Malicious PDF — malware analysis report

Static analysis result for SHA-256 1c0febdc4a3c3187…

MALICIOUS

PDF

44.3 KB Created: 2018-12-15 20:06:45 +03:00 Authoring application: - (via htmldoc 1.8.27 Copyright 1997-2006 Easy Software Products, All Rights Reserved.)
MD5: 148bc1cc2d66cb63ab6c6096bf8bf2ac SHA-1: 7322a43fe68f209dbdc263345234ffdaa2a1fdaf SHA-256: 1c0febdc4a3c3187240d87cb306cde13c1b8eafa99b344ed11ed7262d16b981c
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF contains a large number of external links, identified by the PDF_SEO_LINK_FARM heuristic, pointing to various PDF files on the domain 'gorillawalker.com'. This suggests a link farm or a distribution mechanism for other malicious content. The ML_NYX_PDF_MALICIOUS heuristic further supports the malicious nature of the file. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8452

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/high-level-synthesis-for-real-time-digital-signal-processing-the.pdf
    • http://www.gorillawalker.com/the-early-earth-accretion-and-differentiation-geophysical-monograph-series.pdf
    • http://www.gorillawalker.com/the-world-s-youth-adolescence-in-eight-regions-of-the.pdf
    • http://www.gorillawalker.com/elijah-s-miniguide-to-discoveryland-at-disneyland-paris-2015-kindle.pdf
    • http://www.gorillawalker.com/chemical-principles-student-solutions-manual.pdf
    • http://www.gorillawalker.com/a-course-in-normal-histology-a-guide-for-practical-instruction.pdf
    • http://www.gorillawalker.com/thom-h-dunning-jr-a-festschrift-from-theoretical-chemistry-accounts.pdf
    • http://www.gorillawalker.com/michigan-agricultural-college-campus-life-1900-1925-a-postcard-tour.pdf
    • http://www.gorillawalker.com/limit-and-lead-student-workbook.pdf
    • http://www.gorillawalker.com/deep-vegetarianism-america-in-transition.pdf
    • http://www.gorillawalker.com/tb-9-3950-253-13-p-army-palletized-load-system.pdf
    • http://www.gorillawalker.com/montaigne-a-biography.pdf
    • http://www.gorillawalker.com/operative-otorhinolaryngology.pdf
    • http://www.gorillawalker.com/radical-information-literacy-reclaiming-the-political-heart-of-the-il.pdf
    • http://www.gorillawalker.com/mine-winding-and-transport.pdf
    • http://www.gorillawalker.com/together-devotions-for-young-children-and-families-kindle-edition.pdf
    • http://www.gorillawalker.com/google-bigquery-analytics-kindle-edition.pdf
    • http://www.gorillawalker.com/house-reckoning-a-joe-demarco-thriller.pdf
    • http://www.gorillawalker.com/american-english-file-4-workbook-with-ichecker.pdf
    • http://www.gorillawalker.com/madrid-alcala-aranjuez-el-escorial.pdf
    • http://www.gorillawalker.com/advanced-healh-assessment-and-clinical-diagnosis-in-primary-care-pageburst.pdf
    • http://www.gorillawalker.com/frankenstein-a-play-in-two-acts.pdf
    • http://www.gorillawalker.com/just-wages-for-women-oxford-monographs-on-labour-law.pdf
    • http://www.gorillawalker.com/pre-algebra-a-teaching-textbook.pdf
    • http://www.gorillawalker.com/the-psychology-of-body-language-kindle-edition.pdf
    • http://www.gorillawalker.com/rethinking-france-les-lieux-de-m-moire-volume-2-space.pdf
    • http://www.gorillawalker.com/101-facts-inca-empire-books-for-kids-101-history-facts.pdf
    • http://www.gorillawalker.com/sudoku-puzzle-2-200-jigsaw-sudoku.pdf
    • http://www.gorillawalker.com/energy-alternatives-compact-research-series.pdf
    • http://www.gorillawalker.com/charles-de-gaulle-futurist-of-the-nation.pdf
    • http://www.gorillawalker.com/elements-of-language-developmental-language-skills-grade-8.pdf
    • http://www.gorillawalker.com/turkish-embassy-letters.pdf
    • http://www.gorillawalker.com/big-cat-reading-lions-level-6-fluent-reading.pdf
    • http://www.gorillawalker.com/bell-telephone-system-technical-publications-volume-43-september-1964-part.pdf
    • http://www.gorillawalker.com/sparrow-s-flight.pdf
    • http://www.gorillawalker.com/rehabilitation-of-neuropsychological-disorders-a-practical-guide-for-rehabilitation-profesionals.pdf
    • http://www.gorillawalker.com/bread-to-the-full-striking-addresses-blessed-to-thousands-the.pdf
    • http://www.gorillawalker.com/food-presentation-secrets-styling-techniques-of-professionals.pdf
    • http://www.gorillawalker.com/biology-of-echinococcus-and-hydatid-disease.pdf
    • http://www.gorillawalker.com/i-want-my-son-to-know-this.pdf
    • http://www.gorillawalker.com/elijah-s-miniguide-to-discoveryland-at-disneyland-par
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.