Malicious PDF — malware analysis report

Static analysis result for SHA-256 33b8108ae81c6443…

MALICIOUS

PDF

45.6 KB Created: 2018-12-07 18:29:44 +03:00 Authoring application: TopLeaf 7.6.056 (via iText 2.1.7 by 1T3XT)
MD5: b5f20a0310bd5353260e60ddad41e4ec SHA-1: b232f83d4f0bc7ef43e3c462780cc2e2d8ce8893 SHA-256: 33b8108ae81c644361128f01ce37c0c5ca418d5744c1ef2d724a8fccab4e9180
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF file contains a large number of embedded links pointing to external PDF documents hosted on www.gorillawalker.com. This is indicative of a link farm or a lure to a large collection of potentially malicious content. The ML classifier also flagged this PDF as malicious with a high probability. No scripts were extracted, and the document body was heavily obfuscated, preventing a deeper analysis of the specific lure.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8812

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/provocation-at-the-corridor-of-breakthroughs.pdf
    • http://www.gorillawalker.com/power-systems-control-technology-prentice-hall-international-series-in-systems.pdf
    • http://www.gorillawalker.com/left-for-dead-maeve-kerrigan.pdf
    • http://www.gorillawalker.com/knowledge-and-money-research-universities-and-the-paradox-of-the.pdf
    • http://www.gorillawalker.com/major-short-stories-of-d-h-lawrence-a-handbook-garland.pdf
    • http://www.gorillawalker.com/cr-neos-de-los-antiguos-peruanos-volumes-1-3-spanish.pdf
    • http://www.gorillawalker.com/ambient-conditions-and-fate-and-transport-simulations-of-dissolved-solids.pdf
    • http://www.gorillawalker.com/funny-offensive-jokes-hilarious-memes-v2-funny-jokes-puns-comedy.pdf
    • http://www.gorillawalker.com/custom-enrichment-module-the-psychology-major-s-handbook.pdf
    • http://www.gorillawalker.com/her-majesty-s-other-children-sketches-of-racism-from-a.pdf
    • http://www.gorillawalker.com/discourse-on-the-life-and-virtues-of-the-rev-demetrius.pdf
    • http://www.gorillawalker.com/i-want-my-narcissist-and-psychopath-back-i-miss-him.pdf
    • http://www.gorillawalker.com/fortune-the-art-of-covering-business.pdf
    • http://www.gorillawalker.com/cobuild-english-collat-network-lice.pdf
    • http://www.gorillawalker.com/the-midwives-book-or-the-whole-art-of-midwifry-discovered.pdf
    • http://www.gorillawalker.com/stefan-zweig-gesammelte-werke-die-ungeduld-des-herzens-schachnovelle-brennendes.pdf
    • http://www.gorillawalker.com/new-perspectives-in-lung-cancer.pdf
    • http://www.gorillawalker.com/concerto-k-622-orch-kalmus-classic-edition.pdf
    • http://www.gorillawalker.com/devon-a-z-visitor-s-map-s.pdf
    • http://www.gorillawalker.com/interventional-bronchoscopy-a-clinical-guide-respiratory-medicine.pdf
    • http://www.gorillawalker.com/crowded-by-three-pounded-hard-stretched-deep-filled-in-all.pdf
    • http://www.gorillawalker.com/the-chinese-cinema-book.pdf
    • http://www.gorillawalker.com/the-man-whisperer-speaking-your-man-s-language-to-bring.pdf
    • http://www.gorillawalker.com/rhythm-hues-2015-calendar.pdf
    • http://www.gorillawalker.com/the-art-of-dealing-poker.pdf
    • http://www.gorillawalker.com/lacrosse-technique-and-tradition.pdf
    • http://www.gorillawalker.com/an-introduction-to-capital-markets-products-strategies-participants-the-wiley.pdf
    • http://www.gorillawalker.com/charter-on-ground-water-management-e-89-ii-e-21.pdf
    • http://www.gorillawalker.com/electronics-and-optoelectronics-quantum-dot-devices-detect-ir-radiation-an.pdf
    • http://www.gorillawalker.com/greedily-yours-episode-6-wedding-belles.pdf
    • http://www.gorillawalker.com/w-b-yeats-a-life-i-the-apprentice-mage-1865.pdf
    • http://www.gorillawalker.com/proceedings-of-the-louisiana-conference-on-combinatorics-graph-theory-and.pdf
    • http://www.gorillawalker.com/geographical-information-systems-principles-techniques-management-and-applications.pdf
    • http://www.gorillawalker.com/sanchin-tristan-s-story-the-knockdown-karate-novel-series-volume.pdf
    • http://www.gorillawalker.com/flagstaff-sedona-prescott-valley-az-street-map-american-map.pdf
    • http://www.gorillawalker.com/the-bleiberg-project-consortium-thriller-hardcover.pdf
    • http://www.gorillawalker.com/belleza-negra-black-beauty-spanish-edition-clasicos-en-accion-coleccion.pdf
    • http://www.gorillawalker.com/effect-of-irradiation-on-the-storage-stability-of-whole-wheat.pdf
    • http://www.gorillawalker.com/faust-i-ii-kommentierte-ausgabe-mit-versz-hlung-und-worterkl.pdf
    • http://www.gorillawalker.com/combat-world-of-darkness-roleplaying-game.pdf
    • http://www.gorillawalker.com/major-short-stories-of-d-h-lawrence-a
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.