Malicious PDF — malware analysis report

Static analysis result for SHA-256 deda58d8d85c9f98…

MALICIOUS

PDF

43.7 KB Created: 2018-12-15 20:08:14 +03:00 Authoring application: PScript5.dll Version 5.2 (via Acrobat Distiller 8.0.0 (Windows))
MD5: 60ac84510b9d88efd26a2ab950b1ee64 SHA-1: d49beb7e35a2c9980f4a6a7b025fcac9f84fc364 SHA-256: deda58d8d85c9f98612ffd14f8efdb1378db29749d72cda9c5c85cd43d26aff6
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF contains a large number of embedded links to external PDF files, suggesting a link farm or redirection tactic. The ML classifier also flagged the document as malicious. No scripts were extracted, and the document body was heavily obfuscated, preventing a deeper analysis of the specific lure.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9171

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/excel-formulas-that-automate-tasks-you-no-longer-have-time.pdf
    • http://www.gorillawalker.com/advances-in-planetary-geology-nasa-technical-memorandum.pdf
    • http://www.gorillawalker.com/disposition-of-toxic-drugs-chemicals-in-man.pdf
    • http://www.gorillawalker.com/the-goldwatcher-demystifying-gold-investing.pdf
    • http://www.gorillawalker.com/physics-for-scientists-and-engineers-extended-version-vol-1-2nd.pdf
    • http://www.gorillawalker.com/perspectives-on-ramakrishna-vivekananda-vedanta-tradition.pdf
    • http://www.gorillawalker.com/bible-for-women-being-blessed-journaling-bible-for-women.pdf
    • http://www.gorillawalker.com/shattered-secrets-in-the-shadow-of-the-wolf-1.pdf
    • http://www.gorillawalker.com/complete-astro-medical-index.pdf
    • http://www.gorillawalker.com/how-steam-locomotives-really-work-kindle-edition.pdf
    • http://www.gorillawalker.com/dream-symbol-encyclopedia-interpretation-and-meaning-of-dream-symbols-kindle.pdf
    • http://www.gorillawalker.com/combustion-engineering-issues-for-solid-fuel-systems-kindle-edition.pdf
    • http://www.gorillawalker.com/world-encyclopedia-of-champagne-and-sparkling-wine-revised-and-updated.pdf
    • http://www.gorillawalker.com/what-i-know-now.pdf
    • http://www.gorillawalker.com/writing-scientific-research-articles-strategy-and-steps.pdf
    • http://www.gorillawalker.com/cy-coleman-anthology.pdf
    • http://www.gorillawalker.com/the-best-war-ever-america-and-world-war-ii-the.pdf
    • http://www.gorillawalker.com/common-college-sense-the-visual-guide-to-understanding-everyday-tasks.pdf
    • http://www.gorillawalker.com/margins-a-novel-djuna-books.pdf
    • http://www.gorillawalker.com/a-thousand-days-in-venice-an-unexpected-romance-1st-first.pdf
    • http://www.gorillawalker.com/all-roads-lead-to-runx-several-autoimmune-diseases-share-one.pdf
    • http://www.gorillawalker.com/apples-of-gold-in-pictures-of-silver-honoring-the-work.pdf
    • http://www.gorillawalker.com/1979-book-of-common-prayer-economy-edition.pdf
    • http://www.gorillawalker.com/a-planetary-fairytale-acceptance.pdf
    • http://www.gorillawalker.com/underground-clinical-vignettes-step-2-internal-medicine-i-cardiology-endocrinology.pdf
    • http://www.gorillawalker.com/too-big-man-of-the-house-1-taboo-tales-book.pdf
    • http://www.gorillawalker.com/frommer-s-miami-the-keys-frommer-s-easyguide-to-miami.pdf
    • http://www.gorillawalker.com/my-wife-doesn-t-love-me-any-more-the-love.pdf
    • http://www.gorillawalker.com/the-medical-advisor-maxims-and-precepts-for-providers-students-and.pdf
    • http://www.gorillawalker.com/introduction-to-telecommunications-custom-edition.pdf
    • http://www.gorillawalker.com/quality-of-life-therapy-applying-a-life-satisfaction-approach-to.pdf
    • http://www.gorillawalker.com/night-s-embrace.pdf
    • http://www.gorillawalker.com/apple-training-series-iwork-09.pdf
    • http://www.gorillawalker.com/clymer-yamaha-xv535-1100-virago-1981-1999.pdf
    • http://www.gorillawalker.com/decommissioning-of-nuclear-power-plants-eur.pdf
    • http://www.gorillawalker.com/reefer-ranger-lost-dmb-files-kindle-edition.pdf
    • http://www.gorillawalker.com/emergency-care-of-the-sick-and-injured-text-and-workbook.pdf
    • http://www.gorillawalker.com/microsoft-excel-2013-for-the-business-analyst.pdf
    • http://www.gorillawalker.com/earl-mindell-s-peak-performance-bible-how-to-look-great.pdf
    • http://www.gorillawalker.com/das-ehescheidungsrecht-in-japan-die-geltende-ordnung-vor-ihrem-sozialgeschichtlichen.pdf
    • http://www.gorillawalker.com/shattered-secrets-in-the-shadow-of-the-wol
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.