Malicious PDF — malware analysis report

Static analysis result for SHA-256 e62f36f451cdecd3…

MALICIOUS

PDF

42.1 KB Created: 2018-12-15 20:01:53 +03:00 Authoring application: - (via Acrobat Web Capture 5.0)
MD5: 73c103f05f1cefbf81dd34a9fdc19614 SHA-1: 41774fed37ff6a135e9e265446d9c86a4ae965d4 SHA-256: e62f36f451cdecd36834f14ac2bcaeb915b9f050849a33e453fad376a4ec02f7
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF file contains a large number of embedded links to external websites, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged this PDF as malicious. The primary purpose appears to be directing users to a vast collection of URLs, likely for SEO manipulation or to serve as a landing page for further malicious activity. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-pineapple-cookbook.pdf
    • http://www.gorillawalker.com/flory-a-miraculous-story-of-survival-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/number-theory-an-introduction-to-mathematics-universitext.pdf
    • http://www.gorillawalker.com/gluck-christoph-willibald-dance-the-blessed-spirits-orfeo-ed-euridice.pdf
    • http://www.gorillawalker.com/creating-ourselves-african-americans-and-hispanic-americans-on-popular-culture.pdf
    • http://www.gorillawalker.com/two-thousand-sons-the-story-of-cal-farley-s-boys.pdf
    • http://www.gorillawalker.com/dentists-an-endangered-species-a-survival-guide-for-fee-for.pdf
    • http://www.gorillawalker.com/low-fat-loving-it.pdf
    • http://www.gorillawalker.com/top-50-most-delicious-homemade-frozen-yogurt-recipes-recipe-top.pdf
    • http://www.gorillawalker.com/the-card.pdf
    • http://www.gorillawalker.com/who-girls-calendar-2013-calendar.pdf
    • http://www.gorillawalker.com/image-processing-the-fundamentals.pdf
    • http://www.gorillawalker.com/biochemistry-of-the-eye-2nd-edition.pdf
    • http://www.gorillawalker.com/the-yucatan-a-guide-to-the-land-of-maya-mysteries.pdf
    • http://www.gorillawalker.com/leipzig-a-conflict-of-titans-a-personal-experience-of-the.pdf
    • http://www.gorillawalker.com/the-literary-crowd-writers-critics-scholars-wits-remarkable-women-past.pdf
    • http://www.gorillawalker.com/ulcer-research-12th-international-conference-icur-and-gi-satellite-of.pdf
    • http://www.gorillawalker.com/a-boater-s-guide-to-vhf-and-gmdss.pdf
    • http://www.gorillawalker.com/captain-cook-s-voyages-1768-1779.pdf
    • http://www.gorillawalker.com/urinary-tract-infection-1-best-methods-to-permanently-beat-cure.pdf
    • http://www.gorillawalker.com/bipolar-lies-how-to-deal-with-bipolar-lies-and-manipulation.pdf
    • http://www.gorillawalker.com/girl-lost-finding-your-voice-through-eating-disorder-recovery.pdf
    • http://www.gorillawalker.com/stan-kenton-the-early-years-1941-1947.pdf
    • http://www.gorillawalker.com/the-macmillan-and-silk-cut-nautical-almanac-1993.pdf
    • http://www.gorillawalker.com/vehicle-electronic-systems-and-fault-diagnosis.pdf
    • http://www.gorillawalker.com/coil-s-masonic-encyclopedia.pdf
    • http://www.gorillawalker.com/inside-out-prayers-for-young-women.pdf
    • http://www.gorillawalker.com/living-water-understanding-the-gift-of-new-life-through-baptism.pdf
    • http://www.gorillawalker.com/comparing-shapes-spot-the-shape-acorn-read-aloud.pdf
    • http://www.gorillawalker.com/the-pku-paradox-a-short-history-of-a-genetic-disease.pdf
    • http://www.gorillawalker.com/guide-to-snmp-network-monitoring-offered-online-an-article-from.pdf
    • http://www.gorillawalker.com/a-promise-of-roses.pdf
    • http://www.gorillawalker.com/the-athenian-option-radical-reform-for-the-house-of-lords.pdf
    • http://www.gorillawalker.com/mixed-marriage-global-viewpoints.pdf
    • http://www.gorillawalker.com/engineers-handbook-of-industrial-microwave-heating-power-energy-series.pdf
    • http://www.gorillawalker.com/system-and-structure-essays-in-communication-and-exchange-second-edition.pdf
    • http://www.gorillawalker.com/british-freshwater-ciliate-protozoa-synopses-of-the-british-fauna-pt.pdf
    • http://www.gorillawalker.com/calculo-una-variable-spanish-edition.pdf
    • http://www.gorillawalker.com/the-art-of-screen-printing.pdf
    • http://www.gorillawalker.com/garden-of-shadows.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.