Malicious PDF — malware analysis report

Static analysis result for SHA-256 fc574613641c4460…

MALICIOUS

PDF

42.7 KB Created: 2018-11-15 19:36:28 +03:00 Authoring application: Adobe Acrobat 8.0 Combine Files (via Adobe Acrobat 8.0)
MD5: 7d225329a65d2004d2243c0ff67237e8 SHA-1: daba787bd5202184335584c834d57893c182d4e9 SHA-256: fc574613641c446008e3e3136fd50e69496f136483bb41e5ae35abc1f2744c17
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF file was flagged by a machine learning classifier as malicious and contains a large number of embedded external links. This suggests a link farm or SEO poisoning attack, potentially leading users to malicious websites or documents. The embedded URLs are the primary indicators of compromise.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-pms-puzzle-letting-god-put-the-pieces-in-their.pdf
    • http://www.gorillawalker.com/sustainable-development-principles-in-the-decisions-of-international-courts-and.pdf
    • http://www.gorillawalker.com/saint-lucia-b-b-road-maps.pdf
    • http://www.gorillawalker.com/galatians-a-mentor-expository-commentary.pdf
    • http://www.gorillawalker.com/basic-dental-materials-3-e.pdf
    • http://www.gorillawalker.com/econometric-methods-3rd-edition.pdf
    • http://www.gorillawalker.com/how-to-start-and-operate-an-elderly-adult-day-care.pdf
    • http://www.gorillawalker.com/the-hound-of-heaven.pdf
    • http://www.gorillawalker.com/forgiveness-is-healing.pdf
    • http://www.gorillawalker.com/kirk-s-current-veterinary-therapy-xv-pageburst-e-book-on.pdf
    • http://www.gorillawalker.com/iso-11064-2-2000-ergonomic-design-of-control-centres-part.pdf
    • http://www.gorillawalker.com/paquito-y-abuelito-paquito-and-grandpa.pdf
    • http://www.gorillawalker.com/questions-and-swords-folktales-of-the-zapatista-revolution.pdf
    • http://www.gorillawalker.com/stepdog-a-novel.pdf
    • http://www.gorillawalker.com/the-musician-s-guide-to-theory-and-analysis-the-musician.pdf
    • http://www.gorillawalker.com/ultimate-x-men-vol-6-v-6.pdf
    • http://www.gorillawalker.com/who-are-you-to-judge.pdf
    • http://www.gorillawalker.com/autocad-2010-a-problem-solving-approach.pdf
    • http://www.gorillawalker.com/protestantism-and-jungian-psychology-religion-and-jungian-psychology.pdf
    • http://www.gorillawalker.com/a-manual-of-aquatic-plants.pdf
    • http://www.gorillawalker.com/understanding-children-s-personal-lives-and-relationships-palgrave-macmillan-studies.pdf
    • http://www.gorillawalker.com/recueil-des-cours-collected-courses-tome-volume-366-collected-courses.pdf
    • http://www.gorillawalker.com/the-sound-advice-encyclopedia-of-voice-over-the-business-of.pdf
    • http://www.gorillawalker.com/calgary-s-electric-transit-an-illustrated-history-of-electrified-public.pdf
    • http://www.gorillawalker.com/thor-s-hammer.pdf
    • http://www.gorillawalker.com/asymptotic-theory-of-anisotropic-plates-and-shells.pdf
    • http://www.gorillawalker.com/the-fabulous-moolah-first-goddess-of-the-squared-circle.pdf
    • http://www.gorillawalker.com/aging-america-and-transportation-personal-choices-and-public-policy-kindle.pdf
    • http://www.gorillawalker.com/50-quick-easy-pizzas.pdf
    • http://www.gorillawalker.com/native-americans-and-the-law-a-dictionary-contemporary-legal-issues.pdf
    • http://www.gorillawalker.com/jamaica-plain-collected-bibliographies.pdf
    • http://www.gorillawalker.com/iso-8066-2-2001-rubber-and-plastics-hoses-and-hose.pdf
    • http://www.gorillawalker.com/eft-for-sports-performance.pdf
    • http://www.gorillawalker.com/exercise-programming-for-older-adults-activities-adaptation-aging.pdf
    • http://www.gorillawalker.com/a-good-hater-volume-1-norwegian-edition.pdf
    • http://www.gorillawalker.com/challenging-learning-theory-effective-practice-and-lesson-ideas-to-create.pdf
    • http://www.gorillawalker.com/how-music-got-free-what-happens-when-an-entire-generation.pdf
    • http://www.gorillawalker.com/living-better-with-hearing-loss-a-guide-to-health-happiness.pdf
    • http://www.gorillawalker.com/the-life-of-the-hunt.pdf
    • http://www.gorillawalker.com/1998-supplement-to-cases-materials-on-conflict-of-laws.pdf
    • http://www.gorillawalker.com/iso-11064-2-2000-erg
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.