Malicious PDF — malware analysis report

Static analysis result for SHA-256 a9b4d831161ccd09…

MALICIOUS

PDF

33.8 KB Created: 2019-08-03 20:44:28 +03:00 Authoring application: QuarkXPress: pictwpstops filter 1.0 (via Acrobat Distiller 6.0 for Macintosh)
MD5: c9a4d4ab4496b49caad2044261134458 SHA-1: 0fdfe3552896b77fe5758c4a7cfd945a045da8e6 SHA-256: a9b4d831161ccd0912c65b28b195062c200b3699d81b622b41db0ee52afbe61c
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF contains a large number of external links to other PDF files hosted on the same domain, as indicated by the PDF_SEO_LINK_FARM heuristic. This suggests a tactic to manipulate search engine results or to distribute a large volume of content, potentially malicious. The ML_NYX_PDF_MALICIOUS heuristic further supports the malicious classification. No scripts were extracted from this sample, and the document body was heavily obfuscated, preventing a deeper analysis of its specific intent beyond link farming.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8529

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/europe-1780-to-1830-general-history-of-europe.pdf
    • http://www.gorillawalker.com/digital-radio-systems-on-a-chip-a-systems-approach.pdf
    • http://www.gorillawalker.com/researching-audiences-a-practical-guide-to-methods-in-media-audience.pdf
    • http://www.gorillawalker.com/preventing-and-reversing-heart-disease-for-dummies.pdf
    • http://www.gorillawalker.com/healthy-cooking-for-two-and-better-than-ever-third-edition.pdf
    • http://www.gorillawalker.com/tentacles-at-miami-beach-tentacle-erotica-adventure-series-the-tentacle.pdf
    • http://www.gorillawalker.com/mystery-of-the-kingdom-kingdom-studies.pdf
    • http://www.gorillawalker.com/unicorns-coloring-book-dover-coloring-books.pdf
    • http://www.gorillawalker.com/stellarnet-prince-the-stellarnet-series-book-2-unabridged-audible-audio.pdf
    • http://www.gorillawalker.com/did-moses-exist-the-myth-of-the-israelite-lawgiver.pdf
    • http://www.gorillawalker.com/student-suite-cd-rom-for-winston-s-introduction-to-probability.pdf
    • http://www.gorillawalker.com/the-table-is-laid-an-anthology-of-south-asian-food.pdf
    • http://www.gorillawalker.com/a-lawman-s-christmas-a-mckettricks-of-texas-novel-a.pdf
    • http://www.gorillawalker.com/an-author-s-guide-to-scholarly-publishing.pdf
    • http://www.gorillawalker.com/the-dharma-at-big-sur-solo-electric-violin-and-orchestra.pdf
    • http://www.gorillawalker.com/around-melbourne.pdf
    • http://www.gorillawalker.com/god-who-cares-a-witty-question-and-answer-game-about.pdf
    • http://www.gorillawalker.com/english-malayalam-dictionary.pdf
    • http://www.gorillawalker.com/fundamentals-of-geophysics-by-lowrie-william-published-by-cambridge-university.pdf
    • http://www.gorillawalker.com/criminal-law-john-c-klotter-justice-administration-legal.pdf
    • http://www.gorillawalker.com/colorectal-surgery-map.pdf
    • http://www.gorillawalker.com/future-food-how-cutting-edge-technology-3d-printing-will-change.pdf
    • http://www.gorillawalker.com/the-soul-of-a-horse-life-lessons-from-the-herd.pdf
    • http://www.gorillawalker.com/naked-words-the-effective-157-word-email.pdf
    • http://www.gorillawalker.com/the-day-after-the-dollar-crashes-a-survival-guide-for.pdf
    • http://www.gorillawalker.com/practical-cardiology-evaluation-and-treatment-of-common-cardiovascular-disorders.pdf
    • http://www.gorillawalker.com/experimental-nuclear-physics-vol-i.pdf
    • http://www.gorillawalker.com/semiconductor-laser-engineering-reliability-and-diagnostics-a-practical-approach-to.pdf
    • http://www.gorillawalker.com/customary-law-in-namibia-development-and-perspective-namibia-customary-land.pdf
    • http://www.gorillawalker.com/new-technology-routledge-revivals-international-perspective-on-human-resources-and.pdf
    • http://www.gorillawalker.com/kafirs-of-the-hindu-kush.pdf
    • http://www.gorillawalker.com/little-boxes-the-architecture-of-a-classic-midcentury-suburb.pdf
    • http://www.gorillawalker.com/lennon-and-mccartney-jazz-play-along-volume-29-jazz-play.pdf
    • http://www.gorillawalker.com/disney-princess-the-ultimate-guide-to-the-magical-worlds.pdf
    • http://www.gorillawalker.com/rayelle-forbidden-student-teacher-first-time-bi-curious-erotica-so.pdf
    • http://www.gorillawalker.com/the-365-amazing-trivia-facts-page-a-day-calendar-2009.pdf
    • http://www.gorillawalker.com/el-hombre-que-escucha-a-los-caballos.pdf
    • http://www.gorillawalker.com/polymer-matrix-syntactic-foams-microstructure-properties-and-applications.pdf
    • http://www.gorillawalker.com/feelings-are-facts-a-life-writing-art.pdf
    • http://www.gorillawalker.com/victory-shall-be-mine-daywind-records-daywind-soundtracks.pdf
    • http://www.gorillawalker.com/stellarnet-prince-the-stellar
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.