Malicious PDF — malware analysis report

Static analysis result for SHA-256 ed576752990d8258…

MALICIOUS

PDF

46.4 KB Created: 2019-03-17 09:10:01 +03:00 Authoring application: PScript5.dll Version 5.2.2 (via Acrobat Distiller 7.0.5 (Windows))
MD5: 2aa82fa332161ecd02106e9223dd51c2 SHA-1: ee2f5e584c5b5180afb7928050511adada9dbb7d SHA-256: ed576752990d825821b37ec09dbfc200b68d2491f2282daa58c3dd2e245bba9f
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF contains a large number of embedded URLs pointing to external PDF files on the same domain, as indicated by the PDF_SEO_LINK_FARM heuristic. This suggests a link farm or a distribution mechanism for other malicious content. The ML_NYX_PDF_MALICIOUS heuristic also flagged the document. No scripts were extracted from this sample. The primary attack pattern appears to be SEO manipulation or content distribution via a link farm.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8527

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/prayers-for-all-seasons-year-c.pdf
    • http://www.gorillawalker.com/harvard-business-review-on-crisis-management-paperback.pdf
    • http://www.gorillawalker.com/engen-afrikatourism-guide-a-guide-for-environment-oriented-travel-in.pdf
    • http://www.gorillawalker.com/alfred-stieglitz-new-york.pdf
    • http://www.gorillawalker.com/library-services-from-birth-to-five-delivering-the-best-start.pdf
    • http://www.gorillawalker.com/battle-of-kursk-1943-images-of-war.pdf
    • http://www.gorillawalker.com/l-historiographie-medievale-en-europe-actes-du-colloque-organise-par.pdf
    • http://www.gorillawalker.com/hal-leonard-all-time-tv-favorites-e-z-play-144.pdf
    • http://www.gorillawalker.com/a-way-of-being-free.pdf
    • http://www.gorillawalker.com/please-don-t-tell.pdf
    • http://www.gorillawalker.com/golfing-with-the-master-inspiring-stories-to-keep-you-on.pdf
    • http://www.gorillawalker.com/exercises-in-melody-writing-a-systematic-course-of-melodic-composition.pdf
    • http://www.gorillawalker.com/iridologia-diagnostico-por-el-iris-el-spanish-edition.pdf
    • http://www.gorillawalker.com/wiley-s-english-spanish-spanish-english-chemistry-dictionary.pdf
    • http://www.gorillawalker.com/noc-and-nic-linkages-to-nanda-i-and-clinical-conditions.pdf
    • http://www.gorillawalker.com/research-on-writing-approaches-in-mental-health-studies-in-writing.pdf
    • http://www.gorillawalker.com/mein-buntes-mecklenburg-wandkalender-2015.pdf
    • http://www.gorillawalker.com/steps-to-literacy-teachers-manual.pdf
    • http://www.gorillawalker.com/moonfeast-deathlands.pdf
    • http://www.gorillawalker.com/kuwait-an-entry-from-uxl-s-junior-worldmark-encyclopedia-of.pdf
    • http://www.gorillawalker.com/healthy-cooking-made-easy.pdf
    • http://www.gorillawalker.com/trans-siberian-handbook-8th-eighth-edition-of-the-guide-to.pdf
    • http://www.gorillawalker.com/chef-daniel-boulud-cooking-in-new-york-city.pdf
    • http://www.gorillawalker.com/water-worlds-between-heaven-earth.pdf
    • http://www.gorillawalker.com/getting-agencies-to-work-together-the-practice-and-theory-of.pdf
    • http://www.gorillawalker.com/women-work-and-politics-the-political-economy-of-gender-inequality.pdf
    • http://www.gorillawalker.com/tigers-in-combat-vol-2.pdf
    • http://www.gorillawalker.com/snow-from-broken-eyes-cocaine-in-the-lives-and-works.pdf
    • http://www.gorillawalker.com/performing-action-artistry-in-human-behavior-and-social-research.pdf
    • http://www.gorillawalker.com/the-riddle-treasury-a-collection-of-modern-riddles.pdf
    • http://www.gorillawalker.com/cuckold-cruise-interracial-multiple-male-partners-cuckold-initiations-book-7.pdf
    • http://www.gorillawalker.com/human-bonds-and-bondages-the-fiction-of-anita-desai-and.pdf
    • http://www.gorillawalker.com/the-politics-of-sectarianism-in-postwar-lebanon.pdf
    • http://www.gorillawalker.com/racing-the-rain-a-novel.pdf
    • http://www.gorillawalker.com/business-and-corporate-aviation-management-on-demand-air-travel-by.pdf
    • http://www.gorillawalker.com/the-starry-sky-within-astronomy-and-the-reach-of-the.pdf
    • http://www.gorillawalker.com/the-art-of-dreamworks-animation-celebrating-20-years-of-art.pdf
    • http://www.gorillawalker.com/journals-captain-scott-s-last-expedition-oxford-world-s-classics.pdf
    • http://www.gorillawalker.com/the-15-minute-vegetarian-gourmet.pdf
    • http://www.gorillawalker.com/bones-never-lie-with-bonus-novella-swamp-bones-a-novel.pdf
    • http://www.gorillawalker
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.