Malicious PDF — malware analysis report

Static analysis result for SHA-256 f863370502822335…

MALICIOUS

PDF

46.4 KB Created: 2019-04-30 16:29:16 +03:00 Authoring application: QuarkXPressª 4.11: AdobePS 8.7.3 (301) (via Acrobat Distiller 5.0.5 for Macintosh)
MD5: bc0504b2e83da95f03161b137c860569 SHA-1: 8b10d48e4dd2a30270af4216d5bdc9b984b0e6a0 SHA-256: f863370502822335598c1f8c6304f9853bf1932d004ed7ecfe8af8315a219744
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1059.001 PowerShell

The PDF contains a large number of embedded external links, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML_NYX_PDF_MALICIOUS heuristic also flagged the document. The document body is heavily obfuscated and does not provide clear textual lures. The primary attack pattern appears to be a link farm designed to direct users to external resources, potentially for SEO manipulation or to serve malicious content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8026

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-immune-spirit-a-story-of-love-loss-and-healing.pdf
    • http://www.gorillawalker.com/discovering-the-unknown-landscape-a-history-of-america-s-wetlands.pdf
    • http://www.gorillawalker.com/hades-a-demonica-novella-1001-dark-nights-kindle-edition.pdf
    • http://www.gorillawalker.com/us-army-technical-manual-tm-55-6610-296-40-remote.pdf
    • http://www.gorillawalker.com/fueling-freedom.pdf
    • http://www.gorillawalker.com/victimology-the-essentials.pdf
    • http://www.gorillawalker.com/finding-harmony-katie-annalise-book-3-kindle-edition.pdf
    • http://www.gorillawalker.com/illustrations-of-the-liturgical-homilies-of-gregory-nazianzenus-study-in.pdf
    • http://www.gorillawalker.com/informatics-10-years-back-10-years-ahead-lecture-notes-in.pdf
    • http://www.gorillawalker.com/the-independence-principle-of-letters-of-credit-and-demand-guarantees.pdf
    • http://www.gorillawalker.com/home-sweet-jail-growing-up-with-a-dad-in-law.pdf
    • http://www.gorillawalker.com/novah-burns.pdf
    • http://www.gorillawalker.com/aktuelle-geburtshilfe-und-gyn-kologie-festschrift-f-r-professor-dr.pdf
    • http://www.gorillawalker.com/banish-back-pain-with-alexander-technique-flash.pdf
    • http://www.gorillawalker.com/mason-jar-salads-and-more-50-layered-lunches-to-grab.pdf
    • http://www.gorillawalker.com/flood-control-structures-research-program-annotated-bibliography-on-grade-control.pdf
    • http://www.gorillawalker.com/lord-of-scoundrels-debauches-series-the-d-bauch-s.pdf
    • http://www.gorillawalker.com/a-delicious-herbal-ginger-drink-you-can-easily-prepare-at.pdf
    • http://www.gorillawalker.com/gracious-spaces.pdf
    • http://www.gorillawalker.com/a-spectacle-of-dust-the-autobiography.pdf
    • http://www.gorillawalker.com/lonely-planet-costa-rica-travel-guide-by-lonely-planet-yanagihara.pdf
    • http://www.gorillawalker.com/california-serpentines-flora-vegetation-geology-soils-and-management-problems-uc.pdf
    • http://www.gorillawalker.com/the-mumps-programming-language.pdf
    • http://www.gorillawalker.com/fifty-million-acres-conflicts-over-kansas-land-policy-1854-1890.pdf
    • http://www.gorillawalker.com/military-swords-of-japan-1868-1945.pdf
    • http://www.gorillawalker.com/how-to-get-your-book-published-free-in-minutes-and.pdf
    • http://www.gorillawalker.com/general-higher-education-eleventh-five-year-national-planning-materials-planning.pdf
    • http://www.gorillawalker.com/nonlinear-magnetohydrodynamics-cambridge-monographs-on-plasma-physics.pdf
    • http://www.gorillawalker.com/goldilocks-and-the-three-dinosaurs-as-retold-by-mo-willems.pdf
    • http://www.gorillawalker.com/mastering-mediation-education.pdf
    • http://www.gorillawalker.com/pride-against-prejudice-haitians-in-the-united-states-part-of.pdf
    • http://www.gorillawalker.com/performing-under-pressure-the-science-of-doing-your-best-when.pdf
    • http://www.gorillawalker.com/busn-8-new-engaging-titles-from-4ltr-press.pdf
    • http://www.gorillawalker.com/peekaboo-elmo-sesame-street-big-bird-s-favorites-board-books.pdf
    • http://www.gorillawalker.com/bound-pumped-full-in-the-dark-rough-aggressive-dominant-men.pdf
    • http://www.gorillawalker.com/focus-on-features.pdf
    • http://www.gorillawalker.com/my-first-menage-reluctant-menage-and-alpha-male-erotica.pdf
    • http://www.gorillawalker.com/she-walks-in-shadows.pdf
    • http://www.gorillawalker.com/winston-churchill-quotes-facts.pdf
    • http://www.gorillawalker.com/die-christliche-taufe-was-bedeutet-sie-german-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/us-army-technical-manual
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.