Malicious PDF — malware analysis report

Static analysis result for SHA-256 b8b7da771d2e2609…

MALICIOUS

PDF

43.5 KB Created: 2018-12-28 08:09:07 +03:00 Authoring application: Adobe InDesign CS5_J (7.0.4) (via Acrobat Distiller 9.5.0 (Windows))
MD5: e1db210b9bf3fc15c7b13c62c725130d SHA-1: db1e7aa2e182508fd78857f84d335e83400c668c SHA-256: b8b7da771d2e26097d1185693e31782b91625c514e00de54ce1c11140ea46b87
90 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell

The PDF was flagged by a machine learning classifier and contains a large number of embedded external links, indicative of a link farm or SEO manipulation tactic. The primary heuristic identified a mass external PDF link farm with 32 links, suggesting the document's purpose is to distribute or promote these external resources. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8859

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-billionaire-s-promise-billionaires-of-belmont-book-2-kindle.pdf
    • http://www.gorillawalker.com/fokker-f27-fairchild-fh227-fokker-f50-airline-markings-vol-13.pdf
    • http://www.gorillawalker.com/atlas-of-electron-microscopy-of-clay-minerals-and-their-admixtures.pdf
    • http://www.gorillawalker.com/streetslam-wishes-of-a-broken-time-streetlslam-book-1.pdf
    • http://www.gorillawalker.com/old-fish-hawk.pdf
    • http://www.gorillawalker.com/pulled-within-the-bar-harbor-series-volume-2.pdf
    • http://www.gorillawalker.com/the-complete-young-trailers-series-halcyon-classics-kindle-edition.pdf
    • http://www.gorillawalker.com/c-h-bond-activation-in-organic-synthesis.pdf
    • http://www.gorillawalker.com/the-wired-museum-emerging-technology-and-changing-paradigms.pdf
    • http://www.gorillawalker.com/remarkable-service.pdf
    • http://www.gorillawalker.com/biological-treatment-of-wastewaters-from-a-dye-manufacturing-company-using.pdf
    • http://www.gorillawalker.com/bigby-s-curse-endless-quest-books.pdf
    • http://www.gorillawalker.com/your-unix-linux-the-ultimate-guide.pdf
    • http://www.gorillawalker.com/single-component-binary-and-ternary-oxide-glasses-supplements-to-parts.pdf
    • http://www.gorillawalker.com/the-mancini-marriage-bargain-the-arranged-brides-duo-2-harlequin.pdf
    • http://www.gorillawalker.com/the-easy-way-to-play-100-favorite-songs-of-faith.pdf
    • http://www.gorillawalker.com/burton-holmes-travelogues-v4-cities-of-the-barbary-coast-oases.pdf
    • http://www.gorillawalker.com/the-natural-testosterone-plan-for-sexual-health-and-energy.pdf
    • http://www.gorillawalker.com/the-pediatric-echocardiographer-s-pocket-reference.pdf
    • http://www.gorillawalker.com/man-into-woman.pdf
    • http://www.gorillawalker.com/any-way-you-slice-it-the-past-present-and-future.pdf
    • http://www.gorillawalker.com/an-historical-account-of-the-protestant-episcopal-church-in-south.pdf
    • http://www.gorillawalker.com/coached-for-success-the-college-years-seven-success-strategies-for.pdf
    • http://www.gorillawalker.com/mes-petites-france-essais-french-edition.pdf
    • http://www.gorillawalker.com/human-resource-development-in-education.pdf
    • http://www.gorillawalker.com/a-royal-pain-a-royal-spyness-mystery.pdf
    • http://www.gorillawalker.com/red-black-and-jew-new-frontiers-in-hebrew-literature-jewish.pdf
    • http://www.gorillawalker.com/colonial-america-6th-edition.pdf
    • http://www.gorillawalker.com/trois-gymnop-die-for-tuba-or-bass-trombone-piano.pdf
    • http://www.gorillawalker.com/essential-rugby.pdf
    • http://www.gorillawalker.com/the-prevention-and-treatment-of-missing-data-in-clinical-trials.pdf
    • http://www.gorillawalker.com/silicon-man-silicon-series-book-1-kindle-edition.pdf
    • http://www.gorillawalker.com/the-viral-video-manifesto-why-everything-you-know-is-wrong.pdf
    • http://www.gorillawalker.com/clinical-nutrition-for-surgical-patients.pdf
    • http://www.gorillawalker.com/tastefully-tortured-2-training-her-in-erotica-bdsm.pdf
    • http://www.gorillawalker.com/shattering-silence.pdf
    • http://www.gorillawalker.com/handbook-on-basics-of-coating-technology.pdf
    • http://www.gorillawalker.com/how-to-know-the-mosses-and-liverworts.pdf
    • http://www.gorillawalker.com/job-1-the-devil-s-plaything-part-1-kindle-edition.pdf
    • http://www.gorillawalker.com/the-australian-policy-handbook.pdf
    • http://www.gorillawalker.com/c-h-bond-activation-in-organic-synt
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.