Malicious PDF — malware analysis report

Static analysis result for SHA-256 eebc8aef0ddeb5fb…

MALICIOUS

PDF

43.7 KB Created: 2018-12-15 20:48:02 +03:00 Authoring application: QuarkXPress: pictwpstops filter 1.0 (via Acrobat Distiller 6.0 for Macintosh)
MD5: 71288d849e3ecd9234fbb95bdfecf311 SHA-1: 1f19e7bf718243e8d6123cd799125dab28bb06e9 SHA-256: eebc8aef0ddeb5fbf136ef5b8193dc4e6617e7845096d175d3675732ff7d58fa
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF was flagged for containing a large number of external links, a technique often used for SEO manipulation or to host malicious content. The ML classifier also indicated a high probability of maliciousness. While no scripts were extracted, the sheer volume of links suggests a coordinated effort to distribute or promote content, potentially malicious, through a link farm.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9171

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-pennsylvania-colony-the-american-colonies.pdf
    • http://www.gorillawalker.com/tripe-marketing-board-board-annual-report-accounts-2014-kindle-edition.pdf
    • http://www.gorillawalker.com/genera-orchidacearum-volume-5-epidendroideae-part-ii.pdf
    • http://www.gorillawalker.com/thomson-exam-essentials-cae-practice-tests-cae-with-answer-key.pdf
    • http://www.gorillawalker.com/current-therapy-in-equine-medicine-5e-current-veterinary-therapy.pdf
    • http://www.gorillawalker.com/rockabet-classic-edition.pdf
    • http://www.gorillawalker.com/imperfection-kindle-edition.pdf
    • http://www.gorillawalker.com/antonio-saura-pinturas-1956-1985-spanish-edition.pdf
    • http://www.gorillawalker.com/who-was-louis-armstrong.pdf
    • http://www.gorillawalker.com/british-culture-of-the-post-war.pdf
    • http://www.gorillawalker.com/freud-and-the-far-east-psychoanalytic-perspectives-on-the-people.pdf
    • http://www.gorillawalker.com/theory-of-wing-sections-including-a-summary-of-airfoil-data.pdf
    • http://www.gorillawalker.com/extractive-imperialism-in-the-americas-capitalism-s-new-frontier-studies.pdf
    • http://www.gorillawalker.com/understanding-and-using-reading-assessment-k-12.pdf
    • http://www.gorillawalker.com/queen-mary-2-the-birth-of-a-legend.pdf
    • http://www.gorillawalker.com/wireless-love-love-in-the-line-of-duty.pdf
    • http://www.gorillawalker.com/exploring-the-world-of-eagles.pdf
    • http://www.gorillawalker.com/dharma-color-and-culture-new-voices-in-western-buddhism.pdf
    • http://www.gorillawalker.com/adventurer-s-vault-2-a-4th-edition-d-d-supplement.pdf
    • http://www.gorillawalker.com/appleton-lange-review-for-the-surgical-technology-examination.pdf
    • http://www.gorillawalker.com/top-10-sluggers-top-10-champions.pdf
    • http://www.gorillawalker.com/shipping-law-handbook-fourth-edition-lloyd-s-shipping-law-library.pdf
    • http://www.gorillawalker.com/revenue-management-a-practical-pricing-perspective.pdf
    • http://www.gorillawalker.com/reliability-and-validity-in-neuropsychological-assessment-critical-issues-in-neuropsychology.pdf
    • http://www.gorillawalker.com/yosemite-50-tips-for-tourists-backpackers.pdf
    • http://www.gorillawalker.com/police-analysis-and-planning-for-chemical-biological-and-radiological-attackss.pdf
    • http://www.gorillawalker.com/out-of-my-mind.pdf
    • http://www.gorillawalker.com/flax-culture-and-preparation.pdf
    • http://www.gorillawalker.com/california-soul-music-of-african-americans-in-the-west-music.pdf
    • http://www.gorillawalker.com/load-bearing-brickwork-design-ellis-horwood-series-in-civil-engineering.pdf
    • http://www.gorillawalker.com/the-24-hour-customer-new-rules-for-winning-in-a.pdf
    • http://www.gorillawalker.com/di-passaggio-in-indonesia-italian-edition.pdf
    • http://www.gorillawalker.com/small-business-management.pdf
    • http://www.gorillawalker.com/the-social-organization-of-death-medical-discourse-and-social-practices.pdf
    • http://www.gorillawalker.com/energy-and-buildings-efficiency-air-quality-and-conservation.pdf
    • http://www.gorillawalker.com/justin-bieber-believe-easy-piano.pdf
    • http://www.gorillawalker.com/down-river.pdf
    • http://www.gorillawalker.com/forgotten-realms-archives-silver-edition-manual-advanced-dungeons-dragons.pdf
    • http://www.gorillawalker.com/visual-design-fundamentals-a-digital-approach-2nd-second-edition.pdf
    • http://www.gorillawalker.com/coursemate-online-study-tool-access-to-accompany-whitney-debruyne-pinna.pdf
    • http://www.gorillawalker.com/antonio-saura-pin
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.