Malicious PDF — malware analysis report

Static analysis result for SHA-256 d7a459f7740a17fa…

MALICIOUS

PDF

44.6 KB Created: 2018-12-02 20:18:44 +03:00 Authoring application: easyPDF Printer Driver 4.3 (via BCL easyPDF 4.30 (0303))
MD5: a028d1723a11f727823100c3367796a1 SHA-1: 800405e871af05acad7fe79a1ff530dc1e748ee8 SHA-256: d7a459f7740a17faf01ba6a3368e7cc3f43fcd2d941279084926687ddf15721e
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF was flagged by a machine learning classifier and contains a large number of external links, indicating a potential SEO poisoning or content distribution attack. The embedded URLs point to various documents on the same domain, suggesting a link farm or a method to spread malicious links. No scripts were extracted, and the document body was heavily obfuscated, limiting further analysis of the specific lure.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9016

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/essays-on-entrepreneurs-innovations-business-cycles-and-the-evolution-of.pdf
    • http://www.gorillawalker.com/2-peter-and-jude-macarthur-new-testament-commentary-macarthur-new.pdf
    • http://www.gorillawalker.com/george-mason-reluctant-statesman.pdf
    • http://www.gorillawalker.com/aba-panel-recommends-amending-rules-to-address-outsourcing-an-article.pdf
    • http://www.gorillawalker.com/bodies-in-formation-an-ethnography-of-anatomy-and-surgery-education.pdf
    • http://www.gorillawalker.com/taken-at-the-flood-robert-e-lee-and-confederate-strategy.pdf
    • http://www.gorillawalker.com/encyclopedia-of-the-strange-mystical-and-unexplained.pdf
    • http://www.gorillawalker.com/the-oxford-handbook-of-genocide-studies.pdf
    • http://www.gorillawalker.com/the-arabian-nights-entertainment-volume-9.pdf
    • http://www.gorillawalker.com/the-finite-element-method-its-fundamentals-and-applications-in-engineering.pdf
    • http://www.gorillawalker.com/rastafari-roots-and-ideology-utopianism-and-communitarianism-paperback-author-barry.pdf
    • http://www.gorillawalker.com/the-unlikely-priest.pdf
    • http://www.gorillawalker.com/faust-part-two-the-world-s-classics-pt-2.pdf
    • http://www.gorillawalker.com/the-best-of-the-superstars-1999.pdf
    • http://www.gorillawalker.com/us-army-technical-manual-tm-5-4320-225-35p-centrifugal.pdf
    • http://www.gorillawalker.com/sport-play-and-ethical-reflection.pdf
    • http://www.gorillawalker.com/naughty-knotty-woody.pdf
    • http://www.gorillawalker.com/101-animal-disguises-turtleback-school-library-binding-edition.pdf
    • http://www.gorillawalker.com/the-broadview-anthology-of-social-and-political-thought-volume-1.pdf
    • http://www.gorillawalker.com/the-tao-of-watercolor-a-revolutionary-approach-to-the-practice.pdf
    • http://www.gorillawalker.com/mother-goose-rhymes-mini-classics.pdf
    • http://www.gorillawalker.com/the-few-preparation-for-the-battle-of-britain-images-of.pdf
    • http://www.gorillawalker.com/calling-in-the-one-7-weeks-to-attract-the-love.pdf
    • http://www.gorillawalker.com/negativity-and-politics-dionysus-and-dialectics-from-kant-to-poststructuralism.pdf
    • http://www.gorillawalker.com/my-life-on-the-road.pdf
    • http://www.gorillawalker.com/theoretical-numerical-analysis-a-functional-analysis-framework-texts-in-applied.pdf
    • http://www.gorillawalker.com/the-gospels-oxford-bible-commentary.pdf
    • http://www.gorillawalker.com/jack-taggart-mysteries-9-book-bundle-art-and-murder-the.pdf
    • http://www.gorillawalker.com/avian-flight-oxford-ornithology-series-kindle-edition.pdf
    • http://www.gorillawalker.com/why-am-i-still-depressed-recognizing-and-managing-the-ups.pdf
    • http://www.gorillawalker.com/feasibility-study-on-the-design-and-development-of-a-vtol.pdf
    • http://www.gorillawalker.com/unexpected-stories-kindle-edition.pdf
    • http://www.gorillawalker.com/state-trooper-highway-patrol-officer-state-traffic-officer-arco-master.pdf
    • http://www.gorillawalker.com/louisiana-women-their-lives-and-times-southern-women-their-lives.pdf
    • http://www.gorillawalker.com/simple-hospitality.pdf
    • http://www.gorillawalker.com/from-dying-to-thriving-a-raw-food-adventure-kindle-edition.pdf
    • http://www.gorillawalker.com/german-infantry-weapons-of-the-second-world-war-the-war.pdf
    • http://www.gorillawalker.com/st-petersburg-the-hidden-interiors.pdf
    • http://www.gorillawalker.com/das-brasilienbilder-eduard-hildebrandts-german-edition.pdf
    • http://www.gorillawalker.com/kiss-of-a-demon-king-immortals-after-dark-book-6.pdf
    • http://www.gorilla
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.