Malicious PDF — malware analysis report

Static analysis result for SHA-256 c809ec3fb1b4ae48…

MALICIOUS

PDF

45.3 KB Created: 2018-12-15 08:11:19 +03:00 Authoring application: Adobe PageMaker 6.5 (via Acrobat Distiller 3.0 for Windows)
MD5: f6236fce1bb6f1ad0b6f64bc8941feb5 SHA-1: 96026b65abe13f81b3212d0f4610563347b8a427 SHA-256: c809ec3fb1b4ae48db6682fd0b62254f3e54a23469fa6b40db3f48151be6431e
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF file contains a large number of embedded URLs pointing to external websites, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged this PDF as malicious. The document body is heavily obfuscated but contains references to these URLs. The primary attack pattern appears to be a link farm designed to manipulate search engine results or redirect users to potentially malicious content hosted on the linked domains.

Machine Learning

  • Nyx PDF Classifier malicious score 0.7914

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/chilton-s-triumph-motorcycle-repair-and-tune-up-guide.pdf
    • http://www.gorillawalker.com/review-of-the-st-johns-river-water-supply-impact-study.pdf
    • http://www.gorillawalker.com/that-hideous-strength-a-modern-fairy-tale-for-grown-ups.pdf
    • http://www.gorillawalker.com/entwined-forever-camelot-volume-2.pdf
    • http://www.gorillawalker.com/mastering-blocking-and-stuttering-a-cognitive-approach-to-achieving-fluency.pdf
    • http://www.gorillawalker.com/by-walter-c-willett-m-d-eat-drink-and-be.pdf
    • http://www.gorillawalker.com/the-complete-idiot-s-guide-to-raising-chickens.pdf
    • http://www.gorillawalker.com/the-it-takes-two-collection-stretchy-headband-inside-a-whole.pdf
    • http://www.gorillawalker.com/laura-ingalls-wilder-essential-lives.pdf
    • http://www.gorillawalker.com/general-motors-malibu-2004-2007-chilton-s-total-car-care.pdf
    • http://www.gorillawalker.com/earthquakes-graphic-natural-disasters.pdf
    • http://www.gorillawalker.com/the-dorling-kindersley-ultimate-visual-dictionary-1997.pdf
    • http://www.gorillawalker.com/parametric-modeling-with-nx-9.pdf
    • http://www.gorillawalker.com/sprout-bible-thirty-four-favorite-bible-stories-for-kids-sprout.pdf
    • http://www.gorillawalker.com/walk-historic-halifax-walking-guide-to-an-historic-capital-maritime.pdf
    • http://www.gorillawalker.com/rigby-pm-coleccion-individual-student-edition-magenta-basicos-magenta-mi.pdf
    • http://www.gorillawalker.com/torch-is-passed-associated-press-story-of-the-death-of.pdf
    • http://www.gorillawalker.com/navigating-banking-and-finance-law-in-the-asia-pacific-leading.pdf
    • http://www.gorillawalker.com/the-rabbi-s-knight.pdf
    • http://www.gorillawalker.com/hbr-s-10-must-reads-on-innovation-unabridged-audible-audio.pdf
    • http://www.gorillawalker.com/scaoil-leis-an-gcaid-agus-irish-edition.pdf
    • http://www.gorillawalker.com/my-afterlife-after-a-life.pdf
    • http://www.gorillawalker.com/cybernetica.pdf
    • http://www.gorillawalker.com/amc-s-best-day-hikes-along-the-maine-coast-four.pdf
    • http://www.gorillawalker.com/english-step-by-step-with-pictures.pdf
    • http://www.gorillawalker.com/anyone-can-whistle.pdf
    • http://www.gorillawalker.com/grammar-by-diagram-workbook-second-edition.pdf
    • http://www.gorillawalker.com/from-mesmer-to-christian-science-a-short-history-of-mental.pdf
    • http://www.gorillawalker.com/mae-lee-book-6-sexy-fun-asian-model-kindle-edition.pdf
    • http://www.gorillawalker.com/porn-star.pdf
    • http://www.gorillawalker.com/bible-cover-extra-large-dove-rose-deluxe-with-handle.pdf
    • http://www.gorillawalker.com/apple-muffin-recipes-kindle-edition.pdf
    • http://www.gorillawalker.com/nascar-pets-2009-calendar.pdf
    • http://www.gorillawalker.com/dangerous-waters-love-inspired-suspense.pdf
    • http://www.gorillawalker.com/opto-mechanical-systems-design-fourth-edition-two-volume-set-opto.pdf
    • http://www.gorillawalker.com/mauritius-west-pamiatka-kolekcja-kolorowych-zdjec-z-podpisami-zdjecie-albumy.pdf
    • http://www.gorillawalker.com/adriana-lecouvreur-act-i-duetto-soprano-tenor-adriana-maurizio-bassoon.pdf
    • http://www.gorillawalker.com/ki-a-practical-guide-for-westerners.pdf
    • http://www.gorillawalker.com/skullduggery-45-true-tales-of-disturbing-the-dead.pdf
    • http://www.gorillawalker.com/blundering-around-isaan-a-village-in-northeast-thailand.pdf
    • http://www.gorillawalker.com/the
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.