Malicious PDF — malware analysis report

Static analysis result for SHA-256 36bd81e51fead18c…

MALICIOUS

PDF

47.4 KB Created: 2019-02-13 20:40:01 +03:00 Authoring application: Acrobat Elements 10.0.0 (Windows)
MD5: 0476c61189307081e8cdb77837329a2d SHA-1: c5048c294b48c98cc63c3be66a6452e29991f0f0 SHA-256: 36bd81e51fead18cf634710257f283c34a5131e4695f304c62ed1f4fe58a09bb
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF contains a significant number of embedded external links, identified by the PDF_SEO_LINK_FARM heuristic. This suggests a tactic to manipulate search engine rankings or to distribute further malicious content. The ML classifier also flagged the document as malicious. No scripts were extracted, and the document body was heavily truncated, limiting further analysis of the specific lure.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8527

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/emerging-technologies-for-3d-video-creation-coding-transmission-and-rendering.pdf
    • http://www.gorillawalker.com/fire-ice-remy-and-fleur-fontenot-a-crimson-clover-lagniappe.pdf
    • http://www.gorillawalker.com/jousting-with-the-myth.pdf
    • http://www.gorillawalker.com/of-cannibals-and-kings-primal-anthropology-in-the-americas-latin.pdf
    • http://www.gorillawalker.com/the-further-adventures-of-batman-vol-3-featuring-catwoman.pdf
    • http://www.gorillawalker.com/steampunk-an-anthology-of-fantastically-rich-and-strange-stories-kindle.pdf
    • http://www.gorillawalker.com/adrienne-issue-02-a-poetry-journal-of-queer-women.pdf
    • http://www.gorillawalker.com/cast-exam-secrets-study-guide-cast-test-review-for-the.pdf
    • http://www.gorillawalker.com/hydrostatic-lubrication-tribology-series.pdf
    • http://www.gorillawalker.com/garrison-essentials-of-oceanography-3rd-third-edition.pdf
    • http://www.gorillawalker.com/the-bounty-hunter-redbourne-series-2-rafe-s-story-kindle.pdf
    • http://www.gorillawalker.com/lecture-notes-dermatology.pdf
    • http://www.gorillawalker.com/drum-solos-revisited-dvd.pdf
    • http://www.gorillawalker.com/zhongguo-shi-xue-mei-xue-xiu-zhen-cong-shu-mandarin.pdf
    • http://www.gorillawalker.com/my-wicked-wicked-ways.pdf
    • http://www.gorillawalker.com/verlustverrechnung-bei-ertragsteuerlicher-konzernbesteuerung-deutschland-sterreich-und-die-usa-im.pdf
    • http://www.gorillawalker.com/akhenaten-egypt-s-false-prophet-hardcover.pdf
    • http://www.gorillawalker.com/el-pensamiento-del-corazon-the-thought-of-the-heart-and.pdf
    • http://www.gorillawalker.com/a-heart-to-heal-love-inspired-gordon-falls.pdf
    • http://www.gorillawalker.com/translating-shakespeare-a-guidebook-for-young-actors.pdf
    • http://www.gorillawalker.com/aristotle-dictionary.pdf
    • http://www.gorillawalker.com/piano-sonata-no-16-in-g-major-op-31-no.pdf
    • http://www.gorillawalker.com/diversity-in-coaching-working-with-gender-culture-race-and-age.pdf
    • http://www.gorillawalker.com/13-reasons-to-give-a-damn-in-2016-this-is.pdf
    • http://www.gorillawalker.com/lo-mejor-de-atenas-best-of-spanish-edition.pdf
    • http://www.gorillawalker.com/gagtastic-jokes-data-bank.pdf
    • http://www.gorillawalker.com/gold-rush-in-the-jungle-the-race-to-discover-and.pdf
    • http://www.gorillawalker.com/undercover-surrealism-hayward-gallery-london-an-article-from-artforum-international.pdf
    • http://www.gorillawalker.com/the-art-of-computer-programming-volume-4a-combinatorial-algorithms-part.pdf
    • http://www.gorillawalker.com/taken-kindle-edition.pdf
    • http://www.gorillawalker.com/intelligent-patient-guide-to-prostate-cancer.pdf
    • http://www.gorillawalker.com/come-emmanuel-approaching-advent-living-with-christmas.pdf
    • http://www.gorillawalker.com/developmental-problems-and-their-solution-for-the-space-shuttle-main.pdf
    • http://www.gorillawalker.com/the-review-of-scientific-instruments-volume-14-new-series-1943.pdf
    • http://www.gorillawalker.com/disability-and-intersecting-statuses-research-in-social-science-and-disability.pdf
    • http://www.gorillawalker.com/a-first-course-in-probability-8th-edition.pdf
    • http://www.gorillawalker.com/skateboarding-book-of-tricks-start-up-sports-kindle-edition.pdf
    • http://www.gorillawalker.com/tomorrow-you-die-the-astonishing-survival-story-of-a-second.pdf
    • http://www.gorillawalker.com/manual-de-terapias-naturales-para-cada-enfermedad-spanish-edition.pdf
    • http://www.gorillawalker.com/the-architecture-of-the-cocktail-2015-16-month-calendar-september.pdf
    • http://www.gorillawalker.com/of-cannibals-and-kings-primal-ant
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.