Malicious PDF — malware analysis report

Static analysis result for SHA-256 f8a2f1364a87cd35…

MALICIOUS

PDF

34.2 KB Created: 2019-05-24 00:41:36 +03:00 Authoring application: dvips(k) 5.99 Copyright 2010 Radical Eye Software (via Acrobat Distiller 9.4.5 (Windows))
MD5: 4d991397eecb59180ea71ccc778acf77 SHA-1: bdb9da301e39c941c6ec86d326ed03fb9340754c SHA-256: f8a2f1364a87cd3513808f09f70fd5a127cb9f66ffbadbb6c8137c62378dc982
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1059.001 PowerShell

The PDF was flagged by a machine learning classifier and contains a large number of external links, indicating a potential link farm or distribution mechanism. The primary heuristic indicates a "PDF_SEO_LINK_FARM" with 32 external PDF links, suggesting the document's purpose is to redirect users to other potentially malicious or SEO-manipulated content. No scripts were extracted, and the document body was heavily obfuscated, limiting further analysis of the immediate intent beyond link distribution.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8529

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/managing-purchasing-making-the-supply-team-work.pdf
    • http://www.gorillawalker.com/systematic-theology-the-word-of-life.pdf
    • http://www.gorillawalker.com/cancer-free-123-123-things-that-prevent-or-destroy-cancer.pdf
    • http://www.gorillawalker.com/massachusetts-off-the-beaten-path-off-the-beaten-path-series.pdf
    • http://www.gorillawalker.com/the-100-mbe-method-a-b-c-or-d-which.pdf
    • http://www.gorillawalker.com/valse-sentimentale-op-51-no-6-piano-solo.pdf
    • http://www.gorillawalker.com/the-best-of-french-cooking.pdf
    • http://www.gorillawalker.com/world-atlas-activity-and-coloring-book-dover-coloring-books-for.pdf
    • http://www.gorillawalker.com/holidays-around-the-world-celebrate-kwanzaa-with-candles-community-and.pdf
    • http://www.gorillawalker.com/blake-s-7-a-critical-guide-to-series-1-4.pdf
    • http://www.gorillawalker.com/the-boys-next-door-a-screenplay.pdf
    • http://www.gorillawalker.com/drugs-society-and-human-behavior-10th-edition-tenth-ed-10e.pdf
    • http://www.gorillawalker.com/racketeering-in-medicine-the-suppression-of-alternatives.pdf
    • http://www.gorillawalker.com/the-use-of-the-creative-therapies-with-survivors-of-domestic.pdf
    • http://www.gorillawalker.com/japan-the-paradox-of-harmony.pdf
    • http://www.gorillawalker.com/programming-raspberry-pi-measurement-systems-in-c.pdf
    • http://www.gorillawalker.com/the-cowboy-the-preacher-and-the-lady-the-black-west.pdf
    • http://www.gorillawalker.com/the-old-and-new-magic.pdf
    • http://www.gorillawalker.com/angels-demons-kindle-edition.pdf
    • http://www.gorillawalker.com/dog-tacos.pdf
    • http://www.gorillawalker.com/woody-allen-interviews-revised-and-updated-conversations-with-filmmakers-series.pdf
    • http://www.gorillawalker.com/2000-international-building-code.pdf
    • http://www.gorillawalker.com/bcis-comprehensive-building-price-book-2013.pdf
    • http://www.gorillawalker.com/clyde-butcher-portfolio-i-florida-landscapes.pdf
    • http://www.gorillawalker.com/the-paypal-wars-battles-with-ebay-the-media-the-mafia.pdf
    • http://www.gorillawalker.com/the-oxford-english-arabic-dictionary-of-current-usage-english-and.pdf
    • http://www.gorillawalker.com/combinatorial-topology-dover-books-on-mathematics.pdf
    • http://www.gorillawalker.com/the-monkey-s-paw-world-literature-series.pdf
    • http://www.gorillawalker.com/a-practical-approach-to-pulmonary-medicine.pdf
    • http://www.gorillawalker.com/the-agon-of-modernism-wyndham-lewis-s-allegories-aesthetics-and.pdf
    • http://www.gorillawalker.com/well-test-analysis-prentice-hall-petroleum-engineering.pdf
    • http://www.gorillawalker.com/the-new-reich-violent-extremism-in-unified-germany-and-beyond.pdf
    • http://www.gorillawalker.com/holt-mcdougal-larson-algebra-2-common-core-worked-out-solutions.pdf
    • http://www.gorillawalker.com/organize-for-complexity-how-to-get-life-back-into-work.pdf
    • http://www.gorillawalker.com/developing-a-successful-women-s-track-field-program-hardcover.pdf
    • http://www.gorillawalker.com/the-mail-carrier-cats-of-li-ge-les-chats-facteurs.pdf
    • http://www.gorillawalker.com/the-novel-and-the-cinema.pdf
    • http://www.gorillawalker.com/le-corbusier-the-measures-of-man.pdf
    • http://www.gorillawalker.com/graphic-revolve-common-core-editions-pack-a.pdf
    • http://www.gorillawalker.com/egyptian-hieroglyphs-reading-the-past.pdf
    • http://www.goril
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.