Malicious PDF — malware analysis report

Static analysis result for SHA-256 fb642a49078dfe87…

MALICIOUS

PDF

36.2 KB Created: 2019-12-29 00:47:24 +03:00 Authoring application: PScript5.dll Version 5.2 (via Acrobat Distiller 6.0 (Windows))
MD5: 71cdca8711ec31a2f6046ce09f4a59e2 SHA-1: 1c050be37dd91f84873ead67719c04d9f10ffce0 SHA-256: fb642a49078dfe879603657b9f67e447368b92cfea487e98e0ae9b9e4158a789
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged this document as malicious. The primary purpose appears to be directing users to a website hosting numerous documents, likely for SEO spam or to serve as a distribution point for further malicious content. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8218

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-theory-of-the-imaginary-in-geometry-together-with-the.pdf
    • http://www.gorillawalker.com/muslims-in-amdo-tibetan-society-multidisciplinary-approaches-studies-in-modern.pdf
    • http://www.gorillawalker.com/100-boots.pdf
    • http://www.gorillawalker.com/field-of-glory-renaissance-wargaming-for-renaissance-tabletop-gaming.pdf
    • http://www.gorillawalker.com/because-they-chose-the-plan-of-god-the-story-of.pdf
    • http://www.gorillawalker.com/learn-overuse-shoulder-injury-diagnostic-secrets-restore-muscle-balance-with.pdf
    • http://www.gorillawalker.com/the-available-wife-part-2-the-available-wife-series.pdf
    • http://www.gorillawalker.com/das-antidiskriminierungsrecht-und-seine-folgen-f-r-die-kirchliche-dienstgemeinschaft.pdf
    • http://www.gorillawalker.com/the-fearful-dental-patient-a-guide-to-understanding-and-managing.pdf
    • http://www.gorillawalker.com/the-activist-s-handbook-a-primer-updated-edition-with-a.pdf
    • http://www.gorillawalker.com/i-love-you-so-much.pdf
    • http://www.gorillawalker.com/plato-s-socrates-as-educator-s-u-n-y-series.pdf
    • http://www.gorillawalker.com/the-assumption-of-mary-mary-library-series.pdf
    • http://www.gorillawalker.com/dark-movies-the-essential-film-noir.pdf
    • http://www.gorillawalker.com/longman-dictionary-of-american-english-paperback-with-pin-5th-edition.pdf
    • http://www.gorillawalker.com/chemoinformatics-and-advanced-machine-learning-perspectives-complex-computational-methods-and.pdf
    • http://www.gorillawalker.com/the-dragon-ring-epic-fantasy-coming-of-age-amid-dragons.pdf
    • http://www.gorillawalker.com/provence-travel-guide-sightseeing-hotel-restaurant-shopping-highlights.pdf
    • http://www.gorillawalker.com/microbiolog-a-lippincott-illustrated-reviews-series-spanish-edition.pdf
    • http://www.gorillawalker.com/catherine-s-letters.pdf
    • http://www.gorillawalker.com/iec-60130-4-ed-1-0-b-1966-connectors-for.pdf
    • http://www.gorillawalker.com/norwich-city-fc-the-seventies.pdf
    • http://www.gorillawalker.com/the-bridegroom-a-stone-creek-novel.pdf
    • http://www.gorillawalker.com/debrecen-terkep-plan-map-karte-hungarian-edition.pdf
    • http://www.gorillawalker.com/filter-design-edn-series-for-design-engineers.pdf
    • http://www.gorillawalker.com/pick-3-lottery-volume-1-the-3-level-coaching-program.pdf
    • http://www.gorillawalker.com/aa-mini-guide-yorkshire-dales-aa-mini-guides.pdf
    • http://www.gorillawalker.com/handbook-of-hypnosis-for-professionals.pdf
    • http://www.gorillawalker.com/the-ged-essay-writing-skills-to-pass-the-test-2002.pdf
    • http://www.gorillawalker.com/build-it-big-101-insider-secrets-from-top-direct-selling.pdf
    • http://www.gorillawalker.com/mate-book-three.pdf
    • http://www.gorillawalker.com/building-a-home-movie-studio-and-getting-your-films-online.pdf
    • http://www.gorillawalker.com/orestes-brownson-sign-of-contradiction.pdf
    • http://www.gorillawalker.com/the-devil-reads-derrida-and-other-essays-on-the-university.pdf
    • http://www.gorillawalker.com/the-revenge-of-annie-charlie.pdf
    • http://www.gorillawalker.com/openness-unhindered-further-thoughts-of-an-unlikely-convert-on-sexual.pdf
    • http://www.gorillawalker.com/wings-of-the-black-cross-number-six.pdf
    • http://www.gorillawalker.com/chart-sense-common-sense-charts-to-teach-3-8-informational.pdf
    • http://www.gorillawalker.com/cellular-and-molecular-biology-of-gonadal-development-and-maturation-in.pdf
    • http://www.gorillawalker.com/random-fourier-series-with-applications-to-harmonic-analysis-am-101.pdf
    • http://www.gorillawalker.com/le
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.