Malicious PDF — malware analysis report

Static analysis result for SHA-256 eefec7b80149de03…

MALICIOUS

PDF

42.6 KB Created: 2018-11-14 08:37:32 +03:00 Authoring application: QuarkXPress(tm) 6.1
MD5: 5a2f8b899f4c4dbb3987b30d3457da34 SHA-1: d6385b7f7c1adc6b53698c38b07d83e4d737c47e SHA-256: eefec7b80149de03d72cda2b8cc30aae9f803fa91384cbdfce428fb77be01416
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF document contains a large number of embedded URLs pointing to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. This suggests a tactic to manipulate search engine results or to distribute a large volume of content, potentially malicious. The ML_NYX_PDF_MALICIOUS heuristic further supports the malicious nature of the file. No scripts were extracted, and the document body was not sufficiently readable to determine a specific lure.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/g-henle-verlag-sonata-for-piano-and-arpeggione-a-minor.pdf
    • http://www.gorillawalker.com/agreement-between-the-government-of-the-united-kingdom-of-great.pdf
    • http://www.gorillawalker.com/14-offprints-from-de-nederlandsche-spectator-on-dutch-newspapers-dutch.pdf
    • http://www.gorillawalker.com/natural-therapies-for-menopause.pdf
    • http://www.gorillawalker.com/the-chemistry-of-cyanide-solutions-resulting-from-the-treatment-of.pdf
    • http://www.gorillawalker.com/kaplan-gmat-verbal-workbook-5th-ed.pdf
    • http://www.gorillawalker.com/128-recetas-de-ensaladas-deliciosas-y-nutritivas-colecci.pdf
    • http://www.gorillawalker.com/prairie-shannon.pdf
    • http://www.gorillawalker.com/aldakiak-for-violin-cello-and-piano.pdf
    • http://www.gorillawalker.com/girl-on-girl-lustful-lesbians-an-erotic-lesbian-seduction-kindle.pdf
    • http://www.gorillawalker.com/sky-telescope-s-mirror-image-field-map-of-the-moon.pdf
    • http://www.gorillawalker.com/breaking-the-french-barrier-level-2-intermediate-breaking-the-barrier.pdf
    • http://www.gorillawalker.com/chess-exam-you-vs-bobby-fischer-matches-against-chess-legends.pdf
    • http://www.gorillawalker.com/latin-american-inflation.pdf
    • http://www.gorillawalker.com/sir-garfield-todd-and-the-making-of-zimbabwe-british-academic.pdf
    • http://www.gorillawalker.com/marketing-for-hospitality-and-tourism-6th-edition.pdf
    • http://www.gorillawalker.com/race-ethnicity-and-the-american-urban-mainstream.pdf
    • http://www.gorillawalker.com/dear-daughter-with-love.pdf
    • http://www.gorillawalker.com/rajasthan-a-road-atlas.pdf
    • http://www.gorillawalker.com/pelvic-pain-low-back-pain-a-handbook-for-self-care.pdf
    • http://www.gorillawalker.com/gifts-of-the-holy-spirit.pdf
    • http://www.gorillawalker.com/unisonal-scales-chords-rhythmic-studies-for-bands-alto-clarinet.pdf
    • http://www.gorillawalker.com/essential-chemistry-for-cambridge-secondary-1-stage-9-workbook.pdf
    • http://www.gorillawalker.com/physics-and-applications-of-cvd-diamond.pdf
    • http://www.gorillawalker.com/sister-sarah-s-no-no-vtrac4-kindle-edition.pdf
    • http://www.gorillawalker.com/hearing-aids-inside-out-how-to-pick-a-good-one.pdf
    • http://www.gorillawalker.com/niagara-falls-canada-new-york-1930-s-souvenir-postcard-folder.pdf
    • http://www.gorillawalker.com/pinko.pdf
    • http://www.gorillawalker.com/u-s-army-reconnaissance-and-surveillance-handbook.pdf
    • http://www.gorillawalker.com/the-complete-book-of-practical-handloading.pdf
    • http://www.gorillawalker.com/no-easy-answers-the-truth-behind-death-at-columbine.pdf
    • http://www.gorillawalker.com/invisible-helpers-timeless-wisdom-collection-book-447.pdf
    • http://www.gorillawalker.com/gestalt-counselling-in-a-nutshell.pdf
    • http://www.gorillawalker.com/busman-s-holiday-what-exactly-do-publishers-do-r-r.pdf
    • http://www.gorillawalker.com/the-ultimate-guide.pdf
    • http://www.gorillawalker.com/law-and-the-mental-health-system-civil-and-criminal-aspects.pdf
    • http://www.gorillawalker.com/the-walk-on-the-triple-threat-1-kindle-edition.pdf
    • http://www.gorillawalker.com/veterinary-obstetrics-and-zootechnics-horse.pdf
    • http://www.gorillawalker.com/magic-the-complete-course-ebook-kindle-edition.pdf
    • http://www.gorillawalker.com/shadow-witch-horror-of-the-dark-forest-kindle-edition.pdf
    • http://www.gorillawalker.com/the
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.