Malicious PDF — malware analysis report

Static analysis result for SHA-256 f65e99f050ec2207…

MALICIOUS

PDF

45.6 KB Created: 2019-03-17 02:36:54 +03:00 Authoring application: PDFpen
MD5: bbd3f3f5f27124bf9d890e0c2b8b9070 SHA-1: 187cbd58ed6751782033ebc6033488eb162e7149 SHA-256: f65e99f050ec2207b5c270b35f9c00b810d83e7b55fd4892182efabf12659e36
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged the document as malicious. While no scripts were extracted, the sheer volume of links suggests a malicious intent, possibly for SEO spam or to redirect users to malicious sites. The attack pattern is inferred from the link farm heuristic.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8634

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/taking-an-honest-and-spiritual-inventory.pdf
    • http://www.gorillawalker.com/how-to-make-delicious-ice-cream-kindle-edition.pdf
    • http://www.gorillawalker.com/underground-clinical-vignettes-step-2-surgery-underground-clinical-vignettes-series.pdf
    • http://www.gorillawalker.com/fifty-shades-of-faithful.pdf
    • http://www.gorillawalker.com/all-dolled-up-sewing-clothes-and-accessories-for-girls-and.pdf
    • http://www.gorillawalker.com/our-greatest-gift.pdf
    • http://www.gorillawalker.com/brazil-joint-venture-construction-start-up-on-cross-border-gas.pdf
    • http://www.gorillawalker.com/what-is-a-step.pdf
    • http://www.gorillawalker.com/the-pocket-encyclopedia-of-aggravation-101-things-that-annoy-bother.pdf
    • http://www.gorillawalker.com/political-theory-tradition-and-diversity.pdf
    • http://www.gorillawalker.com/destructive-emotions-a-dialogue-with-the-dalai-lama.pdf
    • http://www.gorillawalker.com/southern-africa-2016-a-journey-through-zimbabwe-botswana-namibia-and.pdf
    • http://www.gorillawalker.com/songs-of-our-hearts-meditations-of-our-souls-prayers-for.pdf
    • http://www.gorillawalker.com/shredded-inside-rbs-the-bank-that-broke-britain.pdf
    • http://www.gorillawalker.com/defeating-communist-insurgency-experiences-from-malaya-and-vietnam.pdf
    • http://www.gorillawalker.com/um-die-welt-mit-lena-und-tom-german-edition.pdf
    • http://www.gorillawalker.com/baby-bar-tutor-contracts-torts-criminal-law-a-compilation-of.pdf
    • http://www.gorillawalker.com/workbook-for-advanced-harmony-theory-practice.pdf
    • http://www.gorillawalker.com/seo-made-simple-third-edition-strategies-for-dominating-the-world.pdf
    • http://www.gorillawalker.com/pocket-prescriber-2011.pdf
    • http://www.gorillawalker.com/frontiersmen-in-blue-united-states-army-the-indian-1848-65.pdf
    • http://www.gorillawalker.com/draw-50-beasties.pdf
    • http://www.gorillawalker.com/webtutor-tm-advantage-on-blackboard-1-term-6-months-printed.pdf
    • http://www.gorillawalker.com/mast-cells-methods-and-protocols-methods-in-molecular-biology.pdf
    • http://www.gorillawalker.com/grammatica-essenziale-della-lingua-italiana-con-esercizi-esercizi-supplementari-e.pdf
    • http://www.gorillawalker.com/the-prairie-train.pdf
    • http://www.gorillawalker.com/world-religions-2003-a-voyage-of-discovery-student-text.pdf
    • http://www.gorillawalker.com/pro-bono-rule-change-reporting-period-began-august-1-law.pdf
    • http://www.gorillawalker.com/the-biochar-debate-charcoal-s-potential-to-reverse-climate-change.pdf
    • http://www.gorillawalker.com/the-study-of-social-problems-seven-perspectives.pdf
    • http://www.gorillawalker.com/car-show-log-single-car-purple-cover-s-m-car.pdf
    • http://www.gorillawalker.com/many-body-physics-with-ultracold-gases-lecture-notes-of-the.pdf
    • http://www.gorillawalker.com/the-official-handbook-of-the-marvel-universe-radioactive-man-to.pdf
    • http://www.gorillawalker.com/the-decline-of-fertility-in-europe-office-of-population-research.pdf
    • http://www.gorillawalker.com/the-economics-of-beer.pdf
    • http://www.gorillawalker.com/mickey-mouse-clubhouse-top-o-the-clubhouse-includes-stickers.pdf
    • http://www.gorillawalker.com/haven-and-the-circle-of-darkness.pdf
    • http://www.gorillawalker.com/understanding-small-period-houses.pdf
    • http://www.gorillawalker.com/three-nights-of-sin.pdf
    • http://www.gorillawalker.com/the-oxford-spanish-dictionary-on-cd-rom-windows-version-cd.pdf
    • http://www.goril
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.