Malicious PDF — malware analysis report

Static analysis result for SHA-256 b1615e57254ae4a2…

MALICIOUS

PDF

45.3 KB Created: 2018-12-14 20:22:57 +03:00 Authoring application: Adobe Acrobat Pro 11.0.18 (via Adobe PDF Library 11.0)
MD5: 006b4fb02e8b26785d8c154efb0a5bb6 SHA-1: f038772bfe356c97e4a8165a4e91fc6d6680b9d0 SHA-256: b1615e57254ae4a259e60ea89dab0b8f1cebf7397e8a577137615f2311a9761a
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF file was flagged by a machine learning classifier and contains a large number of embedded links to external PDF files, indicating a potential SEO manipulation or content distribution scheme. The primary attack pattern involves leveraging these links, likely to direct users to malicious sites or download further payloads. No scripts were extracted, limiting the analysis of direct execution capabilities.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8634

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/structured-exercises-in-wellness-promotion-vol-003.pdf
    • http://www.gorillawalker.com/water-buffalo-days-growing-up-in-vietnam.pdf
    • http://www.gorillawalker.com/diagraming-sentences.pdf
    • http://www.gorillawalker.com/san-francisco-ballet-at-seventy-five.pdf
    • http://www.gorillawalker.com/the-definitive-book-on-attention-deficit-disorder-and-adhd-the.pdf
    • http://www.gorillawalker.com/net-4-5-parallel-extensions-cookbook.pdf
    • http://www.gorillawalker.com/random-signals-and-noise-a-mathematical-introduction.pdf
    • http://www.gorillawalker.com/may-it-please-the-court-the-most-significant-oral-arguments.pdf
    • http://www.gorillawalker.com/james-watt-chemist-understanding-the-origins-of-the-steam-age.pdf
    • http://www.gorillawalker.com/roark-s-formulas-for-stress-and-strain-8th-edition.pdf
    • http://www.gorillawalker.com/tsunami-and-its-impacts-a-deeper-understanding.pdf
    • http://www.gorillawalker.com/public-management-and-governance.pdf
    • http://www.gorillawalker.com/law-of-employment-discrimination-cases-and-materials-2008-case-supplement.pdf
    • http://www.gorillawalker.com/war-department-technical-manual-ordnance-maintenance-binoculars-field-glasses-and.pdf
    • http://www.gorillawalker.com/london-and-the-culture-of-homosexuality-1885-1914-cambridge-studies.pdf
    • http://www.gorillawalker.com/haydn-s-oratorio-the-creation-arranged-from-the-full-score.pdf
    • http://www.gorillawalker.com/the-philosophy-of-conspiracy-theories.pdf
    • http://www.gorillawalker.com/ed-emberley-s-big-purple-drawing-book.pdf
    • http://www.gorillawalker.com/spanish-verbs-the-art-of-conjugation-learn-spanish-4-life.pdf
    • http://www.gorillawalker.com/by-trends-international-how-to-train-your-dragon-2-2015.pdf
    • http://www.gorillawalker.com/complete-directory-for-people-with-disabilities.pdf
    • http://www.gorillawalker.com/reinsurance-management-a-practical-guide-practical-insurance-guides.pdf
    • http://www.gorillawalker.com/barnyard-bliss.pdf
    • http://www.gorillawalker.com/modern-china-a-very-short-introduction-very-short-introductions.pdf
    • http://www.gorillawalker.com/animal-house-when-objects-have-animals-names-permanent-collection-of.pdf
    • http://www.gorillawalker.com/sharh-al-mu-allaqat-al-sab-a-lil-tabrizi-arab.pdf
    • http://www.gorillawalker.com/people-s-participation-in-family-planning.pdf
    • http://www.gorillawalker.com/transistor-dictionary-bipolar-transistors.pdf
    • http://www.gorillawalker.com/spiritual-care-a-guide-for-caregivers.pdf
    • http://www.gorillawalker.com/instant-e-commerce-with-opencart-build-a-shop.pdf
    • http://www.gorillawalker.com/corinthians-1-and-2-enhanced-e-book-edition-illustrated-includes.pdf
    • http://www.gorillawalker.com/the-pinch-market-square-brinkley-park-neighborhood-story-and-a.pdf
    • http://www.gorillawalker.com/physicians-cancer-chemotherapy-drug-manual-2014-jones-and-bartlett-series.pdf
    • http://www.gorillawalker.com/pro-engine-blueprinting-motorbooks-workshop.pdf
    • http://www.gorillawalker.com/from-jerusalem-to-the-lion-of-judah-and-beyond-israel.pdf
    • http://www.gorillawalker.com/gadfly-in-russia.pdf
    • http://www.gorillawalker.com/the-little-seagull-handbook-second-edition.pdf
    • http://www.gorillawalker.com/cady-books-potential-to-stimulate-the-training-1-2-years.pdf
    • http://www.gorillawalker.com/welfare-in-an-idle-society-reinventing-retirement-work-wealth-health.pdf
    • http://www.gorillawalker.com/logbuch-israel.pdf
    • http://www.gorillawalker.com/may-it-please-the-court-t
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.