Malicious PDF — malware analysis report

Static analysis result for SHA-256 c6cd1739ff63275a…

MALICIOUS

PDF

40.7 KB Created: 2018-12-07 18:27:21 +03:00 Authoring application: Adobe InDesign CS5 (7.0) (via Acrobat Distiller 9.5.3 (Macintosh))
MD5: cd3c26c05371e178da348f18939d5857 SHA-1: a1bc09f358a119680f7e1bf943a5b194ddce0abc SHA-256: c6cd1739ff63275adb93c7112f5944b6e66e574dc5af5027669c09634ee115b8
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF contains a large number of external links, identified by the PDF_SEO_LINK_FARM heuristic. The ML_NYX_PDF_MALICIOUS heuristic also flagged the document as malicious. The embedded URLs point to a domain that appears to be used for hosting numerous PDF files, suggesting a link farm or content distribution network for potentially malicious documents. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9027

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/programmable-logic-controllers-3th-third-edition-text-only.pdf
    • http://www.gorillawalker.com/nonobject.pdf
    • http://www.gorillawalker.com/how-not-to-grow-up-a-coming-of-age-memoir.pdf
    • http://www.gorillawalker.com/configure-a-secure-home-computer-network-wireless-and-wifi-kindle.pdf
    • http://www.gorillawalker.com/the-soul-cages-minister-knights-of-souls-series-volume-1.pdf
    • http://www.gorillawalker.com/peptic-ulcer-a-new-approach-to-its-causation-prevention-and.pdf
    • http://www.gorillawalker.com/civilian-warriors-the-inside-story-of-blackwater-and-the-unsung.pdf
    • http://www.gorillawalker.com/slaughterhouse-five-maxnotes-literature-guides.pdf
    • http://www.gorillawalker.com/the-black-man-s-burden-the-white-man-in-africa.pdf
    • http://www.gorillawalker.com/journal-your-life-s-journey-urban-city-graphic-lined-journal.pdf
    • http://www.gorillawalker.com/textiles-from-hallstatt-textilien-aus-hallstatt-weaving-culture-in-bronze.pdf
    • http://www.gorillawalker.com/10-minute-guide-to-motivating-people-10-minute-guides.pdf
    • http://www.gorillawalker.com/betrayal-haunting-emma.pdf
    • http://www.gorillawalker.com/clear-corneal-cataract-surgery-and-topical-anesthesia.pdf
    • http://www.gorillawalker.com/el-poder-de-la-cabal-the-power-of-kabbalah-spanish.pdf
    • http://www.gorillawalker.com/mi-primera-enciclopedia-de-historia-con-links-de-internet-titles.pdf
    • http://www.gorillawalker.com/oresteia-the-medwin-shelley-translation.pdf
    • http://www.gorillawalker.com/all-quiet-on-the-western-front-the-story-of-a.pdf
    • http://www.gorillawalker.com/einflussfaktoren-ge-nderten-mobilit-tsverhaltens-auf-arbeits-und-freizeitwegen-empirische.pdf
    • http://www.gorillawalker.com/one-minute-manager-builds-high-performing-teams-the-rev-one.pdf
    • http://www.gorillawalker.com/the-wisconsin-state-constitution-a-reference-guide-reference-guides-to.pdf
    • http://www.gorillawalker.com/hosea-god-s-persistent-love-lifeguide-bible-studies.pdf
    • http://www.gorillawalker.com/101-ethical-dilemmas.pdf
    • http://www.gorillawalker.com/partial-differential-equations-theory-analysis-and-applications-mathematics-research-developments.pdf
    • http://www.gorillawalker.com/u-boat-977.pdf
    • http://www.gorillawalker.com/the-pparahan-oracle.pdf
    • http://www.gorillawalker.com/beziehung-nr-18-german-edition.pdf
    • http://www.gorillawalker.com/evolution-the-story-of-life-on-earth.pdf
    • http://www.gorillawalker.com/hari-kojima-s-local-style-favorites.pdf
    • http://www.gorillawalker.com/eurythmy-rhythm-dance-rudolf-steiner-s-ideas-in-practice-series.pdf
    • http://www.gorillawalker.com/bon-jovi-easy-guitar-anthology-20-greatest-hits.pdf
    • http://www.gorillawalker.com/alien-tango-alien-novels-book-two.pdf
    • http://www.gorillawalker.com/jock-sturges-notes-hardcover.pdf
    • http://www.gorillawalker.com/flygirl.pdf
    • http://www.gorillawalker.com/strange-world-of-david-lynch-transcendental-irony-from-eraserhead-to.pdf
    • http://www.gorillawalker.com/soy-especial-i-m-special-because-spanish-edition.pdf
    • http://www.gorillawalker.com/the-geometry-of-the-octonions.pdf
    • http://www.gorillawalker.com/magnetic-sensors-and-magnetometers-artech-house-remote-sensing-library.pdf
    • http://www.gorillawalker.com/antiquities-of-the-parish-church-jamaica-including-newtown-and-flushing.pdf
    • http://www.gorillawalker.com/der-zweite-affe-chronik-eines-millionengrabs-german-edition.pdf
    • http://www.gorillawalker.com/the-s
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.