Malicious PDF — malware analysis report

Static analysis result for SHA-256 3646da99d13ac2f6…

MALICIOUS

PDF

41.3 KB Created: 2018-11-23 21:00:58 +03:00 Authoring application: Microsoft® Word 2010 (via Acrobat Distiller 11.0 (Windows))
MD5: 10264cd1aabae3798f6ead7b5fa78519 SHA-1: 4bc0421ddfbc769ee065ef47748931f3f4abf882 SHA-256: 3646da99d13ac2f691d8a211ac115e1deed9feb15e6a9f9ead3e752849c9c1c1
90 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell

The PDF file contains a large number of embedded URLs pointing to external PDF documents on the domain 'gorillawalker.com'. This is indicative of a link farm, a common technique used to manipulate search engine rankings or to distribute a large volume of potentially malicious content. The ML classifier also flagged this PDF as malicious with a high probability. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8872

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/cooking-with-greek-yogurt-healthy-recipes-for-buffalo-blue-cheese.pdf
    • http://www.gorillawalker.com/colorado-month-to-month-gardening-2nd-edition.pdf
    • http://www.gorillawalker.com/the-field-of-blackbirds-a-jeff-bradley-thriller-kindle-edition.pdf
    • http://www.gorillawalker.com/the-road-to-kuala-lumpur.pdf
    • http://www.gorillawalker.com/linux-tcp-ip-network-administration.pdf
    • http://www.gorillawalker.com/stenciling-the-arts-crafts-home.pdf
    • http://www.gorillawalker.com/all-the-missing-souls-a-personal-history-of-the-war.pdf
    • http://www.gorillawalker.com/the-ables-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/serenade-valse-piano-after-2nd-waltz-from-jazz-suite-second.pdf
    • http://www.gorillawalker.com/life-by-the-numbers.pdf
    • http://www.gorillawalker.com/pleasing-professor-petersen-volume-1.pdf
    • http://www.gorillawalker.com/revision-revisited-research-in-the-teaching-of-rhetoric-composition.pdf
    • http://www.gorillawalker.com/clicking-17-trends-that-drive-your-business-and-your-life.pdf
    • http://www.gorillawalker.com/wild-bill-the-legend-and-life-of-william-o-douglas.pdf
    • http://www.gorillawalker.com/lettres-d-amour-en-somalie-french-edition.pdf
    • http://www.gorillawalker.com/medicina-legal-spanish-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/beth-the-baby-boat-discovers-treasure-a-children-s-picture.pdf
    • http://www.gorillawalker.com/i-have-lived-a-thousand-years-growing-up-in-the.pdf
    • http://www.gorillawalker.com/call-it-courage-teacher-guide.pdf
    • http://www.gorillawalker.com/an-antitrust-lawyer-six-decades-at-mccutchen-doyle-brown-enersen.pdf
    • http://www.gorillawalker.com/mastering-ansible.pdf
    • http://www.gorillawalker.com/the-zimbabwe-culture-ruins-and-reactions.pdf
    • http://www.gorillawalker.com/two-years-before-the-mast-volume-1-of-3-easyread.pdf
    • http://www.gorillawalker.com/trench-fighting-of-world-war-i.pdf
    • http://www.gorillawalker.com/medex-an-extension-of-the-physician-alternate-plan-paper-mankato.pdf
    • http://www.gorillawalker.com/variety-international-film-guide-2006-the-definitive-annual-review-of.pdf
    • http://www.gorillawalker.com/globalization-and-media-global-village-of-babel.pdf
    • http://www.gorillawalker.com/okanagan-slow-road.pdf
    • http://www.gorillawalker.com/rheology-of-the-earth-deformation-and-flow-processes-in-geophysics.pdf
    • http://www.gorillawalker.com/what-do-jehovah-s-witnesses-believe-answers-christians-need-to.pdf
    • http://www.gorillawalker.com/good-housekeeping-special-diet-cookbook-originally-published-as-good-housekeeping.pdf
    • http://www.gorillawalker.com/showtime-hymns-level-2a.pdf
    • http://www.gorillawalker.com/on-thinking-the-human.pdf
    • http://www.gorillawalker.com/my-bread-the-revolutionary-no-work-no-knead-method.pdf
    • http://www.gorillawalker.com/our-a-cappella-a-cappella-series-book-2-volume-2.pdf
    • http://www.gorillawalker.com/lessons-learned-lessons-learned-kindle-edition.pdf
    • http://www.gorillawalker.com/la-casa-de-riverton-spanish-edition.pdf
    • http://www.gorillawalker.com/the-crb-commodity-yearbook-2002.pdf
    • http://www.gorillawalker.com/on-time-new-contributions-to-the-husserlian-phenomenology-of-time.pdf
    • http://www.gorillawalker.com/void-s-enigmatic-mansion-chapter-7-void-s-enigmatic-mansion.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.