Malicious PDF — malware analysis report

Static analysis result for SHA-256 b48c9cb7a98c27d0…

MALICIOUS

PDF

43.3 KB Created: 2018-11-30 01:49:14 +03:00 Authoring application: QuarkXPress(R) 7.01
MD5: 012ef968c135c3b830b0b8ead86e3679 SHA-1: dcb5125dda5f8396526ecc268a1a80a20b1a16fd SHA-256: b48c9cb7a98c27d0777a4741c699b077b0175a2bc0b4aada8e0c9741b431f946
90 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged this PDF as malicious. The primary purpose appears to be SEO manipulation or distributing a large volume of links, rather than direct execution of malware. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8683

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-world-s-religions-revised-and-updated-plus-kindle-edition.pdf
    • http://www.gorillawalker.com/before-you-go-what-every-church-must-know-about-its.pdf
    • http://www.gorillawalker.com/usmle-step-1-lecture-notes-immunology-and-microbiology-book-only.pdf
    • http://www.gorillawalker.com/the-haunted-school-goosebumps-59.pdf
    • http://www.gorillawalker.com/the-autobiography-of-butch-jones-y-b-i-youngs-boys.pdf
    • http://www.gorillawalker.com/agricultural-urbanism-handbook-for-building-sustainable-food-systems-in-21st.pdf
    • http://www.gorillawalker.com/beyond-elder-law-new-directions-in-law-and-aging.pdf
    • http://www.gorillawalker.com/better-homes-and-gardens-all-time-favorite-fish-and-seafood.pdf
    • http://www.gorillawalker.com/lovers-queens-and-stranger-strong-women-in-celtic-myth.pdf
    • http://www.gorillawalker.com/the-world-of-writing-a-guide.pdf
    • http://www.gorillawalker.com/guitar-exam-pieces-grade-2-2016-2019.pdf
    • http://www.gorillawalker.com/gravity-box-and-other-spaces.pdf
    • http://www.gorillawalker.com/fractional-order-systems-and-controls-fundamentals-and-applications-advances-in.pdf
    • http://www.gorillawalker.com/hazardous-substances-resourceguide-2.pdf
    • http://www.gorillawalker.com/governance-in-developing-asia-public-service-delivery-and-empowerment.pdf
    • http://www.gorillawalker.com/don-t-breathe-a-word-a-novel.pdf
    • http://www.gorillawalker.com/lydia-s-hypnosis-lesbian-mind-control-erotica.pdf
    • http://www.gorillawalker.com/karios-special-moments-in-gospel-music-volume-2.pdf
    • http://www.gorillawalker.com/pathways-3-listening-speaking-and-critical-thinking-pathways-listening-speaking.pdf
    • http://www.gorillawalker.com/the-totally-useless-history-of-science-cranks-curiosities-crazy-experiments.pdf
    • http://www.gorillawalker.com/lonely-planet-new-zealand-new-zealand-10th-ed.pdf
    • http://www.gorillawalker.com/the-light-princess-and-other-fairy-stories.pdf
    • http://www.gorillawalker.com/israel-bradt-travel-guide.pdf
    • http://www.gorillawalker.com/collaborative-consultation-in-the-schools-effective-practices-for-students-with.pdf
    • http://www.gorillawalker.com/threads-of-time-recollections.pdf
    • http://www.gorillawalker.com/the-golden-age-of-liberalism-a-portrait-of-rom-o.pdf
    • http://www.gorillawalker.com/one-hundred-one-sauces.pdf
    • http://www.gorillawalker.com/clubbed-class.pdf
    • http://www.gorillawalker.com/penguin-modern-classics-meetings-with-remarkable-men.pdf
    • http://www.gorillawalker.com/history-of-technology-volume-26-2005-including-special-issue-engineering.pdf
    • http://www.gorillawalker.com/cairo-popout-map.pdf
    • http://www.gorillawalker.com/autocad-2006-3d-modeling-a-visual-approach.pdf
    • http://www.gorillawalker.com/unearthing-conflict-corporate-mining-activism-and-expertise-in-peru.pdf
    • http://www.gorillawalker.com/ac-theory.pdf
    • http://www.gorillawalker.com/civics-flash-cards-for-the-naturalization-test-2012-english-version.pdf
    • http://www.gorillawalker.com/william-at-war-just-william-series.pdf
    • http://www.gorillawalker.com/something-really-new-three-simple-steps-to-creating-truly-innovative.pdf
    • http://www.gorillawalker.com/pistol-shooting-know-the-game.pdf
    • http://www.gorillawalker.com/dead-hollywood-blondes.pdf
    • http://www.gorillawalker.com/by-lonely-planet-lonely-planet-thailand-travel-guide-15th-edition.pdf
    • http://www.gorillawalker.com/beyond-elder-law-new-directions-in-law-and-agin
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.