Malicious PDF — malware analysis report

Static analysis result for SHA-256 fe79075732b9513b…

MALICIOUS

PDF

41.8 KB Created: 2018-11-30 20:28:18 +03:00 Authoring application: Adobe Acrobat 6.02 (via Adobe Acrobat 6.0)
MD5: f1ff87b6a511f432279401297b671812 SHA-1: d7f948267f2809e7bbffbf8bf45664e57144c341 SHA-256: fe79075732b9513bb26d3a3246210f7ac52471c4e4ef9ed88f77158c8f7a1cd2
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF file was flagged by a machine learning classifier as malicious. It contains a significant number of embedded URLs pointing to external PDF files, a technique often used for SEO spam or to host malicious content. While no scripts were extracted, the sheer volume of links suggests a malicious intent to redirect users to potentially harmful content or to manipulate search engine rankings.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9027

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/how-to-draw-airplanes-kid-s-guide-to-drawing.pdf
    • http://www.gorillawalker.com/consumed-nostalgia-memory-in-the-age-of-fast-capitalism.pdf
    • http://www.gorillawalker.com/bandit-love-boxed-notecards-romance-book-jackets-from-the-1920.pdf
    • http://www.gorillawalker.com/south-australia-state-np-rv-r-hema.pdf
    • http://www.gorillawalker.com/an-enduring-love-my-life-with-the-shah-a-memoir.pdf
    • http://www.gorillawalker.com/the-struggle-of-hungarian-lutherans-under-communism-eugenia-hugh-m.pdf
    • http://www.gorillawalker.com/sotto-il-velame-saggio-di-un-interpretazione-generale-del-poema.pdf
    • http://www.gorillawalker.com/the-stalker-chronicles-urban-books.pdf
    • http://www.gorillawalker.com/stockholm-city-flash-1997-98.pdf
    • http://www.gorillawalker.com/the-metrics-of-science-and-technology.pdf
    • http://www.gorillawalker.com/dominated-the-collection.pdf
    • http://www.gorillawalker.com/cross-cultural-trade-in-world-history-studies-in-comparative-world.pdf
    • http://www.gorillawalker.com/the-awe-manac-a-daily-dose-of-wonder.pdf
    • http://www.gorillawalker.com/daily-skin-care-chinese-edition.pdf
    • http://www.gorillawalker.com/beria-my-father-life-inside-stalin-s-kremlin.pdf
    • http://www.gorillawalker.com/high-protein-low-carb-diet-lose-weight-effortlessly-permanently.pdf
    • http://www.gorillawalker.com/tsangyang-gyatso-geographical-poetry.pdf
    • http://www.gorillawalker.com/das-blitz-kochbuch-kreative-blitzfotografie-in-der-praxis-german-edition.pdf
    • http://www.gorillawalker.com/the-architecture-of-community.pdf
    • http://www.gorillawalker.com/second-oldest-a-poetic-history-of-philadelphia.pdf
    • http://www.gorillawalker.com/stone-at-your-service-carolina-bad-boys-volume-1.pdf
    • http://www.gorillawalker.com/the-penguin-ultimate-trivia-quiz-game-book.pdf
    • http://www.gorillawalker.com/beyond-the-first-draft-editing-strategies-for-powerful-legal-writing.pdf
    • http://www.gorillawalker.com/the-imaginary-time-bomb-why-an-ageing-population-is-not.pdf
    • http://www.gorillawalker.com/facial-masks-the-ultimate-guide-over-30-homemade-natural-mask.pdf
    • http://www.gorillawalker.com/cornwall-sketchbook.pdf
    • http://www.gorillawalker.com/the-book-of-yields-5th-edition.pdf
    • http://www.gorillawalker.com/algebra-volume-i-fields-and-galois-theory-universitext.pdf
    • http://www.gorillawalker.com/oregon-a-feast-of-delights.pdf
    • http://www.gorillawalker.com/dr-atkins-diet-cook-book.pdf
    • http://www.gorillawalker.com/king-warrior-magician-lover-rediscovering-the-archetypes-of-the-mature.pdf
    • http://www.gorillawalker.com/the-primer-of-humor-research.pdf
    • http://www.gorillawalker.com/health-literacy-and-numeracy-workshop-summary.pdf
    • http://www.gorillawalker.com/supersized-strange-tales-from-a-fast-food-culture.pdf
    • http://www.gorillawalker.com/the-angel-collector.pdf
    • http://www.gorillawalker.com/heidegger-s-platonism-bloomsbury-studies-in-continental-philosophy.pdf
    • http://www.gorillawalker.com/handbook-of-fire-resistant-textiles-woodhead-publishing-series-in-textiles.pdf
    • http://www.gorillawalker.com/itil-planning-to-implement-service-management-it-infrastructure-library.pdf
    • http://www.gorillawalker.com/riding-the-problem-horse-threshold-picture-guides.pdf
    • http://www.gorillawalker.com/scholarship-assessed-evaluation-of-the-professoriate.pdf
    • http://www.gorillawalker.com/the-stalke
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.