Malicious PDF — malware analysis report

Static analysis result for SHA-256 b1a4fa4b9ee06a36…

MALICIOUS

PDF

42.7 KB Created: 2019-03-17 04:31:21 +03:00 Authoring application: Adobe PageMaker 7.0 (via Acrobat Distiller 5.0.5 for Macintosh)
MD5: 05ecc49593d4d64244e991fcd3fb35a6 SHA-1: 61857f5d423a9c9e993e485c653fca7f79db018f SHA-256: b1a4fa4b9ee06a36083f1a53155cb0859565c516d2a3413a117c11f5717a9b74
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1059.001 PowerShell

The PDF contains a significant number of embedded URLs pointing to external PDF documents, a technique often used for SEO manipulation or to host malicious content. The ML classifier also flagged this PDF as malicious with a high probability. No scripts were extracted, and the document body was unreadable, limiting further analysis of the specific lure.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8872

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/teaching-surgeons-hands-to-heal-a-urological-surgical-chairman-s.pdf
    • http://www.gorillawalker.com/a-familiar-problem-the-northern-witches-volume-2.pdf
    • http://www.gorillawalker.com/annual-report-of-the-director-of-public-health.pdf
    • http://www.gorillawalker.com/macrobiotica-zen-el-arte-del-rejuvenecimiento-y-de-la-longevidad.pdf
    • http://www.gorillawalker.com/a-casual-run-through-for-law-school-exams-a-recommended.pdf
    • http://www.gorillawalker.com/elise-episode-9-heresy.pdf
    • http://www.gorillawalker.com/the-lsat-deconstructed-series-volume-43-the-june-2004-lsat.pdf
    • http://www.gorillawalker.com/governing-california-in-the-twenty-first-century-third-edition.pdf
    • http://www.gorillawalker.com/blackjack-tome-12.pdf
    • http://www.gorillawalker.com/kids-say-the-cutest-things-about-dogs.pdf
    • http://www.gorillawalker.com/willard-boepple-sculpture-the-sense-of-things.pdf
    • http://www.gorillawalker.com/how-to-train-your-dragon-a-journal-for-heroes.pdf
    • http://www.gorillawalker.com/left-behind-the-kids-the-underground.pdf
    • http://www.gorillawalker.com/super-safari-level-2-class-audio-cds-2-american-english.pdf
    • http://www.gorillawalker.com/the-power-of-the-powerless-a-brother-s-legacy-of.pdf
    • http://www.gorillawalker.com/new-mexico-baptisms-santa-cruz-de-la-canada-church-vol.pdf
    • http://www.gorillawalker.com/thug-kitchen-the-party-grub-guide-eat-clean-party-hard.pdf
    • http://www.gorillawalker.com/audio-cd-set-4-disk-set-for-use-with-jazz.pdf
    • http://www.gorillawalker.com/aftermath-volume-1.pdf
    • http://www.gorillawalker.com/game-theory-and-the-law-economic-approaches-to-law.pdf
    • http://www.gorillawalker.com/deferring-democracy-promoting-openness-in-authoritarian-regimes.pdf
    • http://www.gorillawalker.com/philosophical-issues-in-the-psychology-of-c-g-jung.pdf
    • http://www.gorillawalker.com/tonal-allegory-in-the-vocal-music-of-j-s-bach.pdf
    • http://www.gorillawalker.com/the-ballad-of-frankie-silver-a-ballad-novel.pdf
    • http://www.gorillawalker.com/a-stillness-in-the-pines-the-ecology-of-the-red.pdf
    • http://www.gorillawalker.com/pile-ou-face-french-horn-solo.pdf
    • http://www.gorillawalker.com/taking-food-allergies-to-school-special-kids-in-school-paperback.pdf
    • http://www.gorillawalker.com/roping-the-wind-turner-brother-series.pdf
    • http://www.gorillawalker.com/canoe-games.pdf
    • http://www.gorillawalker.com/ghost-town-morganville-vampires.pdf
    • http://www.gorillawalker.com/apes-language-and-the-human-mind-1st-first-edition.pdf
    • http://www.gorillawalker.com/cantos-de-alabanza-y-adoracion-songs-of-praise-and-worship.pdf
    • http://www.gorillawalker.com/fundamental-tax-reform-and-border-tax-adjustments-policy-analyses-in.pdf
    • http://www.gorillawalker.com/any-old-iron.pdf
    • http://www.gorillawalker.com/deadly.pdf
    • http://www.gorillawalker.com/tap-tap-tap-what-s-hatching-rourke-board-books.pdf
    • http://www.gorillawalker.com/technique-special-effects-tv-2nd.pdf
    • http://www.gorillawalker.com/the-2009-2014-world-outlook-for-air-washing-purification-equipment.pdf
    • http://www.gorillawalker.com/faiths-of-eberron-dungeons-dragons-d20-3-5-fantasy-roleplaying.pdf
    • http://www.gorillawalker.com/guide-to-successful-gardening-in-florida-s-zone-9a.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.