Malicious PDF — malware analysis report

Static analysis result for SHA-256 febddd1268044879…

MALICIOUS

PDF

43.9 KB Created: 2018-12-07 18:29:20 +03:00 Authoring application: AH Formatter V5.3 MR1 for Windows (via Acrobat Distiller 8.1.0 (Windows))
MD5: 50f97c5be8c4925cd24b8ac8cad13f43 SHA-1: a9f6dfcc0dc167d1a8699f04e110cf8f70cab390 SHA-256: febddd1268044879ccb405ee55a17dbf8f0ec3194963d61d3331f066a212fa02
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged this PDF as malicious. The document body appears to be heavily obfuscated or corrupted, preventing a clear understanding of its direct user-facing content. However, the sheer volume of outbound links suggests a link farm or SEO manipulation tactic, potentially serving as a distribution point for further malicious content or phishing attempts.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8224

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/happiness-is-unexpected-answers-to-practical-questions-in-curious-times.pdf
    • http://www.gorillawalker.com/our-glorious-past-lukashenka-s-belarus-and-the-great-patriotic.pdf
    • http://www.gorillawalker.com/transsexualism-and-sex-reassignment.pdf
    • http://www.gorillawalker.com/kjos-band-technique-step-by-step-clarinet.pdf
    • http://www.gorillawalker.com/guava-and-cheese.pdf
    • http://www.gorillawalker.com/the-squire-his-knight-and-his-lady-the-squire-s.pdf
    • http://www.gorillawalker.com/field-manual-fm-4-94-theater-sustainment-command-february-2010.pdf
    • http://www.gorillawalker.com/advances-in-optical-information-processing-viii.pdf
    • http://www.gorillawalker.com/houghton-mifflin-science-alabama-student-edition-grade-5-2007.pdf
    • http://www.gorillawalker.com/child-sexual-abuse-and-the-catholic-church-gender-power-and.pdf
    • http://www.gorillawalker.com/inside-network-marketing-an-expert-s-view-into-the-hidden.pdf
    • http://www.gorillawalker.com/bios-instant-notes-in-genetics.pdf
    • http://www.gorillawalker.com/staged-architecture-the-work-of-mark-fisher-architectural-monographs-no.pdf
    • http://www.gorillawalker.com/dutch-oven-fibel-die-ersten-20-stunden-mit-dem-dutchs.pdf
    • http://www.gorillawalker.com/memoirs-of-the-campaign-of-the-north-western-army-of.pdf
    • http://www.gorillawalker.com/engraved-gems-from-gadara-in-jordan-the-sa-d-collection.pdf
    • http://www.gorillawalker.com/financial-accounting-6e-a-focus-on-interpretation-and-analysis.pdf
    • http://www.gorillawalker.com/cool-chemistry-concoctions-50-formulas-that-fizz-foam-splatter-ooze.pdf
    • http://www.gorillawalker.com/6-songs-op-90-norden-no-1-for-orchestra-tuba.pdf
    • http://www.gorillawalker.com/fatal-error-repairman-jack-novels.pdf
    • http://www.gorillawalker.com/on-multimodality-new-media-in-composition-studies-cccc-studies-in.pdf
    • http://www.gorillawalker.com/the-lord-rhys.pdf
    • http://www.gorillawalker.com/dubai-tourist-and-business-guide-arab-world-map-library.pdf
    • http://www.gorillawalker.com/en-el-pa-s-de-la-nube-blanca-b-de.pdf
    • http://www.gorillawalker.com/bassoon-reed-making-a-pedagogic-history.pdf
    • http://www.gorillawalker.com/introduction-to-hyperbolic-geometry-universitext.pdf
    • http://www.gorillawalker.com/the-top-100-zone-foods-the-zone-food-science-ranking.pdf
    • http://www.gorillawalker.com/microbiology-for-the-healthcare-professional.pdf
    • http://www.gorillawalker.com/keith-laumer-the-lighter-side.pdf
    • http://www.gorillawalker.com/maximum-city.pdf
    • http://www.gorillawalker.com/the-discipleship-and-mentoring-workbook-a-workbook-for-younger-emerging.pdf
    • http://www.gorillawalker.com/from-gsm-to-lte-an-introduction-to-mobile-networks-and.pdf
    • http://www.gorillawalker.com/the-red-yeast-rice-cholesterol-solution.pdf
    • http://www.gorillawalker.com/juan-negr-n-spanish-republican-war-leader-canada-blanch-sussex.pdf
    • http://www.gorillawalker.com/2011-12-boston-restaurants-zagat-restaurant-guides.pdf
    • http://www.gorillawalker.com/affirmative-sexual-consent-in-canadian-law-jurisprudence-and-legal-theory.pdf
    • http://www.gorillawalker.com/bound-beautiful-woman-billionaire-bondage-bbw.pdf
    • http://www.gorillawalker.com/the-remaining-extinction.pdf
    • http://www.gorillawalker.com/2013-greatest-pop-movie-hits-the-biggest-hits-the-greatest.pdf
    • http://www.gorillawalker.com/witch-song.pdf
    • http://www.gorilla
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.