Malicious PDF — malware analysis report

Static analysis result for SHA-256 f79df3dbb856fd8a…

MALICIOUS

PDF

42.9 KB Created: 2018-11-15 19:35:56 +03:00 Authoring application: FrameMaker 7.0 (via Acrobat Distiller 5.0.5 (Windows))
MD5: 678984391f19cb3d3b67b230c9d15abf SHA-1: 7aeec5aa835781d63098c52cc261635683b3d05a SHA-256: f79df3dbb856fd8a5eb3b87b25a74b373cf0ac7b84bc50160c6a58c72d4436b3
90 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell

The PDF file contains a large number of embedded links to external PDF documents, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged this PDF as malicious. The document body is heavily obfuscated but contains references to these external URLs, suggesting a coordinated effort to direct users to a specific domain for potentially malicious purposes, such as SEO spam or malware distribution.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8872

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/flaubert-in-egypt-a-sensibility-on-tour.pdf
    • http://www.gorillawalker.com/essays-in-honour-of-wole-soyinka-at-80.pdf
    • http://www.gorillawalker.com/publishing-erotica-breaking-your-sales-cap-smutwriting-guide-book-2.pdf
    • http://www.gorillawalker.com/reinforced-concrete-structures-analysis-and-design.pdf
    • http://www.gorillawalker.com/reframing-climate-change-constructing-ecological-geopolitics.pdf
    • http://www.gorillawalker.com/a-midsummer-s-night-dream-the-emc-masterpiece-series-access.pdf
    • http://www.gorillawalker.com/wildcat-cartridges.pdf
    • http://www.gorillawalker.com/finding-mikayla.pdf
    • http://www.gorillawalker.com/one-must-not-go-altogether-with-the-tide-the-letters.pdf
    • http://www.gorillawalker.com/by-joseph-a-regezi-oral-pathology-clinical-pathologic-correlations-5th.pdf
    • http://www.gorillawalker.com/health-and-health-care-delivery-in-canada-2e.pdf
    • http://www.gorillawalker.com/math-games-to-master-basic-skills-fractions-decimals-familiar-and.pdf
    • http://www.gorillawalker.com/usmle-images-for-the-boards-a-comprehensive-image-based-review.pdf
    • http://www.gorillawalker.com/jose-mourinho-attacking-sessions-114-practices-from-goal-analysis-of.pdf
    • http://www.gorillawalker.com/common-mental-disorders-a-bio-social-model.pdf
    • http://www.gorillawalker.com/hollywood-renaissance-altman-cassavetes-coppola-mazursky-scorsese-and-others.pdf
    • http://www.gorillawalker.com/restauraciones-de-porcelana-adherida-en-los-dientes-anteriores-un-enfoque.pdf
    • http://www.gorillawalker.com/the-joy-of-music-ministry.pdf
    • http://www.gorillawalker.com/crash-course-in-storytelling.pdf
    • http://www.gorillawalker.com/invisible-lives.pdf
    • http://www.gorillawalker.com/interview-questions-and-answers-the-best-answers-to-the-toughest.pdf
    • http://www.gorillawalker.com/the-first-modern-museums-of-art-the-birth-of-an.pdf
    • http://www.gorillawalker.com/delusions-confusions-and-the-poggenpuhl-family-theodor-fontane-german-library.pdf
    • http://www.gorillawalker.com/ghana-1-500-000-travel-map-international-travel-maps.pdf
    • http://www.gorillawalker.com/marulla-ediciones-t.pdf
    • http://www.gorillawalker.com/stroke-from-under-the-mattress-to-out-in-the-open.pdf
    • http://www.gorillawalker.com/systema-naturae-250-the-linnaean-ark.pdf
    • http://www.gorillawalker.com/qcd-and-collider-physics-cambridge-monographs-on-particle-physics-nuclear.pdf
    • http://www.gorillawalker.com/china-a-step-by-step-cookbook-cooking-classics.pdf
    • http://www.gorillawalker.com/hiding.pdf
    • http://www.gorillawalker.com/praying-for-strangers-an-adventure-of-the-human-spirit.pdf
    • http://www.gorillawalker.com/careers-in-writing-mcgraw-hill-professional-careers.pdf
    • http://www.gorillawalker.com/authoritarianism-in-the-middle-east-before-and-after-the-arab.pdf
    • http://www.gorillawalker.com/bournemouth-wall-calendar-2016-art-calendar.pdf
    • http://www.gorillawalker.com/the-overloaded-ark.pdf
    • http://www.gorillawalker.com/calculus-with-applications-undergraduate-texts-in-mathematics.pdf
    • http://www.gorillawalker.com/mindfulness-meditation-for-people-who-stammer-stutter-meditation-series-for.pdf
    • http://www.gorillawalker.com/race-and-class-in-the-southwest-a-theory-of-racial.pdf
    • http://www.gorillawalker.com/giacomo-puccini-la-boh-me-cambridge-opera-handbooks.pdf
    • http://www.gorillawalker.com/enchanting-a-disenchanted-world-revolutionizing-the-means-of-consumption.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.