Malicious PDF — malware analysis report

Static analysis result for SHA-256 ed896389f388e017…

MALICIOUS

PDF

45.3 KB Created: 2018-11-30 20:35:15 +03:00 Authoring application: Adobe InDesign CS4 (6.0.4) (via Adobe PDF Library 9.0)
MD5: e9e432993f2d75483842794b01020d20 SHA-1: 55511d366380a607cbff232ebf825cc44d92ecef SHA-256: ed896389f388e017919f9e68818a73c1cb796b900bb579e177b81dc0d4b4aa0e
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF was flagged by a machine learning classifier and contains a large number of embedded URLs, indicating a potential link farm or distribution mechanism. The heuristic 'PDF_SEO_LINK_FARM' specifically calls out the mass external PDF link farm. While no scripts were extracted, the sheer volume of links suggests a malicious intent to redirect users or manipulate search engine results.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8600

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/fire-the-beginnings-of-the-labor-movement-once-upon-america.pdf
    • http://www.gorillawalker.com/lorimer-real-justice-paperback-4-book-set-real-justice-fourteen.pdf
    • http://www.gorillawalker.com/clan-honor-and-empire-clan-beginnings-book-3-kindle-edition.pdf
    • http://www.gorillawalker.com/colonie-dell-africa-occidentale-la-nigeria-britannica.pdf
    • http://www.gorillawalker.com/transforming-the-dead-culturally-modified-bone-in-the-prehistoric-midwest.pdf
    • http://www.gorillawalker.com/excavations-at-cerro-de-trincheras-sonora-mexico-volume-2.pdf
    • http://www.gorillawalker.com/progress-in-systems-engineering-proceedings-of-the-twenty-third-international.pdf
    • http://www.gorillawalker.com/livingstone-revised-and-expanded-edition.pdf
    • http://www.gorillawalker.com/vegas-baby-a-gender-swap-tale.pdf
    • http://www.gorillawalker.com/the-world-s-new-financial-landscape-challenges-for-economic-policy.pdf
    • http://www.gorillawalker.com/happy-ever-after.pdf
    • http://www.gorillawalker.com/a-scientific-way-of-war-antebellum-military-science-west-point.pdf
    • http://www.gorillawalker.com/alfred-band-expressions-book-two-student-edition-clarinet-book-cd.pdf
    • http://www.gorillawalker.com/fields-and-particles-introduction-to-electromagnetic-wave-phenomena-and-quantum.pdf
    • http://www.gorillawalker.com/standard-of-excellence-book-1-tuba-w21bse.pdf
    • http://www.gorillawalker.com/investigations-at-pichao.pdf
    • http://www.gorillawalker.com/sussex-county-nj-images-of-america.pdf
    • http://www.gorillawalker.com/agapi-mou-my-beloved.pdf
    • http://www.gorillawalker.com/economics-principles-problems-and-policies-19th-edition.pdf
    • http://www.gorillawalker.com/ship-automation-for-marine-engineers-and-electro-technical-officers.pdf
    • http://www.gorillawalker.com/2stoned.pdf
    • http://www.gorillawalker.com/zapatista-reinventing-revolution-in-mexico.pdf
    • http://www.gorillawalker.com/introduction-to-zeolite-science-and-practice-volume-58-studies-in.pdf
    • http://www.gorillawalker.com/the-eyes-of-kid-midas.pdf
    • http://www.gorillawalker.com/2010-the-construction-of-the-national-level-qualification-exam-book.pdf
    • http://www.gorillawalker.com/the-physiology-and-pharmacology-of-the-microcirculation-vol-2-physiologic.pdf
    • http://www.gorillawalker.com/blood-ties-a-novel.pdf
    • http://www.gorillawalker.com/chakras-their-characteristics-associations-and-reflexzones.pdf
    • http://www.gorillawalker.com/crossing-over-one-woman-s-escape-from-amish-life.pdf
    • http://www.gorillawalker.com/a-pocket-guide-to-amish-life.pdf
    • http://www.gorillawalker.com/chamber-music-for-4-horns.pdf
    • http://www.gorillawalker.com/the-cambridge-companion-to-the-recorder-cambridge-companions-to-music.pdf
    • http://www.gorillawalker.com/cameos-old-and-new.pdf
    • http://www.gorillawalker.com/the-g-point-how-to-turn-your-business-into-a.pdf
    • http://www.gorillawalker.com/undersea-fleet.pdf
    • http://www.gorillawalker.com/borderlands-3.pdf
    • http://www.gorillawalker.com/herbs-for-the-soul-emotional-healing-with-chinese-and-western.pdf
    • http://www.gorillawalker.com/stop-growing.pdf
    • http://www.gorillawalker.com/hunt-for-the-devil-s-dragon-aio-imagination-station-books.pdf
    • http://www.gorillawalker.com/doc-the-rape-of-the-town-of-lovell-kindle-edition.pdf
    • http://www.gorillawalker.com/excavations-at-cerro-de-
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.