Malicious PDF — malware analysis report

Static analysis result for SHA-256 eebc719799baa131…

MALICIOUS

PDF

42.1 KB Created: 2018-11-30 20:59:05 +03:00 Authoring application: PSCRIPT.DRV Version 4.0 (via Acrobat Distiller 3.01 for Windows)
MD5: 1cd2708b4c290b98c21863073997ce22 SHA-1: 894a67bd2c69157756b59fd67ac88a01df27cc94 SHA-256: eebc719799baa131414d7b37fa463192a275bc9f28886a52c0dd73020ea3fe77
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF contains a large number of embedded URLs pointing to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged this document as malicious. The primary attack pattern involves directing users to a link farm, likely for SEO manipulation or to serve further malicious content. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/a-great-game-the-forgotten-leafs-the-rise-of-professional.pdf
    • http://www.gorillawalker.com/an-experience-to-share-in-saskatchewan-carry-the-kettle-and.pdf
    • http://www.gorillawalker.com/handbook-of-functional-nanomaterials-characterization-and-reliability-nanotechnology-science-and.pdf
    • http://www.gorillawalker.com/fundamental-and-applied-spectroscopy-second-international-spectroscopy-conference-isc-2007.pdf
    • http://www.gorillawalker.com/a-dozen-a-day-book-two.pdf
    • http://www.gorillawalker.com/outlaws-atomic-grade-5.pdf
    • http://www.gorillawalker.com/psychological-foundations-of-musical-behavior.pdf
    • http://www.gorillawalker.com/all-the-best-songs-of-praise-worship-4-book.pdf
    • http://www.gorillawalker.com/hellfire-theirs-not-to-reason-why.pdf
    • http://www.gorillawalker.com/the-cambridge-companion-to-frederick-douglass-cambridge-companions-to-literature.pdf
    • http://www.gorillawalker.com/princess-knight-part-one.pdf
    • http://www.gorillawalker.com/the-figure-skater-olympic-dreams-book-1-kindle-edition.pdf
    • http://www.gorillawalker.com/villa-america-a-novel.pdf
    • http://www.gorillawalker.com/animalium-welcome-to-the-museum.pdf
    • http://www.gorillawalker.com/todo-para-el-salvador-spanish-edition.pdf
    • http://www.gorillawalker.com/acting-skills-for-life-third-edition.pdf
    • http://www.gorillawalker.com/shaping-up-to-womanhood-gender-and-girls-physical-education-gender.pdf
    • http://www.gorillawalker.com/calcutta-info-guides.pdf
    • http://www.gorillawalker.com/the-belgariad-set-books-1-5-pawn-of-prophecy-queen.pdf
    • http://www.gorillawalker.com/3d-cell-culture-methods-and-protocols-methods-in-molecular-biology.pdf
    • http://www.gorillawalker.com/passport-to-world-band-radio-1999.pdf
    • http://www.gorillawalker.com/the-further-adventures-of-sherlock-holmes-seance-for-a-vampire.pdf
    • http://www.gorillawalker.com/essentials-of-pharmacology-for-health-occupations-book-only-6th-sixth.pdf
    • http://www.gorillawalker.com/zhao-mengfu-calligraphy-and-painting-for-khubilai-s-china.pdf
    • http://www.gorillawalker.com/breakthrough-when-jesus-sets-you-free.pdf
    • http://www.gorillawalker.com/in-the-shadow-of-greatness-voices-of-leadership-sacrifice-and.pdf
    • http://www.gorillawalker.com/sueno-profundo-sleepy-head-spanish-edition.pdf
    • http://www.gorillawalker.com/roseannearchy-dispatches-from-the-nut-farm.pdf
    • http://www.gorillawalker.com/the-sea-is-my-brother-the-lost-novel.pdf
    • http://www.gorillawalker.com/freedom-cannot-rest-ella-baker-and-the-civil-rights-movement.pdf
    • http://www.gorillawalker.com/budgeting-and-financial-record-keeping-in-the-small-library-small.pdf
    • http://www.gorillawalker.com/coaching-deportivo-mucho-m-s-que-entrenamiento-spanish-edition.pdf
    • http://www.gorillawalker.com/the-history-of-central-and-eastern-africa-the-britannica-guide.pdf
    • http://www.gorillawalker.com/when-i-dream.pdf
    • http://www.gorillawalker.com/wasted-the-preppie-murder.pdf
    • http://www.gorillawalker.com/yogasastram-3-vols.pdf
    • http://www.gorillawalker.com/oedipus-at-colonus-sophocles-greek-tragedy-in-new-translations.pdf
    • http://www.gorillawalker.com/how-a-one-legged-rebel-lives-reminiscences-of-the-civil.pdf
    • http://www.gorillawalker.com/learn-em-good-add-adhd-simple-and-effective-ways-to.pdf
    • http://www.gorillawalker.com/hong-kong-macau-through-the-panoramic-eye-iii-hardcover.pdf
    • http://www.gorillawalker.com/handbook-of-functional-nanomaterials-characterization-and-r
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.