Malicious PDF — malware analysis report

Static analysis result for SHA-256 ca72fafe11850339…

MALICIOUS

PDF

32.7 KB Created: 2020-01-10 17:21:18 +03:00 Authoring application: PSCRIPT.DRV Version 4.0 (via Acrobat Distiller 3.02)
MD5: 0a2b5d5ec84ad31a46c688c1898d648a SHA-1: 8a2c779b9a8c3b2da9ec88a3a4706f6b6c3cfd8c SHA-256: ca72fafe11850339dcce19923cb0070915d5710da903c39a41e6fda987c0f949
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF file was flagged by a machine learning classifier and contains a significant number of embedded links to external PDF files, suggesting a link farm or SEO manipulation tactic. The primary heuristic indicates a 'PDF_SEO_LINK_FARM' with 32 external links. While no scripts were extracted, the sheer volume of links points towards a malicious intent to either distribute further content or manipulate search results. The ML classifier's high score further supports the malicious nature of the file.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8529

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-limits-of-morality-oxford-ethics.pdf
    • http://www.gorillawalker.com/music-for-piano-three-mendelssohn-songs-without-words-grade-6.pdf
    • http://www.gorillawalker.com/student-instrumental-course-tunes-for-flute-technic-level-one.pdf
    • http://www.gorillawalker.com/i-m-bound-for-the-promised-land-chris-wommack-satb.pdf
    • http://www.gorillawalker.com/micky-flanagan-funny-geezer.pdf
    • http://www.gorillawalker.com/microsoft-74-678-exam-preparation-guide-lessons-in-licensing.pdf
    • http://www.gorillawalker.com/take-me-hard-four-ever-more-book-7.pdf
    • http://www.gorillawalker.com/the-puzzle-lady-vs-the-sudoku-lady-thorndike-mystery.pdf
    • http://www.gorillawalker.com/the-fortunes-of-africa-a-5000-year-history-of-wealth.pdf
    • http://www.gorillawalker.com/the-heart-of-the-game-the-tavonesi-series-volume-6.pdf
    • http://www.gorillawalker.com/building-levels-in-unity.pdf
    • http://www.gorillawalker.com/electricity-and-thermal-physics-nelson-advanced-science-physics.pdf
    • http://www.gorillawalker.com/nutrition-science-and-applications-brv-with-booklet-package-with-binder.pdf
    • http://www.gorillawalker.com/the-great-escape-from-city-zoo.pdf
    • http://www.gorillawalker.com/how-to-paint-a-car-in-a-weekend-learn-to.pdf
    • http://www.gorillawalker.com/ambush-at-cisco-swamp-robert-irwin-dinosaur-hunter.pdf
    • http://www.gorillawalker.com/skeleton-savagery-black-white-creeper-combat-series-volume-4.pdf
    • http://www.gorillawalker.com/international-law-and-the-future-of-freedom.pdf
    • http://www.gorillawalker.com/soulmates-dissipate.pdf
    • http://www.gorillawalker.com/alleviating-the-side-effects-of-cancer-treatment-2nd-edition.pdf
    • http://www.gorillawalker.com/there-s-something-wrong-with-the-taj-mahal.pdf
    • http://www.gorillawalker.com/etiquette-kindle-edition.pdf
    • http://www.gorillawalker.com/police-in-africa-the-street-level-view.pdf
    • http://www.gorillawalker.com/drum-programming-a-complete-guide-to-program-and-think-like.pdf
    • http://www.gorillawalker.com/formula-one-racing-inside-the-speedway.pdf
    • http://www.gorillawalker.com/r-3-authorization-made-easy-4-6a-b.pdf
    • http://www.gorillawalker.com/heidi-heckelbeck-4-in-1-heidi-heckelbeck-gets-glasses-heidi.pdf
    • http://www.gorillawalker.com/gram-gram-yeongmunbeob-wonjeongdae-15-korean-edition.pdf
    • http://www.gorillawalker.com/design-of-enterprise-systems-theory-architecture-and-methods-print-replica.pdf
    • http://www.gorillawalker.com/norse-mythology-a-to-z-mythology-a-to-z-series.pdf
    • http://www.gorillawalker.com/organizational-ethics-a-practical-approach.pdf
    • http://www.gorillawalker.com/kuwait-political-agency-13-volume-set-arabic-documents-1899-1949.pdf
    • http://www.gorillawalker.com/an-introduction-to-geographic-information-technology.pdf
    • http://www.gorillawalker.com/slayer.pdf
    • http://www.gorillawalker.com/mcgraw-hill-s-conquering-the-toefl-listening-section-for-your.pdf
    • http://www.gorillawalker.com/chekhov-the-vaudevilles-and-other-short-works-great-translations-for.pdf
    • http://www.gorillawalker.com/the-cloud-of-glory-is-moving.pdf
    • http://www.gorillawalker.com/lpi-linux-certification-in-a-nutshell-in-a-nutshell-o.pdf
    • http://www.gorillawalker.com/early-tahiti-as-the-explorers-saw-it-1767-1797.pdf
    • http://www.gorillawalker.com/exercise-and-osteoporosis-current-issues-in-exercise-science-series.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.