Malicious PDF — malware analysis report

Static analysis result for SHA-256 a4b1d4b558f40121…

MALICIOUS

PDF

34.6 KB Created: 2019-12-09 21:08:14 +03:00 Authoring application: - (via Acrobat Web Capture 8.0)
MD5: 17835d70ee519eb84304ff417571c6d4 SHA-1: c6cb1e114c29932efb9b83d8caa4a287544aea02 SHA-256: a4b1d4b558f4012189eff62582e0e290dfce3414455ca9dfe2fccfd4c6f3dc1a
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF contains a large number of embedded URLs pointing to external PDF files, a technique often used for SEO manipulation or to distribute malware. The ML classifier also flagged this PDF as malicious. While no scripts were extracted, the sheer volume of links suggests a malicious intent to redirect users to potentially harmful content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8263

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-other-side-making-tracks.pdf
    • http://www.gorillawalker.com/leptin-wise-diet-understanding-leptin-and-the-venus-factor-review.pdf
    • http://www.gorillawalker.com/how-to-restore-your-datsun-z-car.pdf
    • http://www.gorillawalker.com/laudate-pueri-dominum-three-vesper-psalms-no-2-vocal-score.pdf
    • http://www.gorillawalker.com/charlton-heston-s-hollywood-50-years-in-american-film.pdf
    • http://www.gorillawalker.com/suzuki-2-stroke-ob-2-65-hp-92-99.pdf
    • http://www.gorillawalker.com/menage-maker-ffm-mmff.pdf
    • http://www.gorillawalker.com/aufhebung-eines-wettbewerbsverbots-ohne-ausdruckliche-regelung-in-gerichtlichem-vergleich-german.pdf
    • http://www.gorillawalker.com/francis-ponge-the-table-poetry-an-article-from-world-literature.pdf
    • http://www.gorillawalker.com/luna-s-children-stranger-worlds.pdf
    • http://www.gorillawalker.com/jordanien-und-deutschland-uber-die-vielfalt-kultureller-brucken-festschrift-zum.pdf
    • http://www.gorillawalker.com/black-ball-2007-calendar-the-negro-baseball-leagues.pdf
    • http://www.gorillawalker.com/iec-60092-373-ed-1-0-b-1977-electrical-installations.pdf
    • http://www.gorillawalker.com/clinical-supervision-a-handbook-for-practitioners.pdf
    • http://www.gorillawalker.com/preventing-child-sexual-abuse-sharing-the-responsibility-child-youth-and.pdf
    • http://www.gorillawalker.com/differential-diagnosis-in-pediatrics.pdf
    • http://www.gorillawalker.com/twentieth-century-interpretations-of-crime-and-punishment-a-collection-of.pdf
    • http://www.gorillawalker.com/rethinking-bakhtin-extensions-and-challenges-studies-in-russian-literature-and.pdf
    • http://www.gorillawalker.com/dancing-with-the-void-the-innerstandings-of-a-rare-born.pdf
    • http://www.gorillawalker.com/blacks-in-college-a-comparative-study-of-students-success-in.pdf
    • http://www.gorillawalker.com/go-wild-wildlife-designs-to-color.pdf
    • http://www.gorillawalker.com/an-exegetical-bibliography-of-the-new-testament-john-and-1.pdf
    • http://www.gorillawalker.com/astronomical-almanac-for-the-year-2015-and-its-companion-the.pdf
    • http://www.gorillawalker.com/practical-arduino-engineering-technology-in-action.pdf
    • http://www.gorillawalker.com/rotunda-and-dzienkowski-s-professional-responsibility-a-student-s-guide.pdf
    • http://www.gorillawalker.com/without-you-children-and-young-people-growing-up-with-loss.pdf
    • http://www.gorillawalker.com/misbehaving-sea-breeze-book-6.pdf
    • http://www.gorillawalker.com/george-kateb-dignity-morality-individuality-routledge-innovators-in-political-theory.pdf
    • http://www.gorillawalker.com/trust-us-we-re-experts-how-industry-manipulates-science-and.pdf
    • http://www.gorillawalker.com/instant-magento-performance-optimization-how-to.pdf
    • http://www.gorillawalker.com/maxims-english-and-french-edition.pdf
    • http://www.gorillawalker.com/romansy-13-theory-and-practice-of-robots-and-manipulators-cism.pdf
    • http://www.gorillawalker.com/5-country-dances-k-609-full-score-qty-2-a1842.pdf
    • http://www.gorillawalker.com/scarecrow.pdf
    • http://www.gorillawalker.com/the-wooden-sword-a-jewish-folktale-from-afghanistan.pdf
    • http://www.gorillawalker.com/becoming-the-dad-your-daughter-needs.pdf
    • http://www.gorillawalker.com/blood-of-the-kraken.pdf
    • http://www.gorillawalker.com/mightier-than-the-sword-powerful-writing-in-the-legal-profession.pdf
    • http://www.gorillawalker.com/cape-cod-ahoy-a-travel-book-for-the-summer-visitor.pdf
    • http://www.gorillawalker.com/things-i-must-stop-doing-before-i-die-written-by.pdf
    • http://www.gorillawalker.com/charlton-heston-s-hollywood-50-years-
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.