Malicious PDF — malware analysis report

Static analysis result for SHA-256 29227f21da6a5f45…

MALICIOUS

PDF

43.6 KB Created: 2019-01-06 08:02:17 +03:00 Authoring application: Microsoft Word 8.0 (via Acrobat Distiller 4.0 for Windows)
MD5: a6e1f9e4770fa03335c6573ece6340e8 SHA-1: f9cc2102a333f0796317c15024ffd6c34e7d745d SHA-256: 29227f21da6a5f4520865540b7244466ee3c5066784975fa47567b2e86af1ff4
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF file contains a large number of embedded external links, identified by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged this PDF as malicious. The primary attack pattern appears to be SEO manipulation or a link farm designed to direct users to potentially malicious content hosted on the gorillawalker.com domain. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9007

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/holman-old-testament-commentary-1st-2nd-chronicles.pdf
    • http://www.gorillawalker.com/macroeconomic-theory-economic-theory-econometrics-and-mathematical-economics-series.pdf
    • http://www.gorillawalker.com/1998-worldwide-refining-and-gas-processing-directory-54th-ed.pdf
    • http://www.gorillawalker.com/code-of-federal-regulations-title-37-patents-trademarks-and-copyrights.pdf
    • http://www.gorillawalker.com/forces-and-motion-start-science.pdf
    • http://www.gorillawalker.com/china-hydropower-engineering-consulting-group-northwest-survey-and-design-institute.pdf
    • http://www.gorillawalker.com/intelligent-mechatronic-systems-modeling-control-and-diagnosis.pdf
    • http://www.gorillawalker.com/101-best-businesses-to-start-the-essential-sourcebook-of-success.pdf
    • http://www.gorillawalker.com/finest-years-churchill-as-warlord-1940-45-by-max-hastings.pdf
    • http://www.gorillawalker.com/theoretical-models-and-processes-of-reading.pdf
    • http://www.gorillawalker.com/a-manual-for-the-use-of-the-general-court-volume.pdf
    • http://www.gorillawalker.com/madera-de-sandalo-coleccion-espejo-de-paciencia-spanish-edition.pdf
    • http://www.gorillawalker.com/classroom-management-that-works-research-based-strategies-for-every-teacher.pdf
    • http://www.gorillawalker.com/the-black-rhinos-of-namibia-searching-for-survivors-in-the.pdf
    • http://www.gorillawalker.com/galileo-s-alien-gangbang-gay-sci-fi-tentacle-erotica.pdf
    • http://www.gorillawalker.com/the-apostolical-acts-and-epistles-from-the-peschito-or-ancient.pdf
    • http://www.gorillawalker.com/the-simplest-game-the-intelligent-fan-s-guide-to-the.pdf
    • http://www.gorillawalker.com/design-for-manufacturing-a-structured-approach.pdf
    • http://www.gorillawalker.com/when-the-woman-come-out-to-dance-stories.pdf
    • http://www.gorillawalker.com/the-twilight-saga-complete-collection-kindle-edition.pdf
    • http://www.gorillawalker.com/decision-making-and-action.pdf
    • http://www.gorillawalker.com/the-good-living-guide-to-medicinal-tea-50-ways-to.pdf
    • http://www.gorillawalker.com/poems-and-prose-from-the-vietnam-war-and-then-from.pdf
    • http://www.gorillawalker.com/jobs-around-my-neighborhood-oficios-en-mi-vecindario-english-and.pdf
    • http://www.gorillawalker.com/gullah-images-the-art-of-jonathan-green.pdf
    • http://www.gorillawalker.com/the-merchant-of-dreams-night-s-masque-volume-2.pdf
    • http://www.gorillawalker.com/brazil-modern-the-rediscovery-of-twentieth-century-brazilian-furniture.pdf
    • http://www.gorillawalker.com/the-shadow-soul-a-dance-of-dragons-book-1-kindle.pdf
    • http://www.gorillawalker.com/the-banjo-player-fritz-kaylor-early-intermediate-level.pdf
    • http://www.gorillawalker.com/the-christmas-cobwebs-usborne-first-reading-digital.pdf
    • http://www.gorillawalker.com/the-art-of-skating-its-history-and-development-with-practical.pdf
    • http://www.gorillawalker.com/wanderlust-collection-1-episodes-01-03.pdf
    • http://www.gorillawalker.com/mystic-geometer-and-intuitionist-the-life-of-l-e-j.pdf
    • http://www.gorillawalker.com/the-workbook-on-the-beatitudes.pdf
    • http://www.gorillawalker.com/afro-latin-saxophone-duets.pdf
    • http://www.gorillawalker.com/basix-harmonica-method-bk-cd.pdf
    • http://www.gorillawalker.com/charged-book-one.pdf
    • http://www.gorillawalker.com/early-history-of-nuclear-medicine-oral-history-transcript-1982-facsimile.pdf
    • http://www.gorillawalker.com/boudoir-monologues-erotic-vignettes-for-the-sexes-volume-1.pdf
    • http://www.gorillawalker.com/mush-the-sled-dogs-of-the-iditarod-by-funk-joe.pdf
    • http://www.gorillawalker.com/forces-and-motion-star
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.