Malicious PDF — malware analysis report

Static analysis result for SHA-256 ede91db7544225dd…

MALICIOUS

PDF

34.8 KB Created: 2020-02-20 04:47:22 +03:00 Authoring application: C2 v4.2.0220 build 670 - c2_rendition_config : Techlit_Active (via Acrobat Distiller 10.0.0 (Windows); modified using iText 2.1.7 by 1T3XT)
MD5: eb5708b58e2272b3b1f2fe584b945cc1 SHA-1: ba8a5b3ca108c2a9c47418486ddd49830f4dd7ee SHA-256: ede91db7544225dd6abfb713974cae7fb02e8acb62a67fac3f6b78f0a5a6dc94
90 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell

The PDF contains a large number of embedded URLs pointing to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged this PDF as malicious. The document body is heavily obfuscated and unreadable, preventing a deeper analysis of its specific content or intent beyond the link farm. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8018

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/benjamin-back-talk-watch-your-mouth-an-early-reader-picture.pdf
    • http://www.gorillawalker.com/20th-century-rock-roll-151-glam.pdf
    • http://www.gorillawalker.com/working-on-the-play-and-the-role-the-stanislavsky-method.pdf
    • http://www.gorillawalker.com/malta-gozo-holiday-map.pdf
    • http://www.gorillawalker.com/piano-concerto-no1-2-pianos-4-hands.pdf
    • http://www.gorillawalker.com/the-second-jewish-book-of-why-abridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/lost-in-dream.pdf
    • http://www.gorillawalker.com/chromosome-and-dna-damage-analysis-in-individuals-occupationally-exposed-to.pdf
    • http://www.gorillawalker.com/the-archives-of-cuba-los-archivos-de-cuba-pitt-latin.pdf
    • http://www.gorillawalker.com/flying-the-coop.pdf
    • http://www.gorillawalker.com/management-information-systems-8th-eighth-edition-by-o-brien-marakas.pdf
    • http://www.gorillawalker.com/homo-deus.pdf
    • http://www.gorillawalker.com/filmcraft-cinematography.pdf
    • http://www.gorillawalker.com/spicing-up-the-cariboo-characters-cultures-cuisine-of-the-cariboo.pdf
    • http://www.gorillawalker.com/phobia-anxiety-workbook-phobic-disorder-self-help-anxiety-disorder-self.pdf
    • http://www.gorillawalker.com/an-introduction-to-scanners-and-scanning-bp.pdf
    • http://www.gorillawalker.com/derecho-empresarial-mexicano-temas-selectos-vol-ii-2-biblioteca-jur.pdf
    • http://www.gorillawalker.com/sister-sarah-s-no-no-filters3-kindle-edition.pdf
    • http://www.gorillawalker.com/digital-scrapbooking-using-your-computer-to-create-exciting-scrapbook-pages.pdf
    • http://www.gorillawalker.com/untitled-ii-the-beautiful-renaissance-street-art-and-graffiti-paperback.pdf
    • http://www.gorillawalker.com/competitive-positioning-best-practices-for-creating-brand-loyalty.pdf
    • http://www.gorillawalker.com/childebride-island.pdf
    • http://www.gorillawalker.com/the-ghost-witch.pdf
    • http://www.gorillawalker.com/beyond-medicine-exploring-a-new-way-of-thinking.pdf
    • http://www.gorillawalker.com/open-city-true-story-of-the-kc-crime-family-1900.pdf
    • http://www.gorillawalker.com/warrior-s-return-warriors-3.pdf
    • http://www.gorillawalker.com/william-steinitz-selected-chess-games.pdf
    • http://www.gorillawalker.com/reluctant-hero-a-9-11-survivor-speaks-out-about-that.pdf
    • http://www.gorillawalker.com/herpetology-3rd-edition.pdf
    • http://www.gorillawalker.com/group-work-with-the-elderly-and-family-caregivers.pdf
    • http://www.gorillawalker.com/on-the-plurality-of-worlds.pdf
    • http://www.gorillawalker.com/families-as-they-really-are-paperback-common.pdf
    • http://www.gorillawalker.com/foundation-design-principles-and-practices-2nd-edition.pdf
    • http://www.gorillawalker.com/pronunciation-fundamentals-evidence-based-perspectives-for-l2-teaching-and-research.pdf
    • http://www.gorillawalker.com/memories-hopes-and-conversations-appreciative-inquiry-and-congregational-change.pdf
    • http://www.gorillawalker.com/the-translation-of-children-s-literature-a-reader-topics-in.pdf
    • http://www.gorillawalker.com/hot-rods-disney-pixar-cars-big-coloring-book.pdf
    • http://www.gorillawalker.com/young-scientist-s-guide-to-faulty-freaks-of-nature-a.pdf
    • http://www.gorillawalker.com/electronic-properties-of-molecular-nanostructures-xv-international-winterschool-euroconference-kirchberg.pdf
    • http://www.gorillawalker.com/the-book-of-knowledge-the-children-s-encyclopedia-volume-18.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.