Malicious PDF — malware analysis report

Static analysis result for SHA-256 bd0355ccfa29c4ec…

MALICIOUS

PDF

41.8 KB Created: 2018-11-15 19:36:19 +03:00 Authoring application: - (via ProcessText Group)
MD5: fd3bf82b972a936fadb0588e8525bdaa SHA-1: e9e959f651ba299fe92d315e0fad3bfecd75fbe3 SHA-256: bd0355ccfa29c4ec68faf61e676801c0bfe4131e0281f6185c60b9ea2a40e82b
90 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged this PDF as malicious. The primary attack pattern appears to be SEO manipulation or a link farm designed to distribute malicious content or redirect users. No scripts were extracted, limiting the ability to determine further payload delivery mechanisms.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/disaster-at-the-pole-the-crash-of-the-airship-italia.pdf
    • http://www.gorillawalker.com/experiencing-jazz-online-access-to-music-token.pdf
    • http://www.gorillawalker.com/lin-and-the-red-stranger-kindle-edition.pdf
    • http://www.gorillawalker.com/mary-ann-shadd-cary-the-black-press-and-protest-in.pdf
    • http://www.gorillawalker.com/channel-islands-national-park-east-anacapa-island-a-photographic-extravaganza.pdf
    • http://www.gorillawalker.com/love-your-sister-kindle-edition.pdf
    • http://www.gorillawalker.com/dangerous-women-outlander-series.pdf
    • http://www.gorillawalker.com/brightred-study-guide-cfe-advanced-higher-chemistry.pdf
    • http://www.gorillawalker.com/firecracker.pdf
    • http://www.gorillawalker.com/legal-aspects-of-health-care-administration-student-case-law-resource.pdf
    • http://www.gorillawalker.com/joe-dollar-the-gambler-and-his-adventures-kindle-edition.pdf
    • http://www.gorillawalker.com/lsat-practice-questions-first-set-lsat-practice-test-exam-review.pdf
    • http://www.gorillawalker.com/having-nathan-s-baby-having-his-baby-book-1-kindle.pdf
    • http://www.gorillawalker.com/computers-teachers-peers-science-learning-partners.pdf
    • http://www.gorillawalker.com/archie-the-married-life-book-5-the-married-life-series.pdf
    • http://www.gorillawalker.com/state-capitalism-institutional-adaptation-and-the-chinese-miracle-comparative-perspectives.pdf
    • http://www.gorillawalker.com/van-gogh-project-book-sunflowers-and-irises-journal-large-notebook.pdf
    • http://www.gorillawalker.com/breathing-webster-s-specialty-crossword-puzzles-volume-1-the-essentials.pdf
    • http://www.gorillawalker.com/cingular-and-microsoft-deploy-windows-mobile-based-devices-an-article.pdf
    • http://www.gorillawalker.com/beowulf-manchester-medieval-classics.pdf
    • http://www.gorillawalker.com/upstream-a-voyage-on-the-connecticut-river.pdf
    • http://www.gorillawalker.com/reflexologia-de-la-mano-spanish-edition.pdf
    • http://www.gorillawalker.com/belize-a-concise-history-belize.pdf
    • http://www.gorillawalker.com/music-therapy-an-art-beyond-words.pdf
    • http://www.gorillawalker.com/essential-italian-berlitz-essentials-italian-edition-english-and-italian-edition.pdf
    • http://www.gorillawalker.com/maid-laid-bare-maid-for-service-book-1-kindle-edition.pdf
    • http://www.gorillawalker.com/homeland-security-and-terrorism-readings-and-interpretations-the-mcgraw-hill.pdf
    • http://www.gorillawalker.com/cyber-rules-strategies-for-excelling-at-e-business.pdf
    • http://www.gorillawalker.com/college-algebra-essentials-8th-edition.pdf
    • http://www.gorillawalker.com/office-ladies-factory-women-life-and-work-at-a-japanese.pdf
    • http://www.gorillawalker.com/judas-maccabaeus-hallelujah-amen-keyboard-or-orchestra-choral-sheet-music.pdf
    • http://www.gorillawalker.com/quinze-etudes-de-rythme-pour-trombone-fifteen-rhythmical-studies-for.pdf
    • http://www.gorillawalker.com/johnny-dongle-s-absolutely-true-spine-tingling-sexcapades-vol-2.pdf
    • http://www.gorillawalker.com/higher-level-chemistry-pearson-baccalaureate-developed-specifically-for-the-ib.pdf
    • http://www.gorillawalker.com/wasted-talents.pdf
    • http://www.gorillawalker.com/beyond-the-golden-rule-a-jewish-perspective-on-dialogue-and.pdf
    • http://www.gorillawalker.com/starboard-wine.pdf
    • http://www.gorillawalker.com/coming-undone-a-brown-family-novel.pdf
    • http://www.gorillawalker.com/unhidden-the-gatekeeper-chronicles-book-1-kindle-edition.pdf
    • http://www.gorillawalker.com/an-introduction-to-chaotic-dynamical-systems-2nd-edition-studies-in.pdf
    • http://www.gorillawalker
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.