Malicious PDF — malware analysis report

Static analysis result for SHA-256 ae6e3d4d3c265e27…

MALICIOUS

PDF

42.6 KB Created: 2018-12-14 20:07:19 +03:00 Authoring application: Adobe InDesign CS6 (Macintosh) (via Acrobat Distiller 10.1.12 (Macintosh))
MD5: dbf79f7b1423bab328f23dacd33bf59d SHA-1: 5bd9fa5d280110253904bbd2f3c39c2eb894ef36 SHA-256: ae6e3d4d3c265e271acbe4555a7e4f7041ae7c5f3efd7d8c429808bc4df65f4f
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML_NYX_PDF_MALICIOUS classifier also flagged the document with high confidence. The embedded URLs point to a website that appears to host a link farm, suggesting a tactic to manipulate search engine results or distribute malicious content. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8872

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/adolescent-addiction-epidemiology-assessment-and-treatment-practical-resources-for-the.pdf
    • http://www.gorillawalker.com/akira-kurosawa-reaktion-books-critical-lives.pdf
    • http://www.gorillawalker.com/plays-children-love-volume-ii-a-treasury-of-contemporary-and.pdf
    • http://www.gorillawalker.com/switzerland-2016-square-12x12.pdf
    • http://www.gorillawalker.com/john-deere-tractors-and-equipment-vol-2-1960-1990-john.pdf
    • http://www.gorillawalker.com/ferrocenes-ligands-materials-and-biomolecules.pdf
    • http://www.gorillawalker.com/purgatorio-manada-taylor-n-6-spanish-edition.pdf
    • http://www.gorillawalker.com/k-t-henson-s-curriculum-planning-4th-fourth-edition-curriculum.pdf
    • http://www.gorillawalker.com/die-seelenblindheit-als-herderscheinung-und-ihre-beziehungen-zur-homonymen-hemianopsie.pdf
    • http://www.gorillawalker.com/fractal-cross-stitch-pattern-no-146.pdf
    • http://www.gorillawalker.com/entourage-a-tracing-file-for-architects-and-interior-design.pdf
    • http://www.gorillawalker.com/dr-seuss-my-favorite-writer.pdf
    • http://www.gorillawalker.com/fantasy-session.pdf
    • http://www.gorillawalker.com/dowry-meat.pdf
    • http://www.gorillawalker.com/motocross-winner-s-circle-series.pdf
    • http://www.gorillawalker.com/guitar-an-american-life.pdf
    • http://www.gorillawalker.com/federal-banking-laws-and-reports-a-compilation-of-major-federal.pdf
    • http://www.gorillawalker.com/hit-product-in-the-world-did-what-born-from-inspiration.pdf
    • http://www.gorillawalker.com/traditional-venetian-recipes-discovering-venice.pdf
    • http://www.gorillawalker.com/the-wooden-boat.pdf
    • http://www.gorillawalker.com/daily-motivations-for-african-american-success.pdf
    • http://www.gorillawalker.com/2015-north-american-coins-prices-a-guide-to-u-s.pdf
    • http://www.gorillawalker.com/an-introduction-to-abstract-algebra-de-gruyter-textbook.pdf
    • http://www.gorillawalker.com/wireshark-101-essential-skills-for-network-analysis-wireshark-solutions-series.pdf
    • http://www.gorillawalker.com/nelsons-women.pdf
    • http://www.gorillawalker.com/reforming-women-s-fashion-1850-1920-politics-health-and-art.pdf
    • http://www.gorillawalker.com/family-christmas-advent-calendar.pdf
    • http://www.gorillawalker.com/media-and-materiality-in-the-neo-avant-garde.pdf
    • http://www.gorillawalker.com/maintenance-of-historic-buildings-a-practical-handbook.pdf
    • http://www.gorillawalker.com/the-electrical-properties-of-flames-and-of-incandescent-solids-illustrated.pdf
    • http://www.gorillawalker.com/35-cajun-recipes-for-weeknights-the-cajun-food-cookbook-quick.pdf
    • http://www.gorillawalker.com/the-way-to-wealth-four-rules.pdf
    • http://www.gorillawalker.com/alice-miranda-at-camp.pdf
    • http://www.gorillawalker.com/ole-evinrude-and-his-outboard-motor-badger-biographies-series.pdf
    • http://www.gorillawalker.com/the-pilot-judgment-procedure-of-the-european-court-of-human.pdf
    • http://www.gorillawalker.com/the-doctor-of-the-little-forest-and-le-docteur-du.pdf
    • http://www.gorillawalker.com/state-society-and-corporate-power.pdf
    • http://www.gorillawalker.com/napa-state-hospital-images-of-america-arcadia-publishing.pdf
    • http://www.gorillawalker.com/the-master-s-questions-to-his-disciples-classic-reprint.pdf
    • http://www.gorillawalker.com/john-
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.