Malicious PDF — malware analysis report

Static analysis result for SHA-256 b5c56f370f882d87…

MALICIOUS

PDF

42.3 KB Created: 2018-11-26 20:03:36 +03:00 Authoring application: Adobe PageMaker 6.5 (via Acrobat Distiller 5.0 (Windows))
MD5: 3d563f5a13c5b8356b226decfa8d99f4 SHA-1: b02674645d2ebc4dcf88c2d97b8b7dc904a9c71b SHA-256: b5c56f370f882d87e9a15fcd2a79911d26b1cdd4d48a45330795527e0458051a
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged the document as malicious. The primary attack pattern appears to be a link farm designed to manipulate search engine results or distribute malicious content via numerous links. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8242

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/bible.pdf
    • http://www.gorillawalker.com/trabajo-social-con-grupos-y-pedagogia-ciudadana-social-work-with.pdf
    • http://www.gorillawalker.com/mountains.pdf
    • http://www.gorillawalker.com/story-of-marilyn-manson.pdf
    • http://www.gorillawalker.com/roosters-i-have-known.pdf
    • http://www.gorillawalker.com/histories-spring-64-spring-journal-no-64.pdf
    • http://www.gorillawalker.com/beginning-chess-how-to-master-the-fundamental-skills.pdf
    • http://www.gorillawalker.com/kippie-moeketsi-sad-man-of-jazz-life-stories.pdf
    • http://www.gorillawalker.com/withholding-evidence-evidence-series-book-3-kindle-edition.pdf
    • http://www.gorillawalker.com/bigfoot-beach.pdf
    • http://www.gorillawalker.com/the-great-wave-price-revolutions-and-the-rhythm-of-history.pdf
    • http://www.gorillawalker.com/the-twilight-mystique-critical-essays-on-the-novels-and-films.pdf
    • http://www.gorillawalker.com/infant-s-cabinet-of-birds-beasts.pdf
    • http://www.gorillawalker.com/caballero-knight-spanish-edition.pdf
    • http://www.gorillawalker.com/10-000-french-words-essential-vocabulary-for-all-students-of.pdf
    • http://www.gorillawalker.com/the-management-of-consumer-credit-theory-and-practice.pdf
    • http://www.gorillawalker.com/thinking-kids-146-math-grade-2.pdf
    • http://www.gorillawalker.com/hammer-of-the-gods-the-led-zeppelin-saga.pdf
    • http://www.gorillawalker.com/la-pintura-mig-eval-catalana-l-art-barbara-discursos-leidos.pdf
    • http://www.gorillawalker.com/the-arrangement-20-the-ferro-family.pdf
    • http://www.gorillawalker.com/future-demographic-trends-in-europe-and-north-america-what-can.pdf
    • http://www.gorillawalker.com/open-air-rock-art-conservation-and-management-state-of-the.pdf
    • http://www.gorillawalker.com/stick-man-s-really-bad-day.pdf
    • http://www.gorillawalker.com/malliavin-calculus-for-l-vy-processes-with-applications-to-finance.pdf
    • http://www.gorillawalker.com/ven-conmigo-level-3-grade-10-listening-activity-holt-ven.pdf
    • http://www.gorillawalker.com/contemporary-music-theory-level-two-a-complete-harmony-and-theory.pdf
    • http://www.gorillawalker.com/sinsajo-juegos-del-hambre-n.pdf
    • http://www.gorillawalker.com/graphing-calculator-keystroke-guide.pdf
    • http://www.gorillawalker.com/style-on-a-shoestring-develop-your-cents-of-style-and.pdf
    • http://www.gorillawalker.com/finale-2012-a-trailblazer-guide.pdf
    • http://www.gorillawalker.com/dungeon-crawlers.pdf
    • http://www.gorillawalker.com/after-foucault.pdf
    • http://www.gorillawalker.com/fracture-mechanics-second-edition.pdf
    • http://www.gorillawalker.com/broadway-musicals-show-by-show-1972-1988-paperback-1991-author.pdf
    • http://www.gorillawalker.com/sugar-milk-yaoi.pdf
    • http://www.gorillawalker.com/fasttrack-lead-singer-method-book-1-fast-track-hal-leonard.pdf
    • http://www.gorillawalker.com/business-approach-to-internal-auditing.pdf
    • http://www.gorillawalker.com/power-series-from-a-computational-point-of-view-universitext.pdf
    • http://www.gorillawalker.com/flowering-in-the-shadows-women-in-the-history-of-chinese.pdf
    • http://www.gorillawalker.com/affiliate-program-management-an-hour-a-day.pdf
    • http://www.gorillawalker.com/beginning-chess-how-to-master-the-fundamental-
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.