Malicious PDF — malware analysis report

Static analysis result for SHA-256 b78f7fbecf27505b…

MALICIOUS

PDF

42.0 KB Created: 2018-11-15 18:33:43 +03:00 Authoring application: UnknownApplication (via XEP 4.4 build 20050610)
MD5: a78ccce0d2e2f691a64d6d1d045dd9d8 SHA-1: 615fb82a862158d470009052b7407e98298dbaa3 SHA-256: b78f7fbecf27505b42bd472d39ddf51166782282ec9bfb98af2a253004404612
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF contains a large number of embedded URLs pointing to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML_NYX_PDF_MALICIOUS classifier also flagged this file with high confidence. While no scripts were extracted, the sheer volume of links suggests a malicious intent, possibly for SEO spam or to distribute further malware. The document body was unreadable, preventing a more specific analysis of the lure.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9027

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/verbal-kung-fu-for-freelancers-master-the-art-of-self.pdf
    • http://www.gorillawalker.com/when-i-am-a-sister.pdf
    • http://www.gorillawalker.com/legality-and-legitimacy.pdf
    • http://www.gorillawalker.com/clinical-calculations-with-applications-to-general-and-specialty-areas-6e.pdf
    • http://www.gorillawalker.com/second-corinthians-jensen-bible-self-study-guide-jensen-bible-self.pdf
    • http://www.gorillawalker.com/baltimore-volume-2-the-curse-bells.pdf
    • http://www.gorillawalker.com/cope-with-daily-headache-translated-version-chinese-edition.pdf
    • http://www.gorillawalker.com/advances-in-quantum-chemistry-vol-24.pdf
    • http://www.gorillawalker.com/bioremediation-engineering-design-and-applications-1st-first-edition-by-cookson.pdf
    • http://www.gorillawalker.com/the-complete-pregnancy-guide-expectant-fathers-everything-a-dad-needs.pdf
    • http://www.gorillawalker.com/stiff-upper-lip-jeeves-a-bbc-full-cast-radio-drama.pdf
    • http://www.gorillawalker.com/tolkien-diary-2009.pdf
    • http://www.gorillawalker.com/great-sporting-moments-famous-images-in-20th-century-sport.pdf
    • http://www.gorillawalker.com/the-academic-questions-treatise-de-finibus-and-tusculan-disputations-of.pdf
    • http://www.gorillawalker.com/fifty-shades-phenomenon-exploring-a-sexual-revolution.pdf
    • http://www.gorillawalker.com/planes-usborne-beginners-usborne-beginners.pdf
    • http://www.gorillawalker.com/tremolo-harmonica-complete-works-for-beginners-2004-isbn-4887634498-japanese.pdf
    • http://www.gorillawalker.com/atlas-of-biomarkers-for-alzheimer-s-disease.pdf
    • http://www.gorillawalker.com/the-consolidation-of-dictatorship-in-russia-an-inside-view-of.pdf
    • http://www.gorillawalker.com/a-quest-in-the-middle-east-gertrude-bell-and-the.pdf
    • http://www.gorillawalker.com/the-read-aloud-handbook-sixth-edition.pdf
    • http://www.gorillawalker.com/ethernet-based-metro-area-networks.pdf
    • http://www.gorillawalker.com/the-art-of-chinese-management-theory-evidence-and-applications.pdf
    • http://www.gorillawalker.com/osho-ve-profundo-se-natural-ve-mas-alto-spanish-edition.pdf
    • http://www.gorillawalker.com/jamaica-speech.pdf
    • http://www.gorillawalker.com/holman-quicksource-guide-to-understanding-jesus-holman-quicksource-guides.pdf
    • http://www.gorillawalker.com/lie-in-the-dark-and-listen.pdf
    • http://www.gorillawalker.com/flannery-o-connor.pdf
    • http://www.gorillawalker.com/fundamentals-of-electromagnetic-phenomena.pdf
    • http://www.gorillawalker.com/new-perspectives-on-the-man-of-sorrows-studies-in-iconography.pdf
    • http://www.gorillawalker.com/neon-a-collection-of-poems.pdf
    • http://www.gorillawalker.com/agroclimatic-map-of-the-philippines.pdf
    • http://www.gorillawalker.com/technically-write-communication-for-the-technical-man.pdf
    • http://www.gorillawalker.com/programming-entity-framework.pdf
    • http://www.gorillawalker.com/panzer-grenadier-division-grossdeutschland-a-pictorial-history-with-text-maps.pdf
    • http://www.gorillawalker.com/corporate-culture-illuminating-the-black-hole.pdf
    • http://www.gorillawalker.com/hidden-target-otter-creek-volume-2.pdf
    • http://www.gorillawalker.com/got-it-plus-starter-level-student-pack-a.pdf
    • http://www.gorillawalker.com/the-attack.pdf
    • http://www.gorillawalker.com/semiconductor-junction-devices-the-merrill-series-in-electronics.pdf
    • http://www.gorillawalker.com/baltimore-volume-2-the-curse-be
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.