Malicious PDF — malware analysis report

Static analysis result for SHA-256 a2418306c15206af…

MALICIOUS

PDF

47.0 KB Created: 2018-11-23 21:09:24 +03:00 Authoring application: Adobe InDesign CC (Macintosh) (via Adobe PDF Library 10.0.1)
MD5: 2bbc18e64f73658a10ade58fa0176ccf SHA-1: 0929900c27f081d5030b5241ec3414fff349b7c5 SHA-256: a2418306c15206af4277baee8010ffcd2a798a02334c4827be6f6d676d809b81
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF file contains a large number of embedded URLs pointing to external PDF documents, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged the document as malicious. The primary attack pattern appears to be SEO manipulation or a link farm designed to distribute traffic or potentially malicious content through numerous external links. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8013

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-coming-of-arthur-the-welsh-chronicle-book-eleven-from.pdf
    • http://www.gorillawalker.com/throwing-a-softball-fast-pitching-instruction-an-article-from-coach.pdf
    • http://www.gorillawalker.com/catastrophic-health-insurance-the-tennessee-perspective-hearing-before-the-subcommittee.pdf
    • http://www.gorillawalker.com/der-gestohlene-mond-roman-german-edition.pdf
    • http://www.gorillawalker.com/250-cases-in-clinical-medicine-4e.pdf
    • http://www.gorillawalker.com/illinois-as-lincoln-knew-it-a-boston-reporter-s-record.pdf
    • http://www.gorillawalker.com/germany-in-the-high-middle-ages-c-1050-1200-cambridge.pdf
    • http://www.gorillawalker.com/vocabulary-for-gcse-german.pdf
    • http://www.gorillawalker.com/series-de-culto-el-otro-hollywood.pdf
    • http://www.gorillawalker.com/good-disagreement-grace-and-truth-in-a-divided-church-digital.pdf
    • http://www.gorillawalker.com/commentary-on-1-2-timothy-and-titus-kindle-edition.pdf
    • http://www.gorillawalker.com/science-et-philosophie.pdf
    • http://www.gorillawalker.com/mister-death-s-blue-eyed-girls.pdf
    • http://www.gorillawalker.com/a-dialogue-on-free-will-and-science.pdf
    • http://www.gorillawalker.com/teaching-your-teenager-to-drive-assuming-you-have-the-guts.pdf
    • http://www.gorillawalker.com/self-earth-and-society-alienation-and-trinitarian-transformation.pdf
    • http://www.gorillawalker.com/open-water.pdf
    • http://www.gorillawalker.com/religious-melancholy-and-protestant-experience-in-america-religion-in-america.pdf
    • http://www.gorillawalker.com/come-an-146-get-it-the-story-of-the-old.pdf
    • http://www.gorillawalker.com/the-myths-of-creativity-the-truth-about-how-innovative-companies.pdf
    • http://www.gorillawalker.com/the-fight-of-your-life-why-your-teen-is-at.pdf
    • http://www.gorillawalker.com/monster-violations-6-beastly-gangbangs-forever-violated-by-monsters.pdf
    • http://www.gorillawalker.com/miss-harper-can-do-it.pdf
    • http://www.gorillawalker.com/phineas-and-ferb-laughapalooza-joke-book.pdf
    • http://www.gorillawalker.com/ways-of-staying.pdf
    • http://www.gorillawalker.com/keys-to-investing-in-municipal-bonds-barron-s-business-keys.pdf
    • http://www.gorillawalker.com/test-your-logic-dover-recreational-math.pdf
    • http://www.gorillawalker.com/quicksand-hiv-aids-in-our-lives.pdf
    • http://www.gorillawalker.com/alt-fractals-a-visual-guide-to-fractal-geometry-and-design.pdf
    • http://www.gorillawalker.com/dickgirls-around-town-barebacked-barback.pdf
    • http://www.gorillawalker.com/natural-cure-for-psoriasis-with-wound-healing.pdf
    • http://www.gorillawalker.com/what-your-atheist-professor-doesn-t-know-but-should.pdf
    • http://www.gorillawalker.com/in-the-wake-of-the-plague-the-black-death-and.pdf
    • http://www.gorillawalker.com/black-sun-the-eyes-of-four-roots-and-innovation-in.pdf
    • http://www.gorillawalker.com/he-who-laughs-last-having-the-joyful-life-god-intended.pdf
    • http://www.gorillawalker.com/the-complete-lyrics-of-lorenz-hart.pdf
    • http://www.gorillawalker.com/back-to-earth-adobe-building-in-saudi-arabia.pdf
    • http://www.gorillawalker.com/mossbauer-spectroscopy-applications-in-chemistry-biology-and-nanotechnology.pdf
    • http://www.gorillawalker.com/building-your-ideal-private-practice-a-guide-for-therapists-and.pdf
    • http://www.gorillawalker.com/learning-organization-management-books-creating-organizational-learning-ability.pdf
    • http://www.gorillawalker.com/catastrophic-health-insurance-the-tennessee-p
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.