Malicious PDF — malware analysis report

Static analysis result for SHA-256 b849b54a5bf61808…

MALICIOUS

PDF

45.6 KB Created: 2018-11-26 20:06:46 +03:00 Authoring application: Microsoft Word (via Acrobat PDFWriter 4.0 para Windows)
MD5: c675634c8ce662d0545d7645a96f0fa8 SHA-1: 99ae382972ae23efccda83cd5620883ec67d3691 SHA-256: b849b54a5bf618088036322e02bd337eb1c773c43d6cdd39e2dc47d64cd6bf60
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged the document as malicious. The primary purpose appears to be directing users to a website hosting numerous PDFs, likely for SEO spam or to serve as a distribution point for other malicious content. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8439

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/point-training-the-all-seasons-birddog.pdf
    • http://www.gorillawalker.com/college-algebra-essentials-with-mathxl-3rd-edition.pdf
    • http://www.gorillawalker.com/mystic-poetry-rupa-gosvamin-s-uddhava-sandesa-and-hamsaduta.pdf
    • http://www.gorillawalker.com/the-a-z-of-microwave-cooking.pdf
    • http://www.gorillawalker.com/quantitative-modeling-of-human-performance-in-complex-dynamic-systems.pdf
    • http://www.gorillawalker.com/queen-latifah-today-s-superstars.pdf
    • http://www.gorillawalker.com/teach-online-make-money-doing-what-you-love-learn-exactly.pdf
    • http://www.gorillawalker.com/mysterious-america-the-revised-edition.pdf
    • http://www.gorillawalker.com/manners-for-schoolboys.pdf
    • http://www.gorillawalker.com/la-salud-hecho-facil-consejos-vitales-para-llegar-a-viejo.pdf
    • http://www.gorillawalker.com/the-lord-of-the-rings-and-the-hobbit-audio-theater.pdf
    • http://www.gorillawalker.com/statistical-methods-for-practice-and-research-a-guide-to-data.pdf
    • http://www.gorillawalker.com/german-and-jew-the-life-and-death-of-sigmund-stein.pdf
    • http://www.gorillawalker.com/enjoy-life-moving-past-everyday-struggles.pdf
    • http://www.gorillawalker.com/amazing-athlete-ice-skating-dreams-look-look.pdf
    • http://www.gorillawalker.com/sage-sourcebook-of-modern-biomedical-devices-business-environments-in-a.pdf
    • http://www.gorillawalker.com/literature-media-information-systems-critical-voices-in-art-theory-and.pdf
    • http://www.gorillawalker.com/travels-through-russia-siberia-poland-austria-prussia-undertaken-during-1822.pdf
    • http://www.gorillawalker.com/feels-so-good-stepbrother-seductions.pdf
    • http://www.gorillawalker.com/color-atlas-of-nerve-biopsy-pathology.pdf
    • http://www.gorillawalker.com/patients-as-partners-how-to-involve-patients-and-families-in.pdf
    • http://www.gorillawalker.com/notes-on-a-journey-in-america-from-the-coast-of.pdf
    • http://www.gorillawalker.com/dental-radiography-introduction-for-dental-hygienists-and-assistants.pdf
    • http://www.gorillawalker.com/parenting-with-purpose-five-keys-to-raising-children-with-values.pdf
    • http://www.gorillawalker.com/early-tahitian-poetics-pacific-linguistics-pl.pdf
    • http://www.gorillawalker.com/the-low-carb-bibles-low-carb-green-smoothie-recipes-and.pdf
    • http://www.gorillawalker.com/bankruptcy-and-related-law-in-a-nutshell-8th-by-david.pdf
    • http://www.gorillawalker.com/enciclopedia-de-an-cdotas-vol-2-spanish-edition.pdf
    • http://www.gorillawalker.com/let-s-just-say-it-wasn-t-pretty.pdf
    • http://www.gorillawalker.com/aristotle-and-the-philosophy-of-friendship.pdf
    • http://www.gorillawalker.com/holt-assessment-literature-reading-and-vocabulary-elements-of-literature-first.pdf
    • http://www.gorillawalker.com/soul-shaping-creating-compassionate-children.pdf
    • http://www.gorillawalker.com/write-source-a-book-for-writing-thinking-and-learning-grade.pdf
    • http://www.gorillawalker.com/john-paul-ii-for-dummies.pdf
    • http://www.gorillawalker.com/the-professor-and-the-president-daniel-patrick-moynihan-in-the.pdf
    • http://www.gorillawalker.com/what-were-they-fighting-for.pdf
    • http://www.gorillawalker.com/american-fencer-modern-lessons-from-an-ancient-sport.pdf
    • http://www.gorillawalker.com/telemarketing-faster-better-cheaper-an-article-from-bank-marketing-html.pdf
    • http://www.gorillawalker.com/saxon-grammar-and-writing-student-workbook-grade-7.pdf
    • http://www.gorillawalker.com/everyone-s-country-estate-a-history-of-minnesota-s-state.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.