Malicious PDF — malware analysis report

Static analysis result for SHA-256 d427a0ba534c7a6e…

MALICIOUS

PDF

39.4 KB Created: 2018-11-30 20:34:10 +03:00 Authoring application: easyPDF Printer Driver 4.3 (via BCL easyPDF 4.30 (0303))
MD5: e8fb1f97d4aba16a1917521559da71e1 SHA-1: c3eca9b8f9e4e6e68c5a512f58de3be36e80db3b SHA-256: d427a0ba534c7a6eb3576c259433a516f65f2f196b9ee522f975afdc57baff0f
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged this PDF as malicious with high confidence. The primary attack pattern appears to be a link farm designed to manipulate search engine results or distribute malicious content through numerous external links. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/no-limits-burton-snowboards-pro-riders.pdf
    • http://www.gorillawalker.com/complete-guide-to-diving-and-snorkelling-the-red-sea-dive.pdf
    • http://www.gorillawalker.com/except-for-omt.pdf
    • http://www.gorillawalker.com/love-death-in-kathmandu-a-strange-tale-of-royal-murder.pdf
    • http://www.gorillawalker.com/advances-in-chemical-physics-volume-17-v-17.pdf
    • http://www.gorillawalker.com/the-lacanian-subject.pdf
    • http://www.gorillawalker.com/ets-and-ufos.pdf
    • http://www.gorillawalker.com/quench-handcrafted-beverages-to-satisfy-every-taste-and-occasion.pdf
    • http://www.gorillawalker.com/the-best-of-today-s-kitchen-design.pdf
    • http://www.gorillawalker.com/no-more-hangovers-by-allen-carr-2009.pdf
    • http://www.gorillawalker.com/film-restoration-the-culture-and-science-of-audiovisual-heritage.pdf
    • http://www.gorillawalker.com/caribbean-concubine.pdf
    • http://www.gorillawalker.com/yamaha-band-student-bb-clarinet-book-1-a-band-method.pdf
    • http://www.gorillawalker.com/particle-beam-diagnostics-for-accelerators-instruments-and-methods.pdf
    • http://www.gorillawalker.com/cien-anos-de-fotografia-en-color-a-century-of-colour.pdf
    • http://www.gorillawalker.com/powerful-watercolor-landscapes-tools-for-painting-with-impact.pdf
    • http://www.gorillawalker.com/breast-cancer-abridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/not-separate-not-equal.pdf
    • http://www.gorillawalker.com/maison-ikkoku-vol-14-welcome-home.pdf
    • http://www.gorillawalker.com/forever-a-novel-of-good-and-evil-love-and-hope.pdf
    • http://www.gorillawalker.com/the-final-call-hockey-stories-from-a-legend-in-stripes.pdf
    • http://www.gorillawalker.com/teeline-shorthand-made-simple-books.pdf
    • http://www.gorillawalker.com/the-worst-of-rolfe-peterson-a-collection-of-commercials-weather.pdf
    • http://www.gorillawalker.com/the-black-swan-the-impact-of-the-highly-improbable.pdf
    • http://www.gorillawalker.com/russian-foreign-policy-toward-missile-defense-actors-motivations-and-influence.pdf
    • http://www.gorillawalker.com/dustball-air.pdf
    • http://www.gorillawalker.com/our-superheroes-ourselves.pdf
    • http://www.gorillawalker.com/the-unlimited-mercifier-the-spiritual-life-and-thought-of-ibn.pdf
    • http://www.gorillawalker.com/savvy-guide-to-ebay-motors-and-other-online-auto-sites.pdf
    • http://www.gorillawalker.com/la-paleo-diet.pdf
    • http://www.gorillawalker.com/the-osteoporosis-exercise-book-building-better-bones-large-print-by.pdf
    • http://www.gorillawalker.com/introductory-chemistry-books-a-la-carte-edition-4th-edition.pdf
    • http://www.gorillawalker.com/portable-executive-building-your-own-job-security-from-corporate-dependence.pdf
    • http://www.gorillawalker.com/2012-trendology-u-s-teleproduction-postproduction-services-download-pdf-digital.pdf
    • http://www.gorillawalker.com/the-fall-of-rome.pdf
    • http://www.gorillawalker.com/the-end-book-3-of-the-rocktheblock-and-runningman-trilogy.pdf
    • http://www.gorillawalker.com/book-d-read-reflect-respond.pdf
    • http://www.gorillawalker.com/instant-success-bassoon-starting-system-for-all-band-methods.pdf
    • http://www.gorillawalker.com/the-dig-proverbs-the-dig-for-kids.pdf
    • http://www.gorillawalker.com/nasa-nazis-jfk.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.