Malicious PDF — malware analysis report

Static analysis result for SHA-256 9f85460c2ab4a5da…

MALICIOUS

PDF

40.6 KB Created: 2019-01-06 08:03:54 +03:00 Authoring application: Writer (via OpenOffice.org 2.0.3)
MD5: a9a09d93614f27626b88fff80e6b42c4 SHA-1: 18fca52071ab82341247102d72aee97666c645bb SHA-256: 9f85460c2ab4a5daa084129ac23127f262e0e2328504217ab85d98551a62a944
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF file was flagged by a machine learning classifier and contains a large number of external links, suggesting it is part of a link farm or SEO manipulation scheme. While no scripts were extracted, the sheer volume of links points towards a malicious intent, possibly to distribute further malware or engage in phishing. The ML classifier's high score further supports the malicious nature of the file.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8872

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/heat-vol-2-master-chefs-heat-series-2-kindle-edition.pdf
    • http://www.gorillawalker.com/the-twenty-year-itch-confessions-of-a-corporate-warrior.pdf
    • http://www.gorillawalker.com/venezuela-an-economic-report.pdf
    • http://www.gorillawalker.com/the-laying-on-of-hands-in-the-new-testament-its.pdf
    • http://www.gorillawalker.com/secrets-of-successful-betting.pdf
    • http://www.gorillawalker.com/if-we-were-birds-kindle-edition.pdf
    • http://www.gorillawalker.com/the-power-of-ideology.pdf
    • http://www.gorillawalker.com/a-child-at-war-hortense-daman.pdf
    • http://www.gorillawalker.com/william-tell-overture-choral-octavo.pdf
    • http://www.gorillawalker.com/the-cult-of-cock-the-shapeshifter-slut.pdf
    • http://www.gorillawalker.com/demon-beast-invasion-book-1.pdf
    • http://www.gorillawalker.com/maternity-and-pediatric-nursing-point-lippincott-williams-wilkins.pdf
    • http://www.gorillawalker.com/vector-analysis-undergraduate-texts-in-mathematics.pdf
    • http://www.gorillawalker.com/famous-22nd-regiment-march-study-score.pdf
    • http://www.gorillawalker.com/something-needs-to-change-around-here.pdf
    • http://www.gorillawalker.com/the-public-ministry-of-christ.pdf
    • http://www.gorillawalker.com/solve-your-own-mystery-stories-puzzle-adventures.pdf
    • http://www.gorillawalker.com/by-michele-leonardi-darby-bsdh-ms-margaret-walsh-rdh-ms.pdf
    • http://www.gorillawalker.com/how-to-avoid-probate-by-creating-a-living-trust-a.pdf
    • http://www.gorillawalker.com/temporary-roommates.pdf
    • http://www.gorillawalker.com/urban-sociology-images-and-structure.pdf
    • http://www.gorillawalker.com/calculus-graphical-numerical-algebraic-ate-ap-edition.pdf
    • http://www.gorillawalker.com/classic-chicago-blues-harp-2.pdf
    • http://www.gorillawalker.com/empowerment-or-disempowerment-a-review-of-youth-training-schemes-for.pdf
    • http://www.gorillawalker.com/that-summer-night-callaways-6-volume-6.pdf
    • http://www.gorillawalker.com/provincial-plans-a-sourcebook.pdf
    • http://www.gorillawalker.com/say-it-in-hawaiian-native-animals-keiki-s-first-books.pdf
    • http://www.gorillawalker.com/robert-b-parker-s-the-devil-wins-a-jesse-stone.pdf
    • http://www.gorillawalker.com/there-came-a-killing-frost.pdf
    • http://www.gorillawalker.com/kaplan-gre-pocket-reference.pdf
    • http://www.gorillawalker.com/support-bases-for-offshore-drilling-the-port-of-new-york.pdf
    • http://www.gorillawalker.com/metalcasting.pdf
    • http://www.gorillawalker.com/ctrl-shift.pdf
    • http://www.gorillawalker.com/remember-when-piano-vocal-sheet-music.pdf
    • http://www.gorillawalker.com/super-simple-breakfasts-easy-no-bake-recipes-for-kids-super.pdf
    • http://www.gorillawalker.com/catalog01-gachicos-japanese-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/personal-finance-budgeting-and-saving-money-credit-repair-frugal-passive.pdf
    • http://www.gorillawalker.com/chinese-primer-the-pinyin-v-1-3.pdf
    • http://www.gorillawalker.com/style-manual-for-authors-editors-and-printers.pdf
    • http://www.gorillawalker.com/on-academic-scepticism-hackett-classics.pdf
    • http://www.gorillawalker.com/heat-vol-2-master-chefs-heat-series-2-kindle-edition.pd
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.