Malicious PDF — malware analysis report

Static analysis result for SHA-256 b67554cbb5e76729…

MALICIOUS

PDF

46.4 KB Created: 2018-11-30 20:34:10 +03:00 Authoring application: Adobe InDesign CC 2015 (Macintosh) (via Adobe PDF Library 15.0)
MD5: 7dd036ece8d40e459db1b1764c3540d7 SHA-1: fc4339a5297ca541891fe1e963f21e27068d838a SHA-256: b67554cbb5e767293c6bd2de7b8504a1a85b50724bad287d6ec0eb87467b56f0
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF contains a large number of embedded URLs, identified as a link farm, which is a common tactic for SEO manipulation or distributing malicious content. The ML classifier also flagged this PDF as malicious. No scripts were extracted, and the document body was heavily obfuscated, preventing a deeper analysis of the specific lure.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8518

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/pastoral-counseling-coaching-compass-therapy-in-churches.pdf
    • http://www.gorillawalker.com/the-upanishads-breath-of-the-eternal-kindle-edition.pdf
    • http://www.gorillawalker.com/environmental-technology-resources-handbook.pdf
    • http://www.gorillawalker.com/here-and-now-the-autobiography-of-pat-martino-kindle-edition.pdf
    • http://www.gorillawalker.com/trinitas-a-theological-encyclopedia-of-the-holy-trinity-michael-glazier.pdf
    • http://www.gorillawalker.com/code-of-federal-regulations-title-34-education-pt-1-299.pdf
    • http://www.gorillawalker.com/more-than-a-friend-bdsm-gay-erotica.pdf
    • http://www.gorillawalker.com/perspectives-in-organometallic-chemistry-rsc-special-publications.pdf
    • http://www.gorillawalker.com/calculating-texas-hold-em-poker-odds-made-easy.pdf
    • http://www.gorillawalker.com/the-ultimate-guide-to-horses-ponies-practical-guides.pdf
    • http://www.gorillawalker.com/joyland.pdf
    • http://www.gorillawalker.com/busy-harbour-busy-books.pdf
    • http://www.gorillawalker.com/taber-s-cyclopedic-medical-dictionary-indexed-19e-medical-terminology-simplified.pdf
    • http://www.gorillawalker.com/take-my-advice-letters-to-the-next-generation-from-people.pdf
    • http://www.gorillawalker.com/the-one-bad-thing-about-father.pdf
    • http://www.gorillawalker.com/the-declaration-of-independence-and-war-history-bull-run-to.pdf
    • http://www.gorillawalker.com/beyond-the-qumran-community-the-sectarian-movement-of-the-dead.pdf
    • http://www.gorillawalker.com/quick-reference-to-adult-and-older-adult-forensics-a-guide.pdf
    • http://www.gorillawalker.com/luminotecnia-el-arte-de-la-correcta-iluminaci-n-spanish-edition.pdf
    • http://www.gorillawalker.com/unwin-student-pack-twenty-buildings-every-architect-should-understand.pdf
    • http://www.gorillawalker.com/all-star-western-theater-windmill-on-the-river-and-missy.pdf
    • http://www.gorillawalker.com/waiting-in-the-shadows.pdf
    • http://www.gorillawalker.com/industrielle-kostenrechnung-eine-einf-hrung-german-edition.pdf
    • http://www.gorillawalker.com/built-below-sea-level-new-orleans-shockwave-people-and-communities.pdf
    • http://www.gorillawalker.com/hematology-basic-principles-and-practice-expert-consult-premium-edition-enhanced.pdf
    • http://www.gorillawalker.com/the-ugly-wife-is-a-treasure-at-home-true-stories.pdf
    • http://www.gorillawalker.com/poder-curativo-del-limon-spanish-edition.pdf
    • http://www.gorillawalker.com/world-war-blue-vol-6.pdf
    • http://www.gorillawalker.com/vegetarian-mediterranean-cooking-180-fresh-and-healthy-recipes-from-sun.pdf
    • http://www.gorillawalker.com/back-care-basics-a-doctor-s-gentle-yoga-program-for.pdf
    • http://www.gorillawalker.com/personality-theories-a-comparative-analysis.pdf
    • http://www.gorillawalker.com/chi-kung-for-prostate-health-and-sexual-vigor-a-handbook.pdf
    • http://www.gorillawalker.com/people-who-changed-the-world.pdf
    • http://www.gorillawalker.com/de-papel-en-torno-a-sus-dos-mil-a-os.pdf
    • http://www.gorillawalker.com/french-english-my-first-picture-dictionary.pdf
    • http://www.gorillawalker.com/vector-analysis-problem-solver.pdf
    • http://www.gorillawalker.com/remnants-of-song-trauma-and-the-experience-of-modernity-in.pdf
    • http://www.gorillawalker.com/puppets-puppetry-and-gogmagog-a-manual-for-constructing-puppets.pdf
    • http://www.gorillawalker.com/federal-bail-and-detention-handbook-2012.pdf
    • http://www.gorillawalker.com/iniciar-con-lazarus-y-free-pascal-aprender-haciendo-spanish-edition.pdf
    • http://www.gorillawalke
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.