Malicious PDF — malware analysis report

Static analysis result for SHA-256 ea69866d7e274a96…

MALICIOUS

PDF

42.2 KB Created: 2018-12-14 21:05:00 +03:00 Authoring application: Acrobat PDFMaker 15 for Word (via Adobe PDF Library 15.0)
MD5: bcf7fdedf2682fc29ce49d5a368e6f29 SHA-1: 0e0ee99218c8c3b42d1a422c967706ca25bdda39 SHA-256: ea69866d7e274a96a4b83c70b08dc523c7fb504e330958072b305deb86634abe
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF was flagged for containing a large number of external links, a technique often used for SEO manipulation or to distribute further malicious content. The ML classifier also indicated a high probability of maliciousness. No scripts were extracted, and the document body was unreadable, limiting the ability to determine the exact payload or user-facing lure.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8698

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/carte-routi-re-italie-ii-v-n-tie.pdf
    • http://www.gorillawalker.com/health-technology-development-and-use-from-practice-bound-imagination-to.pdf
    • http://www.gorillawalker.com/discontentment-why-am-i-so-unhappy-resources-for-biblical-living.pdf
    • http://www.gorillawalker.com/dibujar-con-el-corazon-spanish-edition.pdf
    • http://www.gorillawalker.com/smells-like-dead-elephants-dispatches-from-a-rotting-empire.pdf
    • http://www.gorillawalker.com/simply-managing-what-managers-do-and-can-do-better.pdf
    • http://www.gorillawalker.com/wandering-son-book-1.pdf
    • http://www.gorillawalker.com/boom-town.pdf
    • http://www.gorillawalker.com/the-tao-of-music-sound-psychology-using-music-to-change.pdf
    • http://www.gorillawalker.com/prayer-book-parallels-volume-2.pdf
    • http://www.gorillawalker.com/john-f-hurley-s-j-wartime-superior-1941-1945-in.pdf
    • http://www.gorillawalker.com/fun-for-2-violins-volume-2.pdf
    • http://www.gorillawalker.com/origins-of-the-czech-national-renascence-series-in-russian-and.pdf
    • http://www.gorillawalker.com/in-search-of-a-vision-a-boner-book.pdf
    • http://www.gorillawalker.com/atlantic-reef-corals-a-handbook-of-the-common-reef-and.pdf
    • http://www.gorillawalker.com/mastering-homebrew-the-beer-maker-s-bible.pdf
    • http://www.gorillawalker.com/neuropsychology-of-ptsd-biological-cognitive-and-clinical-perspectives.pdf
    • http://www.gorillawalker.com/nosology-or-a-systematic-arrangement-of-diseases-by-classes-orders.pdf
    • http://www.gorillawalker.com/how-to-win-at-gin-rummy.pdf
    • http://www.gorillawalker.com/the-elephant-prince-flavia-s-dream-maker-stories-1-dream.pdf
    • http://www.gorillawalker.com/letters-to-cupid-ag-fiction-american-girl.pdf
    • http://www.gorillawalker.com/raw-food-detox.pdf
    • http://www.gorillawalker.com/joe-s-coin-shop-entry-into-online-auctions-pearson-cases.pdf
    • http://www.gorillawalker.com/berlitz-travellers-guide-to-portugal-1993.pdf
    • http://www.gorillawalker.com/being-a-soul-kindle-edition.pdf
    • http://www.gorillawalker.com/iran-under-the-safavids.pdf
    • http://www.gorillawalker.com/the-best-of-zz-top-for-bass-guitar-bass-guitar.pdf
    • http://www.gorillawalker.com/truth-or-propaganda-kindle-edition.pdf
    • http://www.gorillawalker.com/services-marketing-in-asia-second-edition.pdf
    • http://www.gorillawalker.com/i-ll-always-miss-you.pdf
    • http://www.gorillawalker.com/the-johns-hopkins-complete-home-guide-to-symptoms-remedies.pdf
    • http://www.gorillawalker.com/it-s-debatable-using-scioscientific-issues-to-develop-scientific-literacy.pdf
    • http://www.gorillawalker.com/message-to-erin-an-anthology-of-irish-canadian-writing-1852.pdf
    • http://www.gorillawalker.com/the-betsy-tacy-companion-a-biography-of-maud-hart-lovelace.pdf
    • http://www.gorillawalker.com/phantoms-can-be-murder-charlie-parker-mystery-13-the-charlie.pdf
    • http://www.gorillawalker.com/chi-running-injury-free-beginner-10k-training-program.pdf
    • http://www.gorillawalker.com/16-planes-de-entreno-spanish-edition.pdf
    • http://www.gorillawalker.com/citrix-xendesktop-cookbook-third-edition.pdf
    • http://www.gorillawalker.com/romance-of-the-three-kingdoms-four-volumes-chinese-edition.pdf
    • http://www.gorillawalker.com/brazil-and-the-united-states-headline-series.pdf
    • http://www.gorillawalker.com/simply-managing-what-manager
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.