf
    • http://www.gorillawalker.com/inflation-stabilization-and-debt-macroeconomic-experiments-in-peru-and-bolivia.pdf
    • http://www.gorillawalker.com/code-of-estimating-practice.pdf
    • http://www.gorillawalker.com/shirley-turner-doctor-stalker-murderer-crimes-canada-true-crimes-that.pdf
    • http://www.gorillawalker.com/holt-allez-viens-student-edition-level-2-2003.pdf
    • http://www.gorillawalker.com/pest-analysis-coal-sector-in-india-download-pdf-digital.pdf
    • http://www.gorillawalker.com/world-war-2-navy-seals-true-stories-from-the-first.pdf
    • http://www.gorillawalker.com/gm-cavalier-sunbird-skyhawk-and-firenza-1982-94-chilton-total.pdf
    • http://www.gorillawalker.com/bake-through-the-bible-20-fun-cooking-activities-to-explore.pdf
    • http://www.gorillawalker.com/destined-to-lead-executive-coaching-and-lessons-for-leadership-development.pdf
    • http://www.gorillawalker.com/return-to-reason.pdf
    • http://www.gorillawalker.com/giving-charity-and-philanthropy-in-history.pdf
    • http://www.gorillawalker.com/an-introduction-to-chinese-culture-through-the-family-suny-series.pdf
    • http://www.gorillawalker.com/immersion-bible-studies-mark.pdf
    • http://www.gorillawalker.com/part-of-me-shadow-shifters-damaged-hearts-book-2.pdf
    • http://www.gorillawalker.com/honeyball-and-bowers-textbook-on-employment-law.pdf
    • http://www.gorillawalker.com/defeating-the-spirit-of-depression.pdf
    • http://www.gorillawalker.com/color-atlas-of-oral-pathology-1961.pdf
    • http://www.gorillawalker.com/an-afternoon-of-pleasure-milf-mmf-servant-downton-abbey-erotica.pdf
    • http://www.gorillawalker.com/monitoring-of-harmful-algal-blooms-springer-praxis-books.pdf
    • http://www.gorillawalker.com/the-little-giant-encyclopedia-of-magic.pdf
    • http://www.gorillawalker.com/law-and-ethics-in-the-business-environment-cengage-learning-legal.pdf
    • http://www.gorillawalker.com/pride-regicide.pdf
    • http://www.gorillawalker.com/dai-xi-fu-ren-de-qing-ren-chinese-edition.pdf
    • http://www.gorillawalker.com/why-rape-culture-is-a-dangerous-myth-from-steubenville-to.pdf
    • http://www.gorillawalker.com/gender-intelligence-breakthrough-strategies-for-increasing-diversity-and-improving-your.pdf
    • http://www.gorillawalker.com/essential-words-for-the-ged-l.pdf
    • http://www.gorillawalker.com/irresistible-serie-rom-ntica-contempor-nea-libro-1-spanish-edition.pdf
    • http://www.gorillawalker.com/the-arrangement-1-volume-1.pdf
    • http://www.gorillawalker.com/the-personal-mba-master-the-art-of-business-unabridged-audible.pdf
    • http://www.gorillawalker.com/quick-guide-to-clinical-chemistry-second-edition.pdf
    • http://www.gorillawalker.com/claves-para-identificar-al-socio-ideal-third-party-insurance-direct.pdf
    • http://www.gorillawalker.com/everyday-mathematics-skills-links-cumulative-practice-sets.pdf
    • http://www.gorillawalker.com/the-american-heritage-essential-student-thesaurus-third-edition.pdf
    • http://www.gorillawalker.com/carte-blanche-the-new-james-bond-novel-007-james-bond.pdf
    • http://www.gorillawalker.com/cartographic-sources-in-the-rosenberg-library.pdf
    • http://www.gorillawalker.com/all-heaven-will-break-loose-when-we-make-jesus-priorities.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.