Malicious PDF — malware analysis report

Static analysis result for SHA-256 b878a31e2a6728aa…

MALICIOUS

PDF

44.8 KB Created: 2018-11-30 20:57:07 +03:00 Authoring application: Acrobat PDFMaker 15 for Word (via Adobe PDF Library 15.0)
MD5: 134961741d0546aed95269ebc8345688 SHA-1: b399ddf6bd8cffc04d432061901c7734c880823f SHA-256: b878a31e2a6728aacb430389ab1adee24daf4f054417a5faf8a3674f33b3103a
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF was flagged by a machine learning classifier and contains a large number of embedded external links, indicating a potential link farm or distribution point for malicious content. The heuristic PDF_SEO_LINK_FARM specifically calls out the mass external PDF link farm. While no scripts were extracted, the sheer volume of links suggests a malicious intent to redirect users to potentially harmful sites.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8439

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/defy-gravity-healing-beyond-the-bounds-of-reason.pdf
    • http://www.gorillawalker.com/civil-litigation-in-connecticut-anatomy-of-a-lawsuit.pdf
    • http://www.gorillawalker.com/breast-imaging-on-cd-rom-electronic-resources-from-tki-medcon.pdf
    • http://www.gorillawalker.com/paupers-and-pig-killers-the-diary-of-william-holland-a.pdf
    • http://www.gorillawalker.com/revolutionizing-education-through-technology-the-project-red-roadmap-for-transformation.pdf
    • http://www.gorillawalker.com/the-adventures-of-kingii-the-frilled-lizard-fluent-read-explore.pdf
    • http://www.gorillawalker.com/the-perfect-machine-tv-in-the-nuclear-age.pdf
    • http://www.gorillawalker.com/the-elements-of-confederate-defeat-nationalism-war-aims-and-religion.pdf
    • http://www.gorillawalker.com/curv-your-dog-and-other-hilarious-cartoons.pdf
    • http://www.gorillawalker.com/daquan-new-casserole-recipe-paperback.pdf
    • http://www.gorillawalker.com/diccionario-para-forex-ingles-espanol-spanish-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/nelson-international-science-workbook-3.pdf
    • http://www.gorillawalker.com/persecution-and-resistance-of-jehovah-s-witnesses-during-the-nazi.pdf
    • http://www.gorillawalker.com/2007-urban-remote-sensing-joint-event.pdf
    • http://www.gorillawalker.com/axioma-poderosos-proverbios-del-liderazgo-seleccion-vida-lider-spanish-edition.pdf
    • http://www.gorillawalker.com/my-little-friend-goes-to-school.pdf
    • http://www.gorillawalker.com/8-boris-vallego-fantasy-calendars-1984-1985-1986-1987-1988.pdf
    • http://www.gorillawalker.com/new-hope-for-the-dead-uncollected-william-matthews.pdf
    • http://www.gorillawalker.com/clinical-calculations-with-applications-to-general-and-specialty-areas-7e.pdf
    • http://www.gorillawalker.com/citrus-germplasm-cultivars-and-rootstocks.pdf
    • http://www.gorillawalker.com/lonely-planet-laos-travel-guide.pdf
    • http://www.gorillawalker.com/hell-bent-obsession-pain-and-the-search-for-something-like.pdf
    • http://www.gorillawalker.com/canoeing-sailing-and-motor-boating-practical-boat-building-and-handling.pdf
    • http://www.gorillawalker.com/the-gloom-looms-a-box-of-unfortunate-events-books-10.pdf
    • http://www.gorillawalker.com/oil-and-vinegar-twenty-easy-recipes-to-make-your-own.pdf
    • http://www.gorillawalker.com/the-nail-knot-fly-fishing-mystery.pdf
    • http://www.gorillawalker.com/ideal-protein-cookbook-the-ultimate-guide-in-protein-for-fitness.pdf
    • http://www.gorillawalker.com/our-dumb-world-the-onion-s-atlas-of-the-planet.pdf
    • http://www.gorillawalker.com/the-enemy-a-jack-reacher-novel-random-house-large-print.pdf
    • http://www.gorillawalker.com/nutrition-and-cancer-prevention-modern-nutrition.pdf
    • http://www.gorillawalker.com/minecraft-redstone-handbook-edition-minecraft-secrets-unofficial-minecraft-redstone-guide.pdf
    • http://www.gorillawalker.com/scarlet-moon.pdf
    • http://www.gorillawalker.com/essential-mathematics-for-political-and-social-research.pdf
    • http://www.gorillawalker.com/watch-over-me.pdf
    • http://www.gorillawalker.com/recognizing-catastrophic-incident-warning-signs-in-the-process-industries.pdf
    • http://www.gorillawalker.com/history-of-life.pdf
    • http://www.gorillawalker.com/violin-sightreading-book-2-oxford-music-for-violin-bk-2.pdf
    • http://www.gorillawalker.com/iec-60364-7-715-ed-1-0-b-1999-electrical.pdf
    • http://www.gorillawalker.com/the-stairwell.pdf
    • http://www.gorillawalker.com/edexcel-gcse-german-foundation-workbook-pack-of-8.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.