Malicious PDF — malware analysis report

Static analysis result for SHA-256 1c8636939024fcd8…

MALICIOUS

PDF

44.2 KB Created: 2018-12-02 10:55:35 +03:00 Authoring application: LaTeX with hyperref package (via dvips + ps2pdf)
MD5: f62147ca03f2b919931a924651020f3c SHA-1: 23e46dc9140692c69aa43bcd32c363511be17104 SHA-256: 1c8636939024fcd824a26027268b265d0f2c20bcdff883ad3b44af154a2ff222
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF contains a large number of embedded external links, identified by the PDF_SEO_LINK_FARM heuristic, pointing to various PDF files on the gorillawalker.com domain. This suggests a link farm or content distribution strategy. The ML classifier also flagged the PDF as malicious with high confidence. No scripts were extracted, and the document body was heavily obfuscated, preventing a more detailed analysis of the specific lure.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9016

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/sas-survival-handbook-third-edition-the-ultimate-guide-to-surviving.pdf
    • http://www.gorillawalker.com/arcimboldo.pdf
    • http://www.gorillawalker.com/elton-john-the-diving-board-pvg-kindle-edition.pdf
    • http://www.gorillawalker.com/spoonbread-and-strawberry-wine.pdf
    • http://www.gorillawalker.com/developmental-optometry-introduction-to-behavioral-optometry.pdf
    • http://www.gorillawalker.com/painting-acrylic-flowers-a-to-z.pdf
    • http://www.gorillawalker.com/master-the-ama-guides-5th-a-medical-and-legal-transition.pdf
    • http://www.gorillawalker.com/bal-champ-tre-quadrille-op-303-tuba-part-qty-4.pdf
    • http://www.gorillawalker.com/from-fat-boy-to-fit-man-a-one-step-at.pdf
    • http://www.gorillawalker.com/modern-written-arabic-a-comprehensive-grammar-routledge-comprehensive-grammars-digital.pdf
    • http://www.gorillawalker.com/introduction-to-law-6th-edition.pdf
    • http://www.gorillawalker.com/humbug-signed-limited-slipcased-edition.pdf
    • http://www.gorillawalker.com/getting-what-you-came-for-the-smart-student-s-guide.pdf
    • http://www.gorillawalker.com/jelly-beans-for-sale.pdf
    • http://www.gorillawalker.com/topics-in-mathematical-modeling.pdf
    • http://www.gorillawalker.com/rosen-aus-dem-s-den-roses-from-the-south-walzer.pdf
    • http://www.gorillawalker.com/killer-mission-book-one-in-the-killer-mystery-trilogy-hardy.pdf
    • http://www.gorillawalker.com/dutch-and-gina-after-the-fall-volume-4.pdf
    • http://www.gorillawalker.com/texas-ghost-stories-fifty-favorites-for-the-telling.pdf
    • http://www.gorillawalker.com/north-york-moors-guide.pdf
    • http://www.gorillawalker.com/business-diagnostics-2nd-edition.pdf
    • http://www.gorillawalker.com/human-rights-and-the-negotiation-of-american-power-pennsylvania-studies.pdf
    • http://www.gorillawalker.com/santa-tizing-what-s-wrong-with-christmas-and-how-to.pdf
    • http://www.gorillawalker.com/the-atlas-of-eastern-front-battles.pdf
    • http://www.gorillawalker.com/three-dimensional-structure-of-wood-a-scanning-electron-microscope-study.pdf
    • http://www.gorillawalker.com/laconia-handlebars-and-memories.pdf
    • http://www.gorillawalker.com/oracle-fusion-developer-guide-building-rich-internet-applications-with-oracle.pdf
    • http://www.gorillawalker.com/the-illustrated-to-think-like-god-pythagoras-and-parmenides-the.pdf
    • http://www.gorillawalker.com/1997-1998-pears-cyclopaedia-106th-edition.pdf
    • http://www.gorillawalker.com/chinese-landscape-painting-as-western-art-history.pdf
    • http://www.gorillawalker.com/higher-geometry-an-introduction-to-advanced-methods-in-analytic-geometry.pdf
    • http://www.gorillawalker.com/the-alpha-beta-story.pdf
    • http://www.gorillawalker.com/via-della-grammatica-libro-italian-edition.pdf
    • http://www.gorillawalker.com/carlo-mollino.pdf
    • http://www.gorillawalker.com/baby-fingers-hello-goodbye-teaching-your-baby-to-sign.pdf
    • http://www.gorillawalker.com/the-moral-obligation-to-be-intelligent-selected-essays.pdf
    • http://www.gorillawalker.com/the-spirit-calling-resting-in-the-quiet-of-the-still.pdf
    • http://www.gorillawalker.com/christian-and-lyric-tradition-in-victorian-women-s-poetry-routledge.pdf
    • http://www.gorillawalker.com/venetian-reckoning.pdf
    • http://www.gorillawalker.com/el-principio-del-fin-the-beginning-of-the-end-apocalipsis.pdf
    • http://www.gorillawalker.com/master-the-ama-guides-5th-a-medical-and-legal-transi
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.