Malicious PDF — malware analysis report

Static analysis result for SHA-256 d737d0536f2f5dd6…

MALICIOUS

PDF

43.7 KB Created: 2019-04-06 14:53:59 +03:00 Authoring application: PSCRIPT.DRV Version 4.0 (via Acrobat Distiller 3.02)
MD5: 923cf364c4868c57fa8cf9d5a5bdee58 SHA-1: 434d6cae77e55135e70bca74243b00f6b842a417 SHA-256: d737d0536f2f5dd61cc5419c3b3ba945d23cb10f1fd6ca0663b46dab92950de5
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF was flagged by a critical heuristic for containing a large number of external links, specifically a link farm. The ML classifier also indicated a high probability of maliciousness. The document body contains obfuscated text and embedded URLs pointing to a single domain, suggesting a coordinated effort to redirect users. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8859

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/a-history-of-israel-from-the-bronze-age-through-the.pdf
    • http://www.gorillawalker.com/the-oxford-handbook-of-the-american-revolution-oxford-handbooks.pdf
    • http://www.gorillawalker.com/manual-of-the-unified-maine-common-law-grand-jury-for.pdf
    • http://www.gorillawalker.com/invisibility-cloak.pdf
    • http://www.gorillawalker.com/the-becca-report-part-2-closer-to-becca.pdf
    • http://www.gorillawalker.com/special-education-video-enhanced-pearson-etext-with-loose-leaf-version.pdf
    • http://www.gorillawalker.com/electromagnetism.pdf
    • http://www.gorillawalker.com/keeping-watch-love-inspired-large-print-suspense.pdf
    • http://www.gorillawalker.com/shakespeare-para-ni.pdf
    • http://www.gorillawalker.com/kelly-slater-for-the-love.pdf
    • http://www.gorillawalker.com/casenotes-legal-briefs-bankruptcy-keyed-to-warren-bussell-skeel-ninth.pdf
    • http://www.gorillawalker.com/imaging-the-arctic-photography-and-stories-of-the-indigenous-peoples.pdf
    • http://www.gorillawalker.com/little-black-book-2-swet-13.pdf
    • http://www.gorillawalker.com/evolution-in-fda-s-approach-to-pharmaceutical-quality-kindle-edition.pdf
    • http://www.gorillawalker.com/irresistibly-gluten-free.pdf
    • http://www.gorillawalker.com/101-careers-in-nursing.pdf
    • http://www.gorillawalker.com/the-supreme-yoga.pdf
    • http://www.gorillawalker.com/5-steps-to-drawing-magical-creatures.pdf
    • http://www.gorillawalker.com/tcp-ip-lean-web-servers-for-embedded-systems-book-and.pdf
    • http://www.gorillawalker.com/le-sol-vivant-bases-de-pedologie-biologie-des-sols-collection.pdf
    • http://www.gorillawalker.com/your-office-microsoft-excel-2013-comprehensive-your-office-for-office.pdf
    • http://www.gorillawalker.com/horse-diaries-4-maestoso-petra.pdf
    • http://www.gorillawalker.com/minerals-yearbook-2002-v-3-area-reports-international-latin-america.pdf
    • http://www.gorillawalker.com/manual-de-psiquiatria-clinica-manual-of-clinical-psychiatry-spanish-edition.pdf
    • http://www.gorillawalker.com/principles-of-home-inspection-hot-water-boilers.pdf
    • http://www.gorillawalker.com/foreign-trade-statistics-of-asia-and-the-pacific-1994-1998.pdf
    • http://www.gorillawalker.com/the-breakdown-of-democratic-regimes-latin-america.pdf
    • http://www.gorillawalker.com/ibsen-and-hitler-the-playwright-the-plagiarist-and-the-plot.pdf
    • http://www.gorillawalker.com/the-jewish-low-cholesterol-cookbook.pdf
    • http://www.gorillawalker.com/english-psalm-tone-propers-for-the-ordinary-form-of-the.pdf
    • http://www.gorillawalker.com/latin-american-women-writers-an-encyclopedia.pdf
    • http://www.gorillawalker.com/talking-with-mother-earth-hablando-con-madre-tierra-poems-poemas.pdf
    • http://www.gorillawalker.com/a-lion-s-hunger.pdf
    • http://www.gorillawalker.com/ap-u-s-history-crash-course-advanced-placement-ap-crash.pdf
    • http://www.gorillawalker.com/five-little-froggies-kindle-edition.pdf
    • http://www.gorillawalker.com/las-historias-mas-negras-de-narco-impunidad-y-corrupcion-en.pdf
    • http://www.gorillawalker.com/david-busch-s-sony-alpha-a6000-ilce-6000-guide-to.pdf
    • http://www.gorillawalker.com/metal-ions-in-solution-ellis-horwood-series-in-chemical-science.pdf
    • http://www.gorillawalker.com/first-aid-when-help-is-delayed.pdf
    • http://www.gorillawalker.com/gun-digest-2005-the-world-s-greatest-gun-book.pdf
    • http://www.gorillawalker
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.