Malicious PDF — malware analysis report

Static analysis result for SHA-256 ec3c25d35ab7425f…

MALICIOUS

PDF

46.8 KB Created: 2019-02-14 08:24:56 +03:00 Authoring application: FrameMaker 5.5.6. (via Acrobat Distiller 4.05 for Sparc Solaris)
MD5: 69bac0b59d726f38e157eaeb70bb0e14 SHA-1: 81e626870b9d654a6bff611bfe476536f3feaf43 SHA-256: ec3c25d35ab7425f1c0873112596bfb726f3c9dabb46bd0887dd32126c9c2cf0
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1059.001 PowerShell

The PDF was flagged by a machine learning classifier and contains a large number of embedded external links, a technique often used for SEO manipulation or to distribute further malicious content. The heuristic PDF_SEO_LINK_FARM specifically indicates a mass external PDF link farm. While no scripts were extracted, the sheer volume of links suggests a malicious intent to direct users to potentially harmful content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8518

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/mannie-s-diet-and-enzyme-formula-a-change-of-lifestyle.pdf
    • http://www.gorillawalker.com/treating-the-alcoholic-a-developmental-model-of-recovery-wiley-series.pdf
    • http://www.gorillawalker.com/nehemiah-people-destiny-and-purpose-rediscovered-through-the-nehemiah-template.pdf
    • http://www.gorillawalker.com/not-just-stories-the-chassidic-spirit-through-its-classic-stories.pdf
    • http://www.gorillawalker.com/lasik-eye-surgery-the-ultimate-guide-to-help-you-decide.pdf
    • http://www.gorillawalker.com/feminism-and-the-politics-of-reading.pdf
    • http://www.gorillawalker.com/steam-cuisine-full-steam-ahead-with-100-delicious-recipes-for.pdf
    • http://www.gorillawalker.com/war-as-spectacle-ancient-and-modern-perspectives-on-the-display.pdf
    • http://www.gorillawalker.com/theoretical-aspects-of-physical-organic-chemistry-the-sn2-mechanism.pdf
    • http://www.gorillawalker.com/heart-of-a-lion-the-life-death-and-legacy-of.pdf
    • http://www.gorillawalker.com/your-career-in-animation-how-to-survive-and-thrive-unabridged.pdf
    • http://www.gorillawalker.com/water-for-the-cities-a-history-of-the-urban-water.pdf
    • http://www.gorillawalker.com/we-europeans.pdf
    • http://www.gorillawalker.com/gaturro-2-spanish-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/learning-to-read-hieroglyphs-and-ancient-egyptian-art-a-practical.pdf
    • http://www.gorillawalker.com/between-the-shadow-and-the-soul-darkest-soul-volume-1.pdf
    • http://www.gorillawalker.com/lead-like-it-matters-because-it-does-practical-leadership-tools.pdf
    • http://www.gorillawalker.com/mom-made-us-write-this-in-the-summer-max-and.pdf
    • http://www.gorillawalker.com/lavender-sweet-lavender.pdf
    • http://www.gorillawalker.com/st-martin-st-barts-anguilla-alive.pdf
    • http://www.gorillawalker.com/medical-applications-of-finite-mixture-models-statistics-for-biology-and.pdf
    • http://www.gorillawalker.com/local-politics-and-participation-in-britain-and-france.pdf
    • http://www.gorillawalker.com/running-scared-for-22-years-he-was-a-fugitive-the.pdf
    • http://www.gorillawalker.com/being-and-nothingness-an-essay-on-phenomenological-ontology.pdf
    • http://www.gorillawalker.com/the-churchill-documents-volume-11-the-exchequer-years-1922-1929.pdf
    • http://www.gorillawalker.com/value-based-pricing-drive-sales-and-boost-your-bottom-line.pdf
    • http://www.gorillawalker.com/the-dolphin-parent-a-guide-to-raising-healthy-happy-and.pdf
    • http://www.gorillawalker.com/the-railroad-and-the-civil-war-1860-s-the-railroad.pdf
    • http://www.gorillawalker.com/the-adventures-of-tom-sawyer-junior-classics.pdf
    • http://www.gorillawalker.com/personality-psychology-domains-of-knowledge-about-human-nature.pdf
    • http://www.gorillawalker.com/sustainable-olympic-design-and-urban-development.pdf
    • http://www.gorillawalker.com/progressive-gymnastics-national-ymca-progressive-gymnastics-program-for-youth.pdf
    • http://www.gorillawalker.com/el-s40-es-la-respuesta.pdf
    • http://www.gorillawalker.com/upscaling-multiphase-flow-in-porous-media-from-pore-to-core.pdf
    • http://www.gorillawalker.com/feminisms-in-development-contradictions-contestations-and-challenges.pdf
    • http://www.gorillawalker.com/how-to-fence-kindle-edition.pdf
    • http://www.gorillawalker.com/meat-is-murder-an-illustrated-guide-to-cannibal-culture-creation.pdf
    • http://www.gorillawalker.com/moonwatch-only-the-ultimate-omega-speedmaster-guide.pdf
    • http://www.gorillawalker.com/you-ve-got-mail-a-study-of-the-seven-churches.pdf
    • http://www.gorillawalker.com/principles-and-techniques-of-horse-training-and-management.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.