Malicious PDF — malware analysis report

Static analysis result for SHA-256 e6e0619fa146a392…

MALICIOUS

PDF

34.5 KB Created: 2020-02-19 11:19:20 +03:00 Authoring application: AH XSL Formatter V6.1 MR5a for Windows (x64) : 6.1.10.15867 (via Antenna House PDF Output Library 6.1.472 (Windows (x64)))
MD5: 3b66a61156693a59caddbaaff4d71679 SHA-1: d51249eb3bcec928ae7daba87dfcd34640f2feeb SHA-256: e6e0619fa146a3922ae76134674f0b9a48a26f87e999a2cf4637eaa686dbfd12
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1059.001 PowerShell

The PDF was flagged by a machine learning classifier and contains a significant number of embedded URLs pointing to external PDF files. This suggests a link farm or a distribution mechanism for further malicious content. No scripts were extracted, and the document body was unreadable, limiting the ability to determine a more specific attack pattern or family.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8531

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-panic-attack-phobia-solutions-handbook.pdf
    • http://www.gorillawalker.com/transamerica-the-shooting-script.pdf
    • http://www.gorillawalker.com/in-pursuit-of-purpose.pdf
    • http://www.gorillawalker.com/organic-inc-natural-foods-and-how-they-grew.pdf
    • http://www.gorillawalker.com/music-minus-one-high-voice-soprano-vol-1-schubert-german.pdf
    • http://www.gorillawalker.com/the-hidden-agenda-of-reggae-music.pdf
    • http://www.gorillawalker.com/making-the-scene-a-history-of-stage-design-and-technology.pdf
    • http://www.gorillawalker.com/another-angel-of-love-angelic-letters.pdf
    • http://www.gorillawalker.com/complete-guide-to-chinese-herbal-medicine.pdf
    • http://www.gorillawalker.com/on-mars-and-venus-strategic-culture-as-an-intervening-variable.pdf
    • http://www.gorillawalker.com/epilepsy-the-detective-s-story.pdf
    • http://www.gorillawalker.com/museum-culture-histories-discourses-spectacles.pdf
    • http://www.gorillawalker.com/vino-con-vista-venice-and-the-tre-venezie-kindle-edition.pdf
    • http://www.gorillawalker.com/justinguitar-com-ukulele-sg-bk-german.pdf
    • http://www.gorillawalker.com/international-drug-gmp-s.pdf
    • http://www.gorillawalker.com/remote-sensing-of-coastal-aquatic-environments-technologies-techniques-and-applications.pdf
    • http://www.gorillawalker.com/mosby-s-clinical-nursing-5th-edition.pdf
    • http://www.gorillawalker.com/escape-to-paradise-and-other-poetic-fancies-kindle-edition.pdf
    • http://www.gorillawalker.com/pleasure-rush-new-york-sabers-football-book-4.pdf
    • http://www.gorillawalker.com/the-mid-third-century-persecutions-of-decius-and-valerian.pdf
    • http://www.gorillawalker.com/dare-to-stand-out.pdf
    • http://www.gorillawalker.com/transcanadian-sketchbook.pdf
    • http://www.gorillawalker.com/restoring-faith-in-reason-a-new-translation-of-the-encyclical.pdf
    • http://www.gorillawalker.com/touch-typing-made-simple.pdf
    • http://www.gorillawalker.com/selected-political-writings-hackett-classics-kindle-edition.pdf
    • http://www.gorillawalker.com/haunted-poems-and-hunted-shadows-kindle-edition.pdf
    • http://www.gorillawalker.com/a-vueltas-con-la-tartera-taking-the-lunch-box-recetas.pdf
    • http://www.gorillawalker.com/society-under-siege.pdf
    • http://www.gorillawalker.com/picture-perfect-parties-annette-joseph-s-stylish-solutions-for-entertaining.pdf
    • http://www.gorillawalker.com/spelling-skillbuilder.pdf
    • http://www.gorillawalker.com/ines-of-my-soul-a-novel.pdf
    • http://www.gorillawalker.com/pulsed-and-pulsed-bias-sputtering-principles-and-applications.pdf
    • http://www.gorillawalker.com/embers-based-on-the-novel-by-sandor-marai.pdf
    • http://www.gorillawalker.com/music-for-new-media-composing-for-videogames-web-sites-presentations.pdf
    • http://www.gorillawalker.com/sporeville-wellborn-conspiracy.pdf
    • http://www.gorillawalker.com/create-a-servitor-harness-the-power-of-thought-forms.pdf
    • http://www.gorillawalker.com/crc-ethnobotany-desk-reference.pdf
    • http://www.gorillawalker.com/college-major-quizzes-12-easy-tests-to-discover-which-programs.pdf
    • http://www.gorillawalker.com/are-you-as-smart-as-you-think-150-original-mathematical.pdf
    • http://www.gorillawalker.com/landscape-architecture-fourth-edition-a-manual-of-land-planning-and.pdf
    • http://www.gorillawalker.com/epilepsy-the-detective-
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.