Malicious PDF — malware analysis report

Static analysis result for SHA-256 a3fc7fcb66f8cf23…

MALICIOUS

PDF

31.1 KB Created: 2020-02-09 14:51:41 +03:00 Authoring application: Writer (via LibreOffice 4.2)
MD5: b407f9e4e509350d1f8e5ab454613662 SHA-1: 094032e20c1cb0954512ed90dd9697f37f52e2f1 SHA-256: a3fc7fcb66f8cf23d0aacebe8685c55eb3729cbe616d8b47fd3ca054f6658673
90 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell

The PDF contains a large number of embedded URLs, identified by the PDF_SEO_LINK_FARM heuristic, which are all hosted on the same domain. This suggests a link-farming or SEO manipulation tactic rather than direct malware delivery. The ML classifier also flagged the PDF as malicious. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8405

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-magic-world-of-orson-welles.pdf
    • http://www.gorillawalker.com/computer-fractal-art-hardcover.pdf
    • http://www.gorillawalker.com/keith-martin-on-collecting-porsche.pdf
    • http://www.gorillawalker.com/caballitos-de-mar-sea-horses-bajo-las-olas-under-the.pdf
    • http://www.gorillawalker.com/learning-about-fact-and-opinion-media-literacy-for-kids.pdf
    • http://www.gorillawalker.com/behavioural-biology-of-dogs-cabi-publishing.pdf
    • http://www.gorillawalker.com/the-expedition-to-borneo-of-h-m-s-dido-for.pdf
    • http://www.gorillawalker.com/high-touch-selling-how-to-make-a-great-life-while.pdf
    • http://www.gorillawalker.com/stop-pitching-start-connecting-social-media-strategies-for-network-marketing.pdf
    • http://www.gorillawalker.com/global-residence-and-citizenship-handbook.pdf
    • http://www.gorillawalker.com/fresh-water.pdf
    • http://www.gorillawalker.com/in-the-snow.pdf
    • http://www.gorillawalker.com/shot-through-the-heart-the-cowboy-gangster-book-1.pdf
    • http://www.gorillawalker.com/la-qu-te-de-somy-l-histoire-d-un-choix.pdf
    • http://www.gorillawalker.com/nonprofit-financial-management-a-practical-guide.pdf
    • http://www.gorillawalker.com/collection-of-stories-for-4-year-olds.pdf
    • http://www.gorillawalker.com/gay-gamble-pounded-by-the-men-who-raised-me.pdf
    • http://www.gorillawalker.com/the-10-most-extreme-fighting-styles-10-franklin-watts.pdf
    • http://www.gorillawalker.com/genetic-diversity-of-cocoa.pdf
    • http://www.gorillawalker.com/molly-saves-the-day-turtleback-school-library-binding-edition-american.pdf
    • http://www.gorillawalker.com/a-carpenter-s-life-as-told-by-houses-cd-audio.pdf
    • http://www.gorillawalker.com/easy-organ-solos-arranged-for-all-organs-easy-book-no.pdf
    • http://www.gorillawalker.com/the-old-testament-text-and-context.pdf
    • http://www.gorillawalker.com/construction-nvq-series-level-2-site-carpentry-4th-edition.pdf
    • http://www.gorillawalker.com/hole-in-the-sky-a-memoir.pdf
    • http://www.gorillawalker.com/blackboard-bundle-basic-contract-law-paralegals-6th-edition.pdf
    • http://www.gorillawalker.com/sehr-gerne-mama-du-arschbombe-tiefenentspannt-durch-die-kinderjahre-german.pdf
    • http://www.gorillawalker.com/i-ve-been-working-on-the-railroad-a-shaped-board.pdf
    • http://www.gorillawalker.com/pathology-of-neonatal-intensive-care-an-illustrated-reference-medical-atlas.pdf
    • http://www.gorillawalker.com/the-complete-stories-the-schocken-kafka-library.pdf
    • http://www.gorillawalker.com/a-year-in-vietnam-1964-memoir-of-a-unique-experience.pdf
    • http://www.gorillawalker.com/myths-of-motherhood.pdf
    • http://www.gorillawalker.com/games-and-puzzles-to-chase-away-the-boredom.pdf
    • http://www.gorillawalker.com/educational-psychology-enhanced-pearson-etext-access-card-13th-edition.pdf
    • http://www.gorillawalker.com/vampire-dreams-revamped-a-sons-of-navarus-prequel.pdf
    • http://www.gorillawalker.com/leveraging-corporate-responsibility-the-stakeholder-route-to-maximizing-business-and.pdf
    • http://www.gorillawalker.com/dead-again-the-russian-intelligentsia-after-communism.pdf
    • http://www.gorillawalker.com/zodiac-paradise-forgotten-book-1.pdf
    • http://www.gorillawalker.com/shenandoah-daughter-of-the-stars-a-civil-war-story-book.pdf
    • http://www.gorillawalker.com/family-centered-maternity-care.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.