Malicious PDF — malware analysis report

Static analysis result for SHA-256 1ae2a4739095a586…

MALICIOUS

PDF

33.0 KB Created: 2019-12-13 19:47:43 +03:00 Authoring application: FrameMaker 7.0 (via Acrobat Distiller 7.0 (Windows))
MD5: 44d37efb8a93ea09ca59807986dcd466 SHA-1: 52fcd75165c95257b0f1b4d3d990f6ae3cbdca00 SHA-256: 1ae2a4739095a586c0d7f72f36f7aecad2781bf5d7ebeb2e4c412afbbc3addbf
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF sample contains a large number of embedded links pointing to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged the document as malicious. The primary attack pattern appears to be a link farm designed to manipulate search engine results or to distribute a large volume of content, potentially malicious, from the gorillawalker.com domain. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8313

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/hal-leonard-christmas-carols-for-band-or-brass-choir-second.pdf
    • http://www.gorillawalker.com/the-artful-universe-an-introduction-to-the-vedic-religious-imagination.pdf
    • http://www.gorillawalker.com/willie-pep-the-will-o-the-wisp.pdf
    • http://www.gorillawalker.com/annual-journal.pdf
    • http://www.gorillawalker.com/joan-of-arc-a-history.pdf
    • http://www.gorillawalker.com/the-oxford-handbook-of-thinking-and-reasoning-oxford-library-of.pdf
    • http://www.gorillawalker.com/key-concepts-in-sport-and-exercise-sciences-sage-key-concepts.pdf
    • http://www.gorillawalker.com/practical-guide-to-north-indian-classical-vocal-music-the-ten.pdf
    • http://www.gorillawalker.com/mastering-the-art-of-french-cooking-volume-one.pdf
    • http://www.gorillawalker.com/counterevolution.pdf
    • http://www.gorillawalker.com/neurodegenerative-diseases-rhone-poulenc-rorer-round-table-conferences.pdf
    • http://www.gorillawalker.com/leonor-la-ltima-emperatriz-spanish-edition.pdf
    • http://www.gorillawalker.com/turtle-trouble-the-scatterbrained-magician-series-book-2.pdf
    • http://www.gorillawalker.com/gwathmey-siegel-buildings-and-projects-2002-2012.pdf
    • http://www.gorillawalker.com/simply-delicious-245-no-fuss-recipes-all-8-points-or.pdf
    • http://www.gorillawalker.com/the-matador-s-cape-america-s-reckless-response-to-terror.pdf
    • http://www.gorillawalker.com/stock-market-strategies-that-work.pdf
    • http://www.gorillawalker.com/american-home-from-colonial-simplicity-to-the-modern-adventure.pdf
    • http://www.gorillawalker.com/steve-jobs-and-philosophy-popular-culture-and-philosophy.pdf
    • http://www.gorillawalker.com/fambidzano-ecumenical-movement-of-zimbabwean-independent-churches.pdf
    • http://www.gorillawalker.com/selected-papers-on-photon-statistics-and-coherence-in-nonlinear-optics.pdf
    • http://www.gorillawalker.com/whitewater-rafting-an-outdoor-adventure-activity-for-individuals-with-mental.pdf
    • http://www.gorillawalker.com/session-seven-changes-the-succubus-sub-book-7.pdf
    • http://www.gorillawalker.com/bruce-of-los-angeles-american-photography-of-the-male-nude.pdf
    • http://www.gorillawalker.com/academie-du-vin-guide-to-french-wines.pdf
    • http://www.gorillawalker.com/professional-review-guide-for-the-ccs-p-examination-2010-edition.pdf
    • http://www.gorillawalker.com/sustainable-micro-irrigation-design-systems-for-agricultural-crops-methods-and.pdf
    • http://www.gorillawalker.com/i-m-growing.pdf
    • http://www.gorillawalker.com/politics-and-the-sacred.pdf
    • http://www.gorillawalker.com/interpersonal-communication-everyday-encounters-available-titles-cengagenow.pdf
    • http://www.gorillawalker.com/handbook-of-public-administration-third-edition-public-administration-and-public.pdf
    • http://www.gorillawalker.com/fairy-tail-28.pdf
    • http://www.gorillawalker.com/the-lost-reflection.pdf
    • http://www.gorillawalker.com/modern-practice-of-the-electric-telegraph-a-handbook-for-electricians.pdf
    • http://www.gorillawalker.com/by-timothy-rasinski-vocabulary-ladders-understanding-word-nuances-level-4.pdf
    • http://www.gorillawalker.com/international-law-the-environment.pdf
    • http://www.gorillawalker.com/portrait-of-pa-imprint-lives.pdf
    • http://www.gorillawalker.com/baedeker-s-lisbon-aa-baedeker-s.pdf
    • http://www.gorillawalker.com/some-outlines-of-gnostic-aeonology.pdf
    • http://www.gorillawalker.com/synonym-finder-special-deluxe-edition.pdf
    • http://www.goril
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.