Malicious PDF — malware analysis report

Static analysis result for SHA-256 318393d1f16ba267…

MALICIOUS

PDF

44.5 KB Created: 2018-11-23 08:04:36 +03:00 Authoring application: PDF CoDe 2015.5473 (c) 2002-2015 European Commission
MD5: 2002425945c67fc5204cb1c4d6b66240 SHA-1: cf2b4a54561675152779189412e5be123fdcea5e SHA-256: 318393d1f16ba2673a4634ce5b1f7512257a74255d98ea86f1ab67639a4ad975
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF contains a large number of embedded external links, primarily pointing to PDF files on www.gorillawalker.com. This behavior is indicative of a link farm or SEO manipulation tactic. The ML classifier also flagged this PDF as malicious. No scripts were extracted, and the document body was unreadable, limiting the ability to determine a more specific attack pattern or family.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9171

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/making-the-steve-jobs-movie-an-entrepreneurial-case-study.pdf
    • http://www.gorillawalker.com/2016-pets-rock-wall-calendar.pdf
    • http://www.gorillawalker.com/la-muerte-spanish-edition.pdf
    • http://www.gorillawalker.com/la-billetera-de-dios-spanish-edition.pdf
    • http://www.gorillawalker.com/barbie-in-rock-n-royals-the-chapter-book-barbie-in.pdf
    • http://www.gorillawalker.com/1995-22nd-electrical-electronics-insulation-conference-electrical-manufacturing-coil-winding.pdf
    • http://www.gorillawalker.com/cpt-2016-professional-edition-current-procedural-terminology-professional-ed-spiral.pdf
    • http://www.gorillawalker.com/dorothea-lange-a-photographer-s-life.pdf
    • http://www.gorillawalker.com/milton-s-selected-poetry-and-prose-norton-critical-editions.pdf
    • http://www.gorillawalker.com/sylvia-s-lovers-and-mary-barton.pdf
    • http://www.gorillawalker.com/the-girl-with-the-crazy-brother.pdf
    • http://www.gorillawalker.com/mujeres-maduras-spanish-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/the-bumble-bee-miracle-a-story-of-survival-from-inflammatory.pdf
    • http://www.gorillawalker.com/offshore-sailing-200-essential-passagemaking-tips.pdf
    • http://www.gorillawalker.com/coloring-books-for-grownups-dia-de-los-muertos.pdf
    • http://www.gorillawalker.com/wrestling-drills-for-the-mat-and-mind.pdf
    • http://www.gorillawalker.com/persian-gulf-war-encyclopedia-a-political-social-and-military-history.pdf
    • http://www.gorillawalker.com/by-david-zid-delay-the-disease-exercise-and-parkinson-s.pdf
    • http://www.gorillawalker.com/the-1960s-country-decade-series-hal-leonard-country-decade.pdf
    • http://www.gorillawalker.com/managing-the-environment-managing-ourselves-a-history-of-american-environmental.pdf
    • http://www.gorillawalker.com/explaining-the-reasons-we-share-explanation-and-expression-in-ethics.pdf
    • http://www.gorillawalker.com/blacks-in-science-ancient-and-modern-journal-of-african-civilizations.pdf
    • http://www.gorillawalker.com/a-bibliographic-guide-to-north-american-industry-history-health-and.pdf
    • http://www.gorillawalker.com/the-lesbian-erotic-cookbook.pdf
    • http://www.gorillawalker.com/new-directions-in-special-education-eliminating-ableism-in-policy-and.pdf
    • http://www.gorillawalker.com/essentials-of-forensic-science-set-7-volumes.pdf
    • http://www.gorillawalker.com/in-the-forest-a-nature-trail-book-maurice-pledger-nature.pdf
    • http://www.gorillawalker.com/the-darwin-poems-new-writing.pdf
    • http://www.gorillawalker.com/oecd-reviews-of-regulatory-reform-regulatory-impact-analysis-a-tool.pdf
    • http://www.gorillawalker.com/tuttle-more-korean-for-kids-flash-cards-kit-includes-64.pdf
    • http://www.gorillawalker.com/uniformes-contemporaneos-del-ejercito-espanol-1977-spanish-edition.pdf
    • http://www.gorillawalker.com/nam-june-paik-global-visionary.pdf
    • http://www.gorillawalker.com/folk-tales-from-asia-for-children-everywhere-book-2-bk.pdf
    • http://www.gorillawalker.com/laboratory-manual-for-introduction-to-welding-engineering.pdf
    • http://www.gorillawalker.com/the-columbia-river-rivers-of-north-america.pdf
    • http://www.gorillawalker.com/turbulent-flows-models-and-physics.pdf
    • http://www.gorillawalker.com/beat-the-donks-the-biggest-mistakes-made-by-low-stakes.pdf
    • http://www.gorillawalker.com/speculative-notes-and-notes-on-speculation-ideal-and-real.pdf
    • http://www.gorillawalker.com/pc-desktop-technician-desktop-support-specialist-it-service-desk-technician.pdf
    • http://www.gorillawalker.com/una-revoluci-n-en-miniatura-spanish-edition.pdf
    • http://www.gorillawalker.com/1995-22nd-electrical-elect
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.