Malicious PDF — malware analysis report

Static analysis result for SHA-256 2877760f30dab47e…

MALICIOUS

PDF

44.4 KB Created: 2018-12-15 20:01:00 +03:00 Authoring application: pdfFactory Pro www.pdffactory.com (via pdfFactory Pro 4.05 (Windows 7 Home Basic x86 Russian))
MD5: 046a102b28a1948ce0a9488dcf250138 SHA-1: 6a11e8980529e95b4ccce8f1c857b6f0e5822c42 SHA-256: 2877760f30dab47e8b620e37ad25c7746bdeccf0550b9369f46c5f1cbe86c1c4
72 Risk Score

Malware Insights

MITRE ATT&CK
T1204.002 Malicious File T1566.002 Spearphishing Attachment

The PDF contains multiple embedded URLs pointing to other PDF documents, suggesting a lure to download further content. The heuristic 'SE_REMOTE_SUPPORT_LURE' indicates the document's content likely instructs the user to engage with remote support tools, a common social engineering tactic. The ML classifier also flagged the PDF as malicious. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8452

Heuristics 3

  • Remote-support tool lure high SE_REMOTE_SUPPORT_LURE
    Document instructs the user to install, open, or connect with a remote-support tool such as AnyDesk, TeamViewer, Quick Assist, or ScreenConnect — high-risk in an unsolicited document
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/financial-accounting-2nd-edition.pdf
    • http://www.gorillawalker.com/essays-in-rationalism.pdf
    • http://www.gorillawalker.com/the-plenitude-creativity-innovation-and-making-stuff-simplicity-design-technology.pdf
    • http://www.gorillawalker.com/master-the-police-officer-exam.pdf
    • http://www.gorillawalker.com/untitled-digital.pdf
    • http://www.gorillawalker.com/peach-fuzz-volume-3.pdf
    • http://www.gorillawalker.com/my-weirder-school-10-mr-jack-is-a-maniac.pdf
    • http://www.gorillawalker.com/applied-geophysics-in-the-search-for-minerals.pdf
    • http://www.gorillawalker.com/structural-analysis-of-laminated-anisotropic-plates.pdf
    • http://www.gorillawalker.com/the-power-of-icons-russian-and-greek-icons-15th-19th.pdf
    • http://www.gorillawalker.com/wigglesbottom-primary-the-shark-in-the-pool.pdf
    • http://www.gorillawalker.com/contratos-mercantiles-biblioteca-jur.pdf
    • http://www.gorillawalker.com/the-sin-eater-s-daughter-audio.pdf
    • http://www.gorillawalker.com/slick-the-silver-series-book-2.pdf
    • http://www.gorillawalker.com/grammar-in-context-3-student.pdf
    • http://www.gorillawalker.com/lonely-planet-rhodes-dodecanese.pdf
    • http://www.gorillawalker.com/miffy-s-happy-new-year.pdf
    • http://www.gorillawalker.com/collaborations-in-architecture-and-engineering.pdf
    • http://www.gorillawalker.com/a-girl-who-would-be-queen-the-story-and-the.pdf
    • http://www.gorillawalker.com/qualitative-research-in-nursing-advancing-the-humanistic-imperative-5th-fifth.pdf
    • http://www.gorillawalker.com/remember-the-bridge-poems-of-a-people.pdf
    • http://www.gorillawalker.com/violin-concerto-no-2-op-44-orchestra-score-parts-clarinet.pdf
    • http://www.gorillawalker.com/not-again-my-love-nebraska-holds-book-2-kindle-edition.pdf
    • http://www.gorillawalker.com/bicycling-home-my-journey-to-find-god.pdf
    • http://www.gorillawalker.com/how-to-master-the-ielts-over-400-questions-for-all.pdf
    • http://www.gorillawalker.com/open-source-mobile-learning-mobile-linux-applications.pdf
    • http://www.gorillawalker.com/jews-christians-muslims-a-comparative-introduction-to-monotheistic-religions-2nd.pdf
    • http://www.gorillawalker.com/mrcp-1-best-of-five-pocket-book-3-clinical-pharmacology.pdf
    • http://www.gorillawalker.com/essays-upon-heredity-and-kindred-biological-problems.pdf
    • http://www.gorillawalker.com/amsco-s-ap-literature-and-composition-preparing-for-the-advanced.pdf
    • http://www.gorillawalker.com/language-proof-and-logic.pdf
    • http://www.gorillawalker.com/aerie-the-dragon-jousters-book-4.pdf
    • http://www.gorillawalker.com/the-acts-of-the-council-of-chalcedon-liverpool-university-press.pdf
    • http://www.gorillawalker.com/the-liminal-people-a-novel.pdf
    • http://www.gorillawalker.com/dragon-ball-z-volume-10-dragon-ball-z-viz-paperback.pdf
    • http://www.gorillawalker.com/text-him-back-flirtexting-made-easy-how-to-text-the.pdf
    • http://www.gorillawalker.com/a-description-of-above-three-hundred-animals-viz-beasts-birds.pdf
    • http://www.gorillawalker.com/nuclear-chemistry-at-rensselaer-polytechnic-institute-rensselaer-polytechnic-institute-bulletin.pdf
    • http://www.gorillawalker.com/respiratory-medicine-an-illustrated-colour-text-1e.pdf
    • http://www.gorillawalker.com/12-violin-sonatas-op-5-selections-sarabanda-giga-e-badinerie.pdf
    • http://www.gorillawal
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.