Malicious PDF — malware analysis report

Static analysis result for SHA-256 c7d39c00b949e966…

MALICIOUS

PDF

40.2 KB Created: 2018-11-30 01:48:46 +03:00 Authoring application: Acrobat PDFMaker 9.1 for Word (via Adobe PDF Library 9.0)
MD5: bee5f75786f7391d01985e4bef332873 SHA-1: a9ce02f29495bbb54c669e540dcd078741e6b62d SHA-256: c7d39c00b949e9667c57d14b5d134692d866bb56f54213a058f70378bfd33fe7
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF was flagged by a machine learning classifier as malicious and contains a large number of external PDF links. The heuristic 'PDF_SEO_LINK_FARM' indicates that the document is designed to link to numerous external PDFs, suggesting a tactic to manipulate search engine results or distribute content from a large, potentially malicious, link farm. No scripts were extracted from this sample, and the document body was unreadable.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/origins-of-human-communication-jean-nicod-lectures.pdf
    • http://www.gorillawalker.com/cps-for-kids-a-resource-book-for-teaching-creative-problem.pdf
    • http://www.gorillawalker.com/egyptian-myth-and-legend.pdf
    • http://www.gorillawalker.com/historia-de-los-primeros-a-os-del-reinado-de-felipe.pdf
    • http://www.gorillawalker.com/the-regrets.pdf
    • http://www.gorillawalker.com/bibliographic-guide-to-education-2002.pdf
    • http://www.gorillawalker.com/top-50-mba-employers-the-vault-com-guide-to-the.pdf
    • http://www.gorillawalker.com/the-literary-mind-and-the-carving-of-dragons.pdf
    • http://www.gorillawalker.com/how-does-gps-work-high-tech-science.pdf
    • http://www.gorillawalker.com/empire-of-man.pdf
    • http://www.gorillawalker.com/one-more-time-red-hook-texas-1-siren-publishing-classic.pdf
    • http://www.gorillawalker.com/wave-processes-in-solids-with-microstructure-series-on-stability-vibration.pdf
    • http://www.gorillawalker.com/madonna-kindle-edition.pdf
    • http://www.gorillawalker.com/my-stepbrother-s-kiss-young-adult-romance.pdf
    • http://www.gorillawalker.com/tactics-of-victory-over-woman-kindle-edition.pdf
    • http://www.gorillawalker.com/the-book-of-riddles-beginner-series.pdf
    • http://www.gorillawalker.com/modeling-cities-and-regions-as-complex-systems-from-theory-to.pdf
    • http://www.gorillawalker.com/to-my-son-love-and-encouragement-to-carry-with-you.pdf
    • http://www.gorillawalker.com/the-hidden-sources-of-law-school-stress-avoiding-the-mistakes.pdf
    • http://www.gorillawalker.com/commercial-fishing-methods-an-introduction-to-vessels-and-gears-fn115.pdf
    • http://www.gorillawalker.com/english-russian-phrasebook-and-3000-word-topical-vocabulary.pdf
    • http://www.gorillawalker.com/where-did-my-libido-go.pdf
    • http://www.gorillawalker.com/20-cuentos-escogidos-ya-leo-spanish-edition.pdf
    • http://www.gorillawalker.com/omar-sharif-s-life-in-bridge.pdf
    • http://www.gorillawalker.com/airplanes-the-life-story-of-a-technology.pdf
    • http://www.gorillawalker.com/chronicle-of-sipsong-panna-history-and-society-of-a-tai.pdf
    • http://www.gorillawalker.com/abhijnana-sakuntala.pdf
    • http://www.gorillawalker.com/the-word-on-words-black-and-white-classroom-edition.pdf
    • http://www.gorillawalker.com/design-for-environmental-sustainability.pdf
    • http://www.gorillawalker.com/boujouki-music-of-the-near-east-vinyl-lp-dance-from.pdf
    • http://www.gorillawalker.com/women-s-life-writing-1700-1850-gender-genre-and-authorship.pdf
    • http://www.gorillawalker.com/supporting-students-in-a-time-of-core-standards-grades-9.pdf
    • http://www.gorillawalker.com/ugoki-no-kotoba-ejiten-japanese-edition.pdf
    • http://www.gorillawalker.com/law-school-essays-that-made-a-difference-6th-edition-graduate.pdf
    • http://www.gorillawalker.com/engaging-god-s-word-ephesians.pdf
    • http://www.gorillawalker.com/heist-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/not-just-china-the-rise-of-recalls-in-the-age.pdf
    • http://www.gorillawalker.com/maiden-voyage-trombone-solos-as-played-by-rick-simerly-book.pdf
    • http://www.gorillawalker.com/for-marx-against-althusser.pdf
    • http://www.gorillawalker.com/nationalism-and-globalisation-digital.pdf
    • http://www.gorillawalker.com/the-literary-mind-and-the-carving-o
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.