Malicious PDF — malware analysis report

Static analysis result for SHA-256 ac7a3043ffd9caa1…

MALICIOUS

PDF

33.1 KB Created: 2020-02-08 18:27:37 +03:00 Authoring application: QuarkXPressª 4.11: AdobePS 8.7.3 (301) (via Acrobat Distiller 5.0.5 for Macintosh)
MD5: bcf37d096bd89794fd289fc7d3620354 SHA-1: 71769fceb9488d251e58002bbb5ae070ddf1e05e SHA-256: ac7a3043ffd9caa17af250607bc90540d9c164df72c0b508cb8693e6dad0799b
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1059.001 PowerShell

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML_NYX_PDF_MALICIOUS heuristic also flagged the document with high confidence. While no scripts were extracted, the sheer volume of links suggests a malicious intent, possibly to manipulate search engine rankings or to serve as a distribution point for further malicious content. The document body is heavily obfuscated and contains what appear to be URL references, reinforcing the link farm detection.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8529

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/pygmalion-a-romance-in-five-acts-scholar-s-choice-edition.pdf
    • http://www.gorillawalker.com/rent-pro-vocal-mixed-edition-volume-3-pro-vocal-women.pdf
    • http://www.gorillawalker.com/philosophy-of-science-the-central-issues.pdf
    • http://www.gorillawalker.com/russian-judo-masterclass-series.pdf
    • http://www.gorillawalker.com/steve-schapiro-taxi-driver.pdf
    • http://www.gorillawalker.com/advanced-analysis-of-gene-expression-microarray-data-science-engineering-and.pdf
    • http://www.gorillawalker.com/jealous-the-ashleys-book-2.pdf
    • http://www.gorillawalker.com/the-secret-paris-of-the-30-s.pdf
    • http://www.gorillawalker.com/driving-abroad-hints-tips-facts-and-figures.pdf
    • http://www.gorillawalker.com/primer-of-adlerian-psychology-the-analytic-behavioural-cognitive-psychology-of.pdf
    • http://www.gorillawalker.com/mouse-moves-house-usborne-easy-words-to-read.pdf
    • http://www.gorillawalker.com/a-dissertation-on-liberty-and-necessity-pleasure-and-pain.pdf
    • http://www.gorillawalker.com/manual-of-fetal-echocardiography.pdf
    • http://www.gorillawalker.com/homemade-slime-and-rubber-bones-awesome-science-activities.pdf
    • http://www.gorillawalker.com/cohabitation-and-trusts-of-land.pdf
    • http://www.gorillawalker.com/scherzando-for-solo-clarinet-or-bass-clarinet-with-piano-accompaniment.pdf
    • http://www.gorillawalker.com/apple-cider-vinegar-apple-cider-vinegar-for-detox-weight-loss.pdf
    • http://www.gorillawalker.com/science-and-myth-what-we-are-never-told.pdf
    • http://www.gorillawalker.com/walter-me-standing-in-the-shadow-of-sweetness.pdf
    • http://www.gorillawalker.com/portraits-of-the-fifties-the-photographs-of-sanford-roth.pdf
    • http://www.gorillawalker.com/the-collected-poems-of-william-wordsworth-wordsworth-poetry-library.pdf
    • http://www.gorillawalker.com/flight-to-freedom-first-person-fiction.pdf
    • http://www.gorillawalker.com/the-church-and-mary-studies-in-church-history.pdf
    • http://www.gorillawalker.com/dare-mighty-things-mapping-the-challenges-of-leadership-for-christian.pdf
    • http://www.gorillawalker.com/no-second-chance.pdf
    • http://www.gorillawalker.com/bni-building-news-general-construction-costbook-2011.pdf
    • http://www.gorillawalker.com/brain-farts.pdf
    • http://www.gorillawalker.com/ladybugs-creepy-critters.pdf
    • http://www.gorillawalker.com/stretch-my-hole-taboo-interracial-cream-breeding-erotica-kindle-edition.pdf
    • http://www.gorillawalker.com/gulbarga-bidar-bijapur.pdf
    • http://www.gorillawalker.com/the-chinaman-a-sergeant-studer-mystery.pdf
    • http://www.gorillawalker.com/how-to-get-rid-of-garden-pests-and-diseases-an.pdf
    • http://www.gorillawalker.com/physical-geology-earth-revealed-9th-edition.pdf
    • http://www.gorillawalker.com/dave-townsend-s-english-dance-music-volume-2.pdf
    • http://www.gorillawalker.com/la-alalc-aladi-jornadas-spanish-edition.pdf
    • http://www.gorillawalker.com/sports-connection-for-microsoft-office-2000-integrated-simulation-with-cd.pdf
    • http://www.gorillawalker.com/outsourcing-for-dummies-paperback-2008-author-ed-ashley.pdf
    • http://www.gorillawalker.com/a-campbell-cookbook-cooking-with-soup.pdf
    • http://www.gorillawalker.com/sergio-camargo-espacos-da-arte-brasileira-portuguese-edition.pdf
    • http://www.gorillawalker.com/make-it-count-180-devotions-for-the-school-year.pdf
    • http://www.goril
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.