Malicious PDF — malware analysis report

Static analysis result for SHA-256 b94efdf6921c1c36…

MALICIOUS

PDF

46.4 KB Created: 2018-11-30 20:23:33 +03:00 Authoring application: Adobe InDesign CS3 (5.0) (via Adobe PDF Library 8.0)
MD5: e876a49ea934edc972f737e2a8c77045 SHA-1: 61a53b0c10da2f61041a80895277b52c5c521a75 SHA-256: b94efdf6921c1c3631cc6a3e08e8787c3963fd76e0780f244cc938eedbd8ad17
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1059.001 PowerShell

The PDF was flagged by a critical heuristic for containing a large number of external links, suggesting a link farm or SEO manipulation tactic. The ML classifier also indicated a high probability of maliciousness. While no scripts were extracted, the sheer volume of embedded URLs points towards a malicious intent, possibly to redirect users to phishing sites or download further malware. The document body was not sufficiently readable to determine a specific lure.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8709

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-norton-anthology-of-american-literature-eighth-edition-vol-package.pdf
    • http://www.gorillawalker.com/exploring-parks-and-playgrounds-multiplication-and-division-of-fractions-contexts.pdf
    • http://www.gorillawalker.com/discourse-studies-a-multidisciplinary-introduction.pdf
    • http://www.gorillawalker.com/chained-to-the-desk-third-edition-a-guidebook-for-workaholics.pdf
    • http://www.gorillawalker.com/best-practices-for-teaching-with-emerging-technologies-best-practices-in.pdf
    • http://www.gorillawalker.com/computational-chemistry-introduction-to-the-theory-and-applications-of-molecular.pdf
    • http://www.gorillawalker.com/international-mountain-rescue-handbook-guides.pdf
    • http://www.gorillawalker.com/60-worksheets-identifying-places-with-5-digit-numbers-math-practice.pdf
    • http://www.gorillawalker.com/voyage-of-the-ant.pdf
    • http://www.gorillawalker.com/piano-trio-no-4-in-c-minor-op-101-kalmus.pdf
    • http://www.gorillawalker.com/a-text-book-of-the-principles-of-osteopathy.pdf
    • http://www.gorillawalker.com/start-and-succeed-in-multilevel-marketing.pdf
    • http://www.gorillawalker.com/protein-folding-and-misfolding-shining-light-by-infrared-spectroscopy-biological.pdf
    • http://www.gorillawalker.com/dancing-on-my-grave-an-autobiography.pdf
    • http://www.gorillawalker.com/the-ethics-of-palliative-care-european-perspectives-facing-death-series.pdf
    • http://www.gorillawalker.com/warship-pictorial-no-8-uss-salem-ca-139.pdf
    • http://www.gorillawalker.com/popol-vuh-las-antiguas-historias-del-quiche.pdf
    • http://www.gorillawalker.com/five-years-of-industrial-peace-a-discussion-of-the-five.pdf
    • http://www.gorillawalker.com/iec-60364-5-51-ed-5-0-b-2005-electrical.pdf
    • http://www.gorillawalker.com/le-savoir-convalescent-french-edition.pdf
    • http://www.gorillawalker.com/the-lies-of-locke-lamora-gentleman-bastard.pdf
    • http://www.gorillawalker.com/zimbabve-mineral-mining-sector-investment-and-business-guide-world-business.pdf
    • http://www.gorillawalker.com/population-genetics-monographs-on-applied-probability.pdf
    • http://www.gorillawalker.com/an-atlas-of-russian-history-eleven-centuries-of-changing-borders.pdf
    • http://www.gorillawalker.com/fractals-a-user-s-guide-for-the-natural-sciences-oxford.pdf
    • http://www.gorillawalker.com/buck-denver-asks-what-s-in-the-bible-the-songs.pdf
    • http://www.gorillawalker.com/the-night-is-mine.pdf
    • http://www.gorillawalker.com/from-victim-to-offender-how-child-sexual-abuse-victims-become.pdf
    • http://www.gorillawalker.com/journal-of-chemical-physics-volume-43-number-8-october-15.pdf
    • http://www.gorillawalker.com/water-operator-certification-study-guide-a-guide-to-preparing-for.pdf
    • http://www.gorillawalker.com/delivering-biodiversity-benefits-through-green-infrastructure-ciria-publication.pdf
    • http://www.gorillawalker.com/sexy-black-man-white-girl-interracial-taboo.pdf
    • http://www.gorillawalker.com/rainbows-and-banana-peels-surviving-life-s-knocks-with-grace.pdf
    • http://www.gorillawalker.com/a-p-mechanics-airframe-handbook-ac-65-15a-airframe-handbook.pdf
    • http://www.gorillawalker.com/science-learning-objectives-essential-tools-grade-4-for-use-with.pdf
    • http://www.gorillawalker.com/a-compilation-of-higher-thoughts-vol-ii-ascend-volume-2.pdf
    • http://www.gorillawalker.com/dhm-professional-level-blackjack-system-covers-tournament-blackjack-and-over.pdf
    • http://www.gorillawalker.com/school-and-community-theatre-management-a-handbook-for-survival.pdf
    • http://www.gorillawalker.com/biodiversity-response-to-climate-change-in-the-middle-pleistocene-the.pdf
    • http://www.gorillawalker.com/terraria-kindle-edition.pdf
    • http://www.gorillawalker.com/computational-chemistry-introduction-to-the-theory-and-applicatio
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.