Malicious PDF — malware analysis report

Static analysis result for SHA-256 306e9f60b5675ece…

MALICIOUS

PDF

41.4 KB Created: 2019-02-14 08:24:18 +03:00 Authoring application: XSL Formatter V4.3 MR8 for Windows (via Acrobat Distiller 7.0.5 (Windows))
MD5: 77f5f00e860c1f6644b875d9d730d8d9 SHA-1: eae4853c51ad560e2b6be438b25a0df3c1d2cfa4 SHA-256: 306e9f60b5675ece0c429a452a2d46b84cfbe304e278853cbaedc5ab32293c22
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF was flagged by a machine learning classifier and contains a large number of embedded links to external PDF files hosted on gorillawalker.com. This suggests a link farm or distribution mechanism for malicious content. No scripts were extracted, and the document body was heavily obfuscated, limiting further analysis of the specific payload.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/splendid-spring-coloring-book-volume-2-art-filled-fun-coloring.pdf
    • http://www.gorillawalker.com/celtic-woodcraft-authentic-projects-for-woodworkers.pdf
    • http://www.gorillawalker.com/baby-dance-harper-growing-tree.pdf
    • http://www.gorillawalker.com/beyond-horse-massage-a-breakthrough-interactive-method-for-alleviating-soreness.pdf
    • http://www.gorillawalker.com/the-butterfly-girl-into-the-land-of-heart-butterflies.pdf
    • http://www.gorillawalker.com/when-you-suffer-biblical-keys-to-unlock-the-mystery.pdf
    • http://www.gorillawalker.com/when-the-game-stands-tall-52-devotions-for-the-heart.pdf
    • http://www.gorillawalker.com/fractography-observing-measuring-and-interpreting-fracture-surface-topography.pdf
    • http://www.gorillawalker.com/ergonomic-and-safety-climate-evaluation-at-a-brewery-colorado-health.pdf
    • http://www.gorillawalker.com/cmos-analog-circuit-design-the-oxford-series-in-electrical-and.pdf
    • http://www.gorillawalker.com/little-known-facts-about-country-music.pdf
    • http://www.gorillawalker.com/freeform-crochet-with-confidence-develop-your-own-style-with-30.pdf
    • http://www.gorillawalker.com/52-ways-to-be-more-organized.pdf
    • http://www.gorillawalker.com/early-years-educator-cache-child-care-and-education.pdf
    • http://www.gorillawalker.com/woodwind-ensemble-sheet-music-collection-part-1.pdf
    • http://www.gorillawalker.com/hypnosis.pdf
    • http://www.gorillawalker.com/the-druze-culture-history-prospects.pdf
    • http://www.gorillawalker.com/antenna-theory-analysis-and-design-kindle-edition.pdf
    • http://www.gorillawalker.com/reflections-calendar-2015-wall-calendars-sunset-calendar-photo-calendar-monthly.pdf
    • http://www.gorillawalker.com/my-sister-s-picture.pdf
    • http://www.gorillawalker.com/tabish-khair-critical-perspectives.pdf
    • http://www.gorillawalker.com/initiation-bonfire-chronicles-prequel-1-kindle-edition.pdf
    • http://www.gorillawalker.com/safe-at-home.pdf
    • http://www.gorillawalker.com/the-works-of-thomas-chalmers-complete-in-one-volume.pdf
    • http://www.gorillawalker.com/bodily-harm-the-breakthrough-treatment-program-for-self-injurers.pdf
    • http://www.gorillawalker.com/national-faculty-directory.pdf
    • http://www.gorillawalker.com/jane-austen-a-family-record.pdf
    • http://www.gorillawalker.com/appraiser-passbooks-career-examination-series-c-15.pdf
    • http://www.gorillawalker.com/beyond-the-hype-illusion-and-reality-in-real-estate-sales.pdf
    • http://www.gorillawalker.com/pharmaceutical-biotechnology.pdf
    • http://www.gorillawalker.com/stability-of-dynamical-systems-volume-5-monograph-series-on-nonlinear.pdf
    • http://www.gorillawalker.com/statistics-and-experimental-design-for-toxicologists-third-edition.pdf
    • http://www.gorillawalker.com/dark-prisms-occultism-in-hispanic-drama-studies-in-romance-languages.pdf
    • http://www.gorillawalker.com/the-history-of-the-decline-and-fall-of-the-roman.pdf
    • http://www.gorillawalker.com/boy.pdf
    • http://www.gorillawalker.com/think-again-contrarian-reflections-on-life-culture-politics-religion-law.pdf
    • http://www.gorillawalker.com/yellow-dog-robert-crumb-origin-of-comix-volume-1.pdf
    • http://www.gorillawalker.com/high-pressure-liquid-chromatography-webster-s-timeline-history-1972-2007.pdf
    • http://www.gorillawalker.com/riven-the-arinthian-line-book-2-kindle-edition.pdf
    • http://www.gorillawalker.com/antonio-narino-precursor-de-la-modernidad-spanish-edition.pdf
    • http://www.gorillawalker.com/when-the-game-stands-tall-52-devotions-for-the-heart.pd
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.