Malicious PDF — malware analysis report

Static analysis result for SHA-256 c5a3124a8a2115ed…

MALICIOUS

PDF

41.6 KB Created: 2019-03-17 06:51:57 +03:00 Authoring application: Adobe InDesign CS5 (7.0.4) (via Adobe PDF Library 9.9)
MD5: da1fbec9d061644b6640c6408b67223b SHA-1: be50ccdef45de5decf0061acb477ee5332f44afc SHA-256: c5a3124a8a2115edb680c13b14224584d38b5a1fab2b4eed0cc21ce6810dec52
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1059.001 PowerShell

The PDF was flagged by a critical heuristic for containing a large number of external links, suggesting a link farm or a method to distribute malicious content. The ML classifier also indicated a high probability of maliciousness. While no scripts were extracted, the sheer volume of links to PDFs on a single domain points towards an attempt to manipulate search engine results or host potentially harmful documents.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/longman-dictionary-of-american-english-your-complete-guide-to-american.pdf
    • http://www.gorillawalker.com/etudes-for-the-piano-complete-alfred-masterwork-editions.pdf
    • http://www.gorillawalker.com/101-juice-recipes.pdf
    • http://www.gorillawalker.com/songs-of-kabir.pdf
    • http://www.gorillawalker.com/crawl-space-science-what-to-have-done-and-why.pdf
    • http://www.gorillawalker.com/belwin-master-solos-for-clarinet-volume-1-intermediate-piano-accompniment.pdf
    • http://www.gorillawalker.com/enciclopedia-pr-ctica-de-la-hipnosis-er-tica-y-de.pdf
    • http://www.gorillawalker.com/hobbi-el-awal-my-first-love-arabic-edition.pdf
    • http://www.gorillawalker.com/the-book-of-proverbs-god-s-book-of-wisdom-book.pdf
    • http://www.gorillawalker.com/gastrointestinal-microbiology.pdf
    • http://www.gorillawalker.com/conspiracy-of-silence-the-trauma-of-incest.pdf
    • http://www.gorillawalker.com/the-music-machine-selected-readings-from-computer-music-journal-new.pdf
    • http://www.gorillawalker.com/what-is-postmodern-biblical-criticism-guides-to-biblical-scholarship-new.pdf
    • http://www.gorillawalker.com/kevin-smith-s-kato-tp-volume-2.pdf
    • http://www.gorillawalker.com/98-degrees-and-getting-hotter.pdf
    • http://www.gorillawalker.com/la-leyenda-del-rey-errante-ebook-epub-especiales-laura-gallego.pdf
    • http://www.gorillawalker.com/confesiones-de-una-vieja-dama-indigna-bruguera-narrativa-spanish-edition.pdf
    • http://www.gorillawalker.com/screenwriting-a-manual.pdf
    • http://www.gorillawalker.com/japanese-vocabulary-quickstudy-academic.pdf
    • http://www.gorillawalker.com/bounce-living-the-resilient-life.pdf
    • http://www.gorillawalker.com/an-lisis-sint-ctico-syntactic-analysis-teor-a-y-pr.pdf
    • http://www.gorillawalker.com/early-history-of-nuclear-medicine-oral-history-transcript-1982.pdf
    • http://www.gorillawalker.com/2016-zen-gardens-wall-calendar.pdf
    • http://www.gorillawalker.com/princess-payback-taboo-spoiled-brat-and-man-of-the-house.pdf
    • http://www.gorillawalker.com/hide-and-seek-puppies-a-magical-first-book-of-counting.pdf
    • http://www.gorillawalker.com/grimm-fairy-tales-volume-11-tp.pdf
    • http://www.gorillawalker.com/arlo-spots-murky-at-the-aquarium-illustrated-picture-book-for.pdf
    • http://www.gorillawalker.com/persepolis-vol-2-en-espanol-persepolis-vol-2-spanish-edition.pdf
    • http://www.gorillawalker.com/a-concise-survey-of-western-civilization-supremacies-and-diversities-throughout.pdf
    • http://www.gorillawalker.com/freshwater-ecology-concepts-and-environmental-applications-of-limnology-aquatic-ecology.pdf
    • http://www.gorillawalker.com/golden-retriever-calendar-just-golden-retriever-calendar-2016-wall-calendars.pdf
    • http://www.gorillawalker.com/trapped-by-revenge-a-shelby-nichols-adventure-kindle-edition.pdf
    • http://www.gorillawalker.com/die-entf-hrung-aus-dem-serail-k-384-aria-tenor.pdf
    • http://www.gorillawalker.com/orkney-folklore.pdf
    • http://www.gorillawalker.com/rise-of-the-goddess-all-proceeds-from-the-rise-of.pdf
    • http://www.gorillawalker.com/jurassic-car-park.pdf
    • http://www.gorillawalker.com/5-pounds-the-breakthrough-5-day-plan-to-jumpstart-rapid.pdf
    • http://www.gorillawalker.com/kildekonens-sange-danish-edition.pdf
    • http://www.gorillawalker.com/a-patra-ipoteza-ancheta-despre-o-uluitoare-afacere-de-spionaj.pdf
    • http://www.gorillawalker.com/stillmeadow-cook-book.pdf
    • http://www.gorillawalker.com/belwin-master-solos-for-clarinet-volume-1-intermediate-
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.