Malicious PDF — malware analysis report

Static analysis result for SHA-256 c2390d51a29bf920…

MALICIOUS

PDF

32.6 KB Created: 2019-12-09 22:50:07 +03:00 Authoring application: FrameMaker 6.0 (via Acrobat Distiller 5.0.5 (Windows))
MD5: c066594ac644ba6a9e049739bd16f6c1 SHA-1: 384e01e4742be6f9d1889f8dd7f4e0608fe65307 SHA-256: c2390d51a29bf9208b489cf06725f25152a5d484b8c5366d21730ddd3cfe121b
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1059.001 PowerShell

The PDF file was flagged by a machine learning classifier as malicious and contains a large number of external links, indicating a potential SEO manipulation or content distribution scheme. The heuristic 'PDF_SEO_LINK_FARM' specifically identifies the mass linking to external PDF files. While no scripts were extracted, the sheer volume of links suggests a malicious intent to drive traffic or host further malicious content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8529

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/egypt-the-eternal-smile-reflections-on-a-journey.pdf
    • http://www.gorillawalker.com/nursing-care-plans-for-adult-home-health-clients-nursing-diagnosis.pdf
    • http://www.gorillawalker.com/pierced-a-stepbrother-romance.pdf
    • http://www.gorillawalker.com/post-war-statebuilding-and-constitutional-reform-beyond-dayton-in-bosnia.pdf
    • http://www.gorillawalker.com/official-the-hobbit-2013-calendar.pdf
    • http://www.gorillawalker.com/the-gospel-of-the-savior-a-new-ancient-gospel-california.pdf
    • http://www.gorillawalker.com/broadway-musicals-show-by-show-seventh-edition.pdf
    • http://www.gorillawalker.com/a-naturalist-s-guide-to-the-primates-of-asia-naturalist.pdf
    • http://www.gorillawalker.com/spain-portugal-map-european-road-maps-hungarian-edition.pdf
    • http://www.gorillawalker.com/the-character-of-meriwether-lewis-completely-metamorphosed-in-the-american.pdf
    • http://www.gorillawalker.com/encyclopedia-of-television-pilots-1937-2012.pdf
    • http://www.gorillawalker.com/history-of-the-sikhs-vol-i-the-sikhs-gurus-1469.pdf
    • http://www.gorillawalker.com/the-history-of-econometric-ideas-historical-perspectives-on-modern-economics.pdf
    • http://www.gorillawalker.com/the-man-in-the-iron-mask-great-illustrated-classics.pdf
    • http://www.gorillawalker.com/la-li-vre-et-la-tortue-the-tortoise-and-the.pdf
    • http://www.gorillawalker.com/flutterby-serendipity-series.pdf
    • http://www.gorillawalker.com/democracy-and-socialism-in-sandinista-nicaragua.pdf
    • http://www.gorillawalker.com/moonlight-kin-1-a-wolf-s-tale.pdf
    • http://www.gorillawalker.com/fallout-3-strategy-guide-game-walkthrough-cheats-tips-tricks-and.pdf
    • http://www.gorillawalker.com/the-wholehearted-way-a-translation-of-eihei-dagen-s-bendowa.pdf
    • http://www.gorillawalker.com/berlitz-czech-phrase-book-dictionary-berlitz-phrasebooks.pdf
    • http://www.gorillawalker.com/de-bordering-korea-tangible-and-intangible-legacies-of-the-sunshine.pdf
    • http://www.gorillawalker.com/ballistics-theory-and-design-of-guns-and-ammunition.pdf
    • http://www.gorillawalker.com/chronicles-of-king-arthur.pdf
    • http://www.gorillawalker.com/from-error-correcting-codes-through-sphere-packings-to-simple-groups.pdf
    • http://www.gorillawalker.com/rheumatoid-arthritis-rheumatoid-arthritis-guide-to-reversing-rheumatoid-arthritis-with.pdf
    • http://www.gorillawalker.com/looking-for-little-egypt.pdf
    • http://www.gorillawalker.com/choosers-of-the-slain-ghost-book-3.pdf
    • http://www.gorillawalker.com/elephee-s-walk-with-cd.pdf
    • http://www.gorillawalker.com/signifying-woman-culture-and-chaos-in-rousseau-burke-and-mill.pdf
    • http://www.gorillawalker.com/welsh-peaks.pdf
    • http://www.gorillawalker.com/grow-living-with-my-family-a-child-s-workbook-about.pdf
    • http://www.gorillawalker.com/ase-test-prep-series-collision-b3-non-structural-analysis-and.pdf
    • http://www.gorillawalker.com/a-citizens-guide-to-the-multilateral-development-banks-and-indigenous.pdf
    • http://www.gorillawalker.com/amazing-president-theodore-roosevelt-amazing-americans.pdf
    • http://www.gorillawalker.com/self-understanding-in-childhood-and-adolescence-cambridge-studies-in-social.pdf
    • http://www.gorillawalker.com/tera-tom-on-teradata-sql.pdf
    • http://www.gorillawalker.com/introduccion-a-los-principios-de-quimica-introduction-to-basic-chemistry.pdf
    • http://www.gorillawalker.com/nahum-habakkuk-zephaniah-tyndale-old-testament-commentaries.pdf
    • http://www.gorillawalker.com/imperfect-passage-a-sailing-story-of-vision-terror-and-redemption.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.