Malicious PDF — malware analysis report

Static analysis result for SHA-256 bae15d2e815d3b83…

MALICIOUS

PDF

43.2 KB Created: 2018-11-23 21:00:55 +03:00 Authoring application: Adobe InDesign CS5_J (7.0.4) (via Acrobat Distiller 9.5.0 (Windows))
MD5: 0a06506c9f14c7aa72bdd9a5b9b6a825 SHA-1: 3b1c69c808f27dee9813e7c370c040fdb1d22803 SHA-256: bae15d2e815d3b835d8afe783e3c99f7db2c44a1e91db7532c5d805cc1de0b5c
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Phishing:Spearphishing Attachment T1059.001 Command and Scripting Interpreter:PowerShell

The PDF file was flagged by a machine learning classifier as malicious and contains a large number of embedded links to external PDF files, indicative of a link farm or SEO poisoning attack. The primary purpose appears to be to distribute or redirect to other malicious content through these numerous links.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9016

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/a-pictorial-guide-to-the-lakeland-fells-book-one-the.pdf
    • http://www.gorillawalker.com/experimental-perspectives-on-presuppositions-studies-in-theoretical-psycholinguistics.pdf
    • http://www.gorillawalker.com/o-child-divine-songs-music-sing-my-soul.pdf
    • http://www.gorillawalker.com/the-trial-of-jesus-from-a-lawyer-s-standpoint-vol.pdf
    • http://www.gorillawalker.com/by-william-r-proffit-dds-phd-contemporary-orthodontics-4e-4th.pdf
    • http://www.gorillawalker.com/power-systems-third-edition-the-electric-power-engineering-handbook.pdf
    • http://www.gorillawalker.com/an-immigrant-s-journey-into-the-cosmos-a-memoir.pdf
    • http://www.gorillawalker.com/glencoe-iscience-earth-iscience-student-edition-earth-science.pdf
    • http://www.gorillawalker.com/teaching-strategies-for-nurse-educators-3rd-edition.pdf
    • http://www.gorillawalker.com/necronomicon-i-the-journal-of-horror-and-erotic-cinema.pdf
    • http://www.gorillawalker.com/make-bicycle-projects-upgrade-accessorize-and-customize-with-electronics-mechanics.pdf
    • http://www.gorillawalker.com/physics-of-solar-energy.pdf
    • http://www.gorillawalker.com/seneca-possessed-indians-witchcraft-and-power-in-the-early-american.pdf
    • http://www.gorillawalker.com/rufus-jones-1863-1948-life-and-bibliography-of-an-american.pdf
    • http://www.gorillawalker.com/first-step-for-nclex-pn-success-book-with-diskette-for.pdf
    • http://www.gorillawalker.com/music-appreciation-histories-and-cultures.pdf
    • http://www.gorillawalker.com/laos-and-the-hilltribes-of-indochina-journeys-to-the-boloven.pdf
    • http://www.gorillawalker.com/my-wild-kingdom.pdf
    • http://www.gorillawalker.com/101-best-slow-cooker-recipes-no-mess-no-hassle-no.pdf
    • http://www.gorillawalker.com/ankylosing-spondylitis-and-klebsiella.pdf
    • http://www.gorillawalker.com/andante-and-bouree-bass-clarinet-piano-handel-ayres.pdf
    • http://www.gorillawalker.com/blood-clots-strokes-a-guide-for-parents-little-folks.pdf
    • http://www.gorillawalker.com/essentials-of-understanding-psychology-9th-edition.pdf
    • http://www.gorillawalker.com/the-man-who-deciphered-linear-b-the-story-of-michael.pdf
    • http://www.gorillawalker.com/the-kingdom-of-ohio.pdf
    • http://www.gorillawalker.com/surveying-and-field-work-pt-2.pdf
    • http://www.gorillawalker.com/willimena-rules-rule-book-2-how-to-fish-for-trouble.pdf
    • http://www.gorillawalker.com/the-magic-workshop-a-resource-for-anyone-who-works-with.pdf
    • http://www.gorillawalker.com/perfectly-paleo-baked-treats-and-fish-seafood-cookbook-indulgent-paleo.pdf
    • http://www.gorillawalker.com/access-paris-10e-access-guides.pdf
    • http://www.gorillawalker.com/introduction-to-macroeconomics-4th-edition.pdf
    • http://www.gorillawalker.com/casenote-legal-briefs-federal-courts-keyed-to-redish-sherry.pdf
    • http://www.gorillawalker.com/japanese-cinema-encyclopedia-sex-films.pdf
    • http://www.gorillawalker.com/animating-space-from-mickey-to-wall-e.pdf
    • http://www.gorillawalker.com/the-sorcerer-s-apprentices-a-season-in-the-kitchen-at.pdf
    • http://www.gorillawalker.com/the-little-mermaid-erotic-fairy-tales-book-2-kindle-edition.pdf
    • http://www.gorillawalker.com/picturebooks-beyond-the-borders-of-art-narrative-and-culture.pdf
    • http://www.gorillawalker.com/red-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/cross-stitch-myth-magic.pdf
    • http://www.gorillawalker.com/reminiscences-of-the-cuban-revolutionary-war.pdf
    • http://www.gorill
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.