Malicious PDF — malware analysis report

Static analysis result for SHA-256 dbde75adf500eb1e…

MALICIOUS

PDF

43.9 KB Created: 2018-12-02 20:17:47 +03:00 Authoring application: - (via Acrobat Distiller 7.0 (Windows))
MD5: be2570c6e235d6e024cdc3f781a97323 SHA-1: 9704c541acaeae86b99cd5639bfa22b5d7c1c7db SHA-256: dbde75adf500eb1ed8a0bb1b3b4a02f3ecf42c38fbd13230c11593a8c9058b22
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF contains a large number of embedded URLs pointing to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged the document as malicious. The primary attack pattern appears to be a link farm designed to manipulate search engine results or distribute further content, rather than a direct exploit. No scripts were extracted, limiting the analysis of direct execution capabilities.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9171

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/entrance-fan-painting-class-amazed-gouache-portrait-paperback.pdf
    • http://www.gorillawalker.com/philosophical-perspectives-on-teacher-education-journal-of-philosophy-of-education.pdf
    • http://www.gorillawalker.com/horticultural-therapy-a-guide-for-all-seasons.pdf
    • http://www.gorillawalker.com/c-mo-vivir-120-a-os-de-la-utop-a.pdf
    • http://www.gorillawalker.com/journey-to-the-volcano-palace-the-secrets-of-droon-book.pdf
    • http://www.gorillawalker.com/wind-energy-handbook-by-burton-tony-jenkins-nick-sharpe-david.pdf
    • http://www.gorillawalker.com/an-all-consuming-century-why-commercialism-won-in-modern-america.pdf
    • http://www.gorillawalker.com/functional-neuroanatomy-of-the-brain-first-part.pdf
    • http://www.gorillawalker.com/the-ship-that-wouldn-t-die-the-saga-of-the.pdf
    • http://www.gorillawalker.com/free-will-baptist-doctrines.pdf
    • http://www.gorillawalker.com/a-sculptor-s-testimony-in-bronze-and-stone-the-sacred.pdf
    • http://www.gorillawalker.com/baedeker-s-turkey-aa-baedeker-s-maps.pdf
    • http://www.gorillawalker.com/michelin-the-green-guide-hollande-3e.pdf
    • http://www.gorillawalker.com/mighty-men-of-valor-with-charlie-company-on-hill-714.pdf
    • http://www.gorillawalker.com/alfred-the-big-easy-mandolin-tab-songbook.pdf
    • http://www.gorillawalker.com/christheart-a-way-of-knowing-jesus.pdf
    • http://www.gorillawalker.com/grow-it-heal-it-natural-and-effective-herbal-remedies-from.pdf
    • http://www.gorillawalker.com/the-comparative-study-bible-a-parallel-bible-presenting-the-niv.pdf
    • http://www.gorillawalker.com/one-flew-over-the-cuckoo-s-nest-easton-press.pdf
    • http://www.gorillawalker.com/integrated-fish-farming.pdf
    • http://www.gorillawalker.com/religions-of-the-world-6-volumes-a-comprehensive-encyclopedia-of.pdf
    • http://www.gorillawalker.com/mis-juegos-paradojas-y-acertijos-favoritos-spanish-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/look-at-the-child-an-expression-of-maria-montessori-s.pdf
    • http://www.gorillawalker.com/how-to-homeschool-a-practical-approach.pdf
    • http://www.gorillawalker.com/el-se-or-de-los-malditos-saga-los-eternos-n.pdf
    • http://www.gorillawalker.com/basic-spanish-for-getting-along-text-with-in-text-audio.pdf
    • http://www.gorillawalker.com/acoustic-rock-riffs-authentic-guitar-tab-edition-book-and-cd.pdf
    • http://www.gorillawalker.com/good-boats.pdf
    • http://www.gorillawalker.com/a-lighter-shade-of-blue-weird-wild-and-wacky-cop.pdf
    • http://www.gorillawalker.com/ohio-medicaid-expands-medication-assisted-addiction-treatment-policies-open-minds.pdf
    • http://www.gorillawalker.com/stripped-paddled-and-bound-a-nearly-free-gay-bdsm-voluntary.pdf
    • http://www.gorillawalker.com/arms-and-legs-fingers-and-toes-my-world-bobbie-kalman.pdf
    • http://www.gorillawalker.com/graphics-for-engineers-with-autocad-2002-6th-edition.pdf
    • http://www.gorillawalker.com/non-functional-requirements-in-software-engineering-international-series-in-software.pdf
    • http://www.gorillawalker.com/nanocomposite-membrane-technology-fundamentals-and-applications.pdf
    • http://www.gorillawalker.com/a-voyage-to-terra-australis-undertaken-in-the-years-1801.pdf
    • http://www.gorillawalker.com/workbookfor-hartman-s-nursing-assistantcare-2nd-second-edition-bypublishing.pdf
    • http://www.gorillawalker.com/children-s-book-in-polish-my-daddy-is-the-best.pdf
    • http://www.gorillawalker.com/parenting-with-stories-creating-a-foundation-of-attachment-for-parenting.pdf
    • http://www.gorillawalker.com/japanese-literature-including-selections-from-genji-monogatari-and-classical-poetry.pdf
    • http://www.gorillawalker.com/a
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.