Malicious PDF — malware analysis report

Static analysis result for SHA-256 36e924c51bbbbff0…

MALICIOUS

PDF

41.5 KB Created: 2018-12-07 18:29:55 +03:00 Authoring application: Microsoft® Word 2010 (via Acrobat Distiller 11.0 (Windows))
MD5: 52ea6e05bccd1fbe6ac2e2a3f6b06f49 SHA-1: ac1735d532214c9c04e9d48f52e14c3bda7964e4 SHA-256: 36e924c51bbbbff0bceb3082cdac59e8e138e024a83d676f08dbf371e2d19436
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF contains a large number of embedded URLs pointing to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. This suggests a link farm or a method to distribute malicious content indirectly. The ML_NYX_PDF_MALICIOUS heuristic further supports the malicious nature of the file. No scripts were extracted, and the document body was heavily obfuscated, limiting further analysis of the specific payload.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/eigenvalue-techniques-in-design-and-graph-theory-mathematical-centre-tracts.pdf
    • http://www.gorillawalker.com/theirs-is-the-kingdom-celebrating-the-gospel.pdf
    • http://www.gorillawalker.com/balearic-islands-hildebrand-trave.pdf
    • http://www.gorillawalker.com/fodor-s-las-vegas-2015-full-color-travel-guide.pdf
    • http://www.gorillawalker.com/new-international-dictionary-of-old-testament-theology-exegesis-6-0.pdf
    • http://www.gorillawalker.com/blood-work-terry-mccaleb-book-1-kindle-edition.pdf
    • http://www.gorillawalker.com/the-nordic-nymphos-the-alien-sex-chronicles-book-6.pdf
    • http://www.gorillawalker.com/problems-in-health-care-law-challenges-for-the-21st-century.pdf
    • http://www.gorillawalker.com/pocket-prague-a-highly-selective-easy-to-use-guide.pdf
    • http://www.gorillawalker.com/bitter-is-the-new-black-confessions-of-a-condescending-egomaniacal.pdf
    • http://www.gorillawalker.com/warhammer-armies-orcs-goblins.pdf
    • http://www.gorillawalker.com/asia-class-structure-and-economic-growth-india-and-pakistan-since.pdf
    • http://www.gorillawalker.com/oracle-pl-sql-programming-fundamentals-a-tutorial-by-examples.pdf
    • http://www.gorillawalker.com/modern-strategy.pdf
    • http://www.gorillawalker.com/immersion-mastery.pdf
    • http://www.gorillawalker.com/physics-of-magnetism.pdf
    • http://www.gorillawalker.com/fun-with-the-family-tennessee-4th-hundreds-of-ideas-for.pdf
    • http://www.gorillawalker.com/private-banking-in-europe-rise-retreat-and-resurgence.pdf
    • http://www.gorillawalker.com/international-symposium-on-psoriasis-skin-pharmacology.pdf
    • http://www.gorillawalker.com/aurality-listening-and-knowledge-in-nineteenth-century-colombia-sign-storage.pdf
    • http://www.gorillawalker.com/layout-for-duct-fittings-indoor-environment-technician-s-library.pdf
    • http://www.gorillawalker.com/spittin-game.pdf
    • http://www.gorillawalker.com/society-and-technological-change-print-replica-kindle-edition.pdf
    • http://www.gorillawalker.com/hailey-s-bali-diary.pdf
    • http://www.gorillawalker.com/p-s-i-hate-it-here-kids-letters-from-camp.pdf
    • http://www.gorillawalker.com/houghton-mifflin-harcourt-on-core-mathematics-student-workbook-grade-3.pdf
    • http://www.gorillawalker.com/jeb-stuart.pdf
    • http://www.gorillawalker.com/the-essentials-of-marketing-research.pdf
    • http://www.gorillawalker.com/on-linear-and-nonlinear-single-error-correcting-q-nary-perfect.pdf
    • http://www.gorillawalker.com/manual-of-the-mercentary-soldier-a-guide-to-mercenary-war.pdf
    • http://www.gorillawalker.com/mckenzie-montana-skies-v1.pdf
    • http://www.gorillawalker.com/may-earth-rise-book-four-in-the-dreamer-s-cycle.pdf
    • http://www.gorillawalker.com/eating-well-take-care-of-yourself.pdf
    • http://www.gorillawalker.com/breakfast-is-bullsh-t-how-you-will-lose-weight-and.pdf
    • http://www.gorillawalker.com/magnetic-the-art-of-attracting-business.pdf
    • http://www.gorillawalker.com/ideology-and-christianity-in-japan-routledge-leiden-series-in-modern.pdf
    • http://www.gorillawalker.com/jesus-christmas-party-the-musical.pdf
    • http://www.gorillawalker.com/roman-architecture-great-ages-of-world-architecture.pdf
    • http://www.gorillawalker.com/kilt-playwrights-canada-press.pdf
    • http://www.gorillawalker.com/heathentown.pdf
    • http://www.gorillawalker.com/new-international-dictionary-of-old-test
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.