Malicious PDF — malware analysis report

Static analysis result for SHA-256 e6005bf043ca027c…

MALICIOUS

PDF

43.5 KB Created: 2019-05-05 01:34:57 +03:00 Authoring application: PageMaker 7.0 (via Acrobat Distiller 7.0 (Windows))
MD5: 1f493fcfccdd744732907c9f9f39dbe1 SHA-1: a5a1b3dac95a41ddd627e597b9d5643e046b62dd SHA-256: e6005bf043ca027ca8ba3474cb5e73269365b06f35b46190b9add9e079f6811c
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1059.001 PowerShell

The PDF contains a significant number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML_NYX_PDF_MALICIOUS heuristic also flagged this file with high confidence. While no scripts were extracted, the sheer volume of links suggests a malicious intent, possibly for SEO manipulation or to distribute further malicious content. The attack pattern is likely a form of link farming or a lure to download other malicious documents.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9171

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/allopathy-and-homeopathy-before-the-judgement-of-common-sense.pdf
    • http://www.gorillawalker.com/railroad-accident-report-derailment-of-canadian-pacific-railway-freight-train.pdf
    • http://www.gorillawalker.com/pigsty-scholastic-bookshelf.pdf
    • http://www.gorillawalker.com/battle-hymn-revelations-of-the-sinister-plan-for-a-new.pdf
    • http://www.gorillawalker.com/christ-the-lord-is-risen-again-vocal-score.pdf
    • http://www.gorillawalker.com/desperate-rescue-steeple-hill-love-inspired-suspense-70.pdf
    • http://www.gorillawalker.com/wetland-walk-a.pdf
    • http://www.gorillawalker.com/i-m-still-sexy-so-what-s-up-with-him.pdf
    • http://www.gorillawalker.com/illustrated-true-crime-a-photographic-record.pdf
    • http://www.gorillawalker.com/zhongguo-gong-shang-qi-ye-ming-lu-mandarin-chinese-edition.pdf
    • http://www.gorillawalker.com/qing-colonial-enterprise-ethnography-and-cartography-in-early-modern-china.pdf
    • http://www.gorillawalker.com/lectures-on-arakelov-geometry-cambridge-studies-in-advanced-mathematics.pdf
    • http://www.gorillawalker.com/in-like-a-lion-out-like-a-lamb.pdf
    • http://www.gorillawalker.com/operation-perfect-blue-a-role-playing-game-of-command-evolution.pdf
    • http://www.gorillawalker.com/whatever-it-takes-how-professional-learning-communities-respond-when-kids.pdf
    • http://www.gorillawalker.com/nanoplasmonics-faraday-discussion-178-faraday-discussions.pdf
    • http://www.gorillawalker.com/assignment-rescue-kindle-edition.pdf
    • http://www.gorillawalker.com/renew-your-mind-in-30-days.pdf
    • http://www.gorillawalker.com/harmonica-americana.pdf
    • http://www.gorillawalker.com/the-tale-of-the-eloquent-peasant-egyptian-edition.pdf
    • http://www.gorillawalker.com/alleluia-hand-percussion-sheet-music.pdf
    • http://www.gorillawalker.com/family-quizmas-christmas-bedtime-stories-and-trivia-fun.pdf
    • http://www.gorillawalker.com/quando-acontece-a-uni-o-volume-2-portuguese-edition.pdf
    • http://www.gorillawalker.com/chatting-with-god.pdf
    • http://www.gorillawalker.com/powder-coal-combustion-project-executive-summary-v-1-combined-cycle.pdf
    • http://www.gorillawalker.com/young-man-in-a-hurry-the-story-of-william-rainey.pdf
    • http://www.gorillawalker.com/ac-dc-power-system-analysis-i-e-e-power-engineering.pdf
    • http://www.gorillawalker.com/conversations-of-a-watchman-prayers-to-frame-your-prophetic-destiny.pdf
    • http://www.gorillawalker.com/basic-electronics-instructor-s-annotated-edition.pdf
    • http://www.gorillawalker.com/manual-of-laparoscopic-urology-kindle-edition.pdf
    • http://www.gorillawalker.com/the-land-of-desolation-being-a-personal-narrative-of-observation.pdf
    • http://www.gorillawalker.com/more-than-two-a-practical-guide-to-ethical-polyamory.pdf
    • http://www.gorillawalker.com/the-fragile-bond-in-search-of-an-equal-intimate-and.pdf
    • http://www.gorillawalker.com/the-ultimate-asteroid-book.pdf
    • http://www.gorillawalker.com/the-technique-of-pencil-drawing-with-notes-on-the-proportions.pdf
    • http://www.gorillawalker.com/film-studies-an-introduction-film-and-culture-series.pdf
    • http://www.gorillawalker.com/of-royal-blood-the-missouri-foxtrotter.pdf
    • http://www.gorillawalker.com/if-i-can-dream-elvis-own-story.pdf
    • http://www.gorillawalker.com/maximum-feasible-misunderstanding-community-action-in-the-war-on-poverty.pdf
    • http://www.gorillawalker.com/holt-decisions-for-health-level-red-student-edition.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.