Malicious PDF — malware analysis report

Static analysis result for SHA-256 27e36b2b3ed4818f…

MALICIOUS

PDF

44.3 KB Created: 2018-11-30 20:30:25 +03:00 Authoring application: AH XSL Formatter V6.1 MR6 for Windows (x64) : 6.1.11.18624 (via Antenna House PDF Output Library 6.1.610 (Windows (x64)))
MD5: a8b44c1d8d88a0817fe4e0cb2d2bc806 SHA-1: 4459bf89581d73dad8942577b474b6b8440c7c95 SHA-256: 27e36b2b3ed4818fa503a6cdc37b54efaa97bce405ed39f5e34408258bc66c5f
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF contains a large number of embedded links to external PDF files hosted on 'gorillawalker.com'. This behavior is indicative of a PDF_SEO_LINK_FARM heuristic, suggesting the document is designed to manipulate search engine results or redirect users to potentially malicious content. The ML classifier also flagged this PDF as malicious with a high probability. No scripts were extracted from this sample, and the document body was not parsable.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8050

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/on-the-road-penguin-modern-classics.pdf
    • http://www.gorillawalker.com/living-the-victory-god-s-strategies-for-spiritual-warfare.pdf
    • http://www.gorillawalker.com/introduction-to-saint-st-thomas-aquinas.pdf
    • http://www.gorillawalker.com/the-mathematics-of-surfaces-vi-institute-of-mathematics-and-its.pdf
    • http://www.gorillawalker.com/trisha-brown-so-that-the-audience-does-not-know-whether.pdf
    • http://www.gorillawalker.com/religion-in-america-opposing-viewpoints.pdf
    • http://www.gorillawalker.com/hong-kong-macau-guidebook-reading-chinese-edition.pdf
    • http://www.gorillawalker.com/kimba-the-pet-shop-puppy.pdf
    • http://www.gorillawalker.com/rhythm-clapping-crotchets-quavers-crotchets-quavers-for-the-classroom-book.pdf
    • http://www.gorillawalker.com/church-and-clergy-finance-november-10-1985-how-to-deduct.pdf
    • http://www.gorillawalker.com/mari-capital-of-northern-mesopotamia-in-the-third-millennium-the.pdf
    • http://www.gorillawalker.com/consumer-mathematics-workbook-answer-key-ags-publishing.pdf
    • http://www.gorillawalker.com/the-colossian-and-ephesian-i-haustafeln-i-in-theological-context.pdf
    • http://www.gorillawalker.com/panda-bears-picture-book-about-panda-bears-for-children-kindle.pdf
    • http://www.gorillawalker.com/leisure-in-later-life-third-edition.pdf
    • http://www.gorillawalker.com/el-libro-de-mormon.pdf
    • http://www.gorillawalker.com/10.pdf
    • http://www.gorillawalker.com/idaho-wild-scenic-2013-square-12x12-wall.pdf
    • http://www.gorillawalker.com/wounds-to-wisdom-i-m-still-standing.pdf
    • http://www.gorillawalker.com/two-wheels-and-an-engine-a-guide-for-motorcycle-lovers.pdf
    • http://www.gorillawalker.com/paul-i-a-reassessment-of-his-life-and-reign-pitt.pdf
    • http://www.gorillawalker.com/the-dows-or-dowse-family-in-america-a-genealogy-of.pdf
    • http://www.gorillawalker.com/theoretical-astrophysics-volume-ii-stars-and-stellar-systems.pdf
    • http://www.gorillawalker.com/following-the-trend-diversified-managed-futures-trading.pdf
    • http://www.gorillawalker.com/public-offices-personal-demands-capability-in-governance-in-the-seventeenth.pdf
    • http://www.gorillawalker.com/the-cook-s-illustrated-guide-to-grilling-and-barbecue.pdf
    • http://www.gorillawalker.com/jesus-speaks-to-me-on-my-first-holy-communion.pdf
    • http://www.gorillawalker.com/talk-like-ted-the-9-public-speaking-secrets-of-the.pdf
    • http://www.gorillawalker.com/research-handbook-on-human-rights-and-intellectual-property-research-handbooks.pdf
    • http://www.gorillawalker.com/dali-the-work-the-man.pdf
    • http://www.gorillawalker.com/poems-1959-2009.pdf
    • http://www.gorillawalker.com/the-oyster-vol-1-the-victorian-underground-magazine-of-erotica.pdf
    • http://www.gorillawalker.com/galactic-astronomy-princeton-series-in-astrophysics.pdf
    • http://www.gorillawalker.com/the-espresso-quest.pdf
    • http://www.gorillawalker.com/classic-honda-motorcycles.pdf
    • http://www.gorillawalker.com/stalin-s-apologist-walter-duranty-the-new-york-times-s.pdf
    • http://www.gorillawalker.com/zero-jm-ken-niimura-illustrations-tp.pdf
    • http://www.gorillawalker.com/the-organic-chemistry-of-drug-design-and-drug-action-second.pdf
    • http://www.gorillawalker.com/hunting-practices-of-the-wachiperi-demystifying-indigenous-environmental-behavior.pdf
    • http://www.gorillawalker.com/a-pain-in-the-pancreas-pancreatitis-can-be-a-serious.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.