Malicious PDF — malware analysis report

Static analysis result for SHA-256 b7a7e821b2af9c45…

MALICIOUS

PDF

42.1 KB Created: 2018-11-26 20:27:23 +03:00 Authoring application: Adobe InDesign CS3 (5.0.4) (via Adobe PDF Library 8.0)
MD5: 369bf53970de62cda10d833178af02a0 SHA-1: 86dffdb38a1b91c4e3021685d959387fc92f4289 SHA-256: b7a7e821b2af9c45431296383979714f8bdebba189bc38e52fe5bcca340446e1
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1059.001 PowerShell

The PDF file was flagged by a machine learning classifier as malicious. It contains a large number of embedded external links, a technique often used for SEO manipulation or to distribute further malicious content. While no scripts were extracted, the sheer volume of links suggests a malicious intent to redirect users to potentially harmful sites.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8469

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/how-to-build-hot-rod-chassis.pdf
    • http://www.gorillawalker.com/personal-narrative-of-a-pilgrimage-to-el-medinah-and-meccah.pdf
    • http://www.gorillawalker.com/get-your-ex-back-9-things-your-ex-needs-you.pdf
    • http://www.gorillawalker.com/plant-transformation-technologies.pdf
    • http://www.gorillawalker.com/word-is-an-egg.pdf
    • http://www.gorillawalker.com/to-whisper-her-name-a-belle-meade-plantation-novel.pdf
    • http://www.gorillawalker.com/virginia-bed-breakfast-cookbook.pdf
    • http://www.gorillawalker.com/reaching-children-through-play-therapy-an-experiential-approach.pdf
    • http://www.gorillawalker.com/drug-information-for-teens.pdf
    • http://www.gorillawalker.com/mathematics-for-3d-game-programming-and-computer-graphics-third-edition.pdf
    • http://www.gorillawalker.com/speaking-of-slavery-color-ethnicity-and-human-bondage-in-italy.pdf
    • http://www.gorillawalker.com/la-libertad-de-no-tener-spanish-edition.pdf
    • http://www.gorillawalker.com/what-could-he-be-thinking-how-a-man-s-mind.pdf
    • http://www.gorillawalker.com/practitioner-s-guide-to-dynamic-assessment-guilford-school-practitioner.pdf
    • http://www.gorillawalker.com/the-new-settler-interviews.pdf
    • http://www.gorillawalker.com/curing-arthritis-more-ways-to-a-drug-free-life.pdf
    • http://www.gorillawalker.com/introduction-to-the-qur-an-the-new-edinburgh-islamic-surveys.pdf
    • http://www.gorillawalker.com/geographies-of-modernism.pdf
    • http://www.gorillawalker.com/bratislava-audio-tour-kindle-edition.pdf
    • http://www.gorillawalker.com/daily-life-arithmetics-grade-six.pdf
    • http://www.gorillawalker.com/guiding-children-s-social-development-and-learning.pdf
    • http://www.gorillawalker.com/the-control-book-kindle-edition.pdf
    • http://www.gorillawalker.com/the-price-of-temptation.pdf
    • http://www.gorillawalker.com/the-international-political-economy-of-the-environment-critical-perspectives-international.pdf
    • http://www.gorillawalker.com/266-million-winning-lottery-recipes-l-l-hawaiian-barbecue-cookbook.pdf
    • http://www.gorillawalker.com/galerius-and-the-will-of-diocletian-roman-imperial-biographies.pdf
    • http://www.gorillawalker.com/the-man-and-the-moon.pdf
    • http://www.gorillawalker.com/the-never-ending-days-of-being-dead.pdf
    • http://www.gorillawalker.com/research-ethics-committees-data-protection-and-medical-research-in-european.pdf
    • http://www.gorillawalker.com/exam-facts-cfa-chartered-financial-analyst-level-1-exam-study.pdf
    • http://www.gorillawalker.com/ecuador-case-study-maps.pdf
    • http://www.gorillawalker.com/hedge-fund-structure-regulation-and-performance-around-the-world.pdf
    • http://www.gorillawalker.com/bonaparte-in-egypt-and-the-egyptians-of-to-day.pdf
    • http://www.gorillawalker.com/mass-in-e-flat-in-vocal-score-with-pianoforte-accompaniment.pdf
    • http://www.gorillawalker.com/pirate-trials-famous-murderous-pirates-book-series-the-lives-and.pdf
    • http://www.gorillawalker.com/you-animal-you-charlotte-cory.pdf
    • http://www.gorillawalker.com/the-young-magician-vol-1.pdf
    • http://www.gorillawalker.com/engineering-drawing-and-design-student-edition-2002-6th-sixfth-edition.pdf
    • http://www.gorillawalker.com/the-gay-agenda-claiming-space-identity-and-justice-counterpoints-english.pdf
    • http://www.gorillawalker.com/the-rise-of-communism-turning-points-in-world-history.pdf
    • http://www.gorillawalker.com/reaching-children-through-play-therapy-an-experiential-appro
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.