Malicious PDF — malware analysis report

Static analysis result for SHA-256 fe79590bce0f43b2…

MALICIOUS

PDF

33.9 KB Created: 2020-02-13 14:55:52 +03:00 Authoring application: Adobe InDesign CS6 (Windows) (via Adobe PDF Library 10.0.1)
MD5: 8f457462ccfb105d32320d46327513b4 SHA-1: 789234f1324467712a0cce3de751458912db56a4 SHA-256: fe79590bce0f43b24a69fee0ca0d526b93f9eed3fb9f1208dc2d9b5937bcd263
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF contains a large number of embedded external links, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged the document as malicious. While no scripts were extracted, the sheer volume of links suggests a malicious intent, possibly for SEO manipulation or to redirect users to malicious sites. The document body was heavily truncated and unreadable.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8529

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/doodling-in-french-how-to-draw-with-joie-de-vivre.pdf
    • http://www.gorillawalker.com/easy-indian-cookery.pdf
    • http://www.gorillawalker.com/metamorphic-rocks-rocks-and-minerals.pdf
    • http://www.gorillawalker.com/the-size-of-municipalities-efficiency-and-citizen-participation-local-regional.pdf
    • http://www.gorillawalker.com/on-perpetual-peace.pdf
    • http://www.gorillawalker.com/the-transition-to-agile-manufacturing-staying-flexible-for-competitive-advantage.pdf
    • http://www.gorillawalker.com/robert-louis-stevenson-s-collected-works-treasure-island-the-strange.pdf
    • http://www.gorillawalker.com/happy-new-year-corduroy.pdf
    • http://www.gorillawalker.com/duns-scotus-on-god-ashgate-studies-in-the-history-of.pdf
    • http://www.gorillawalker.com/ruby-lee-and-me.pdf
    • http://www.gorillawalker.com/peanut-butter-greats-delicious-peanut-butter-recipes-the-top-85.pdf
    • http://www.gorillawalker.com/power-tool-know-how-power-router-scroll-sabre-and-reciprocating.pdf
    • http://www.gorillawalker.com/northwestern-university-medical-school-1859-1959-a-pioneer-in-educational.pdf
    • http://www.gorillawalker.com/broadcast-century-and-beyond-a-biography-of-american-broadcasting-4th.pdf
    • http://www.gorillawalker.com/patents-for-inventions-abridgements-of-specifications-groups-xvii-xxiv-340001.pdf
    • http://www.gorillawalker.com/esthetic-rehabilitation-in-fixed-prosthodontics-esthetic-analysis-a-systematic-approach.pdf
    • http://www.gorillawalker.com/christmas-in-summer.pdf
    • http://www.gorillawalker.com/practical-surgery-on-colorectal-cancer-chinese-edition.pdf
    • http://www.gorillawalker.com/foundations-of-health-healing-with-herbs-foods-herbs-and-health.pdf
    • http://www.gorillawalker.com/historical-geology-5th-edition-with-geology-of-texas.pdf
    • http://www.gorillawalker.com/hansel-y-gretel-fairy-tale-favourites-pop-ups-hansel-and.pdf
    • http://www.gorillawalker.com/they-take-our-jobs-and-20-other-myths-about-immigration.pdf
    • http://www.gorillawalker.com/venice-city-break-short-guides.pdf
    • http://www.gorillawalker.com/technique-of-portrait-painting-complete.pdf
    • http://www.gorillawalker.com/the-modern-witchcraft-spell-book-your-complete-guide-to-crafting.pdf
    • http://www.gorillawalker.com/michelin-road-map-no-753-sweden.pdf
    • http://www.gorillawalker.com/absolute-instinct-jessica-coran-novels.pdf
    • http://www.gorillawalker.com/1001-ejercicios-y-juegos-de-calentamiento-spanish-edition.pdf
    • http://www.gorillawalker.com/a-practical-guide-to-fedora-and-red-hat-enterprise-linux.pdf
    • http://www.gorillawalker.com/string-quartet-3-op-44-1-d-major-study-score.pdf
    • http://www.gorillawalker.com/the-p-c-industry-and-the-l-a-riots-the.pdf
    • http://www.gorillawalker.com/mallorca-the-rough-guide-rough-guide-travel-guides-by-lee.pdf
    • http://www.gorillawalker.com/rising-darkness-chronicles-of-the-host-3.pdf
    • http://www.gorillawalker.com/driving-the-great-western-trail-in-arizona-an-off-road.pdf
    • http://www.gorillawalker.com/heaven-and-earth-a-worship-tapestry.pdf
    • http://www.gorillawalker.com/evaluation-a-special-issue-of-the-energy-services-journal.pdf
    • http://www.gorillawalker.com/healing-with-the-angels.pdf
    • http://www.gorillawalker.com/skookum-s-laugh-medicine-indian-humor-from-the-great-sooner.pdf
    • http://www.gorillawalker.com/the-principles-of-inductive-logic-ams-chelsea-publishing.pdf
    • http://www.gorillawalker.com/trees-and-shrubs-a-gardener-s-encyclopedia.pdf
    • http://www.gorillawal
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.