Malicious PDF — malware analysis report

Static analysis result for SHA-256 4656bd76acc1a536…

MALICIOUS

PDF

44.5 KB Created: 2018-11-23 21:09:22 +03:00 Authoring application: doPDF Ver 7.1 Build 349 (Windows XP Professional Edition (SP 3) - Version: 5.1.2600 (x86))
MD5: d940e4f090e10be2a38ae9ee6a2f328e SHA-1: 1356d8b198da032e9b47ca9f6144679b3b4d6cf0 SHA-256: 4656bd76acc1a536e3e67a890f780626220ed217a72f2d0c879df4c38d7e3396
90 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell

The PDF contains a large number of external links, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML_NYX_PDF_MALICIOUS classifier also flagged this document with high confidence. The embedded URLs point to a domain that appears to be used for hosting numerous PDF files, suggesting a link farm or SEO manipulation tactic. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9171

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/nuclear-medicine-and-radiation-therapy-in-advanced-technology-basic-research.pdf
    • http://www.gorillawalker.com/residualgewinnmodell-und-pers-nliche-steuern-eine-empirische-untersuchung-am-deutschen.pdf
    • http://www.gorillawalker.com/diagnosis-of-internal-derangements-of-the-temporomandibular-joint-volume-1.pdf
    • http://www.gorillawalker.com/a-combined-mri-and-histology-atlas-of-the-rhesus-monkey.pdf
    • http://www.gorillawalker.com/discipleship-bible-book-shelf-1q14-kindle-edition.pdf
    • http://www.gorillawalker.com/trochas-y-fusiles-spanish-edition.pdf
    • http://www.gorillawalker.com/film-posters-of-the-40s-the-essential-movies-of-the.pdf
    • http://www.gorillawalker.com/milady-s-standard-cosmetology-package-2012.pdf
    • http://www.gorillawalker.com/regressing-the-heiress-historical-victorian-abdl-age-play-erotic-romance.pdf
    • http://www.gorillawalker.com/clinical-methods-in-pediatrics.pdf
    • http://www.gorillawalker.com/terrorism-and-the-constitution-sacrificing-civil-liberties-in-the-name.pdf
    • http://www.gorillawalker.com/science-level-1.pdf
    • http://www.gorillawalker.com/sea-fare-a-chef-s-journey-across-the-ocean.pdf
    • http://www.gorillawalker.com/the-alphabet-book-mobile-book-mobiles.pdf
    • http://www.gorillawalker.com/athalie-op-74-overture-bassoon-1-and-2-parts-qty.pdf
    • http://www.gorillawalker.com/checking-santa-s-list-a-bwwm-erotic-holiday-kindle-edition.pdf
    • http://www.gorillawalker.com/madame-de-sevigne.pdf
    • http://www.gorillawalker.com/apollo-s-fire-igniting-america-s-clean-energy-economy.pdf
    • http://www.gorillawalker.com/natural-healing-for-children-an-essential-handbook-for-parents.pdf
    • http://www.gorillawalker.com/coniqua-s-surprise-pregnancy-bwwm-first-time-pregnancy-romance.pdf
    • http://www.gorillawalker.com/fury-on-soufriere-hills.pdf
    • http://www.gorillawalker.com/outlines-of-ecclesiastical-history-a-text-book-classics-in-mormon.pdf
    • http://www.gorillawalker.com/there-s-a-man-with-a-gun-over-there.pdf
    • http://www.gorillawalker.com/the-history-of-british-women-s-writing-1690-1750-volume.pdf
    • http://www.gorillawalker.com/handbook-of-crystal-growth-second-edition-thin-films-and-epitaxy.pdf
    • http://www.gorillawalker.com/law-of-schools-students-and-teachers-in-a-nutshell.pdf
    • http://www.gorillawalker.com/ready-to-use-performance-appraisals-downloadable-customizable-tools-for-better.pdf
    • http://www.gorillawalker.com/the-catena-in-marcum-a-byzantine-anthology-of-early-commentary.pdf
    • http://www.gorillawalker.com/lose-4.pdf
    • http://www.gorillawalker.com/algebraic-theory-of-automata-languages.pdf
    • http://www.gorillawalker.com/hungary-geocenter-euro-map.pdf
    • http://www.gorillawalker.com/seasons-of-heron-pond-wildings-of-air-earth-and-water.pdf
    • http://www.gorillawalker.com/chocolate-cocoa-recipes-by-miss-porloa-and-hand-made-candy.pdf
    • http://www.gorillawalker.com/architectural-stone-fabrication-installation-and-selection.pdf
    • http://www.gorillawalker.com/insect-pests-in-tropical-forestry.pdf
    • http://www.gorillawalker.com/dinghy-systems.pdf
    • http://www.gorillawalker.com/100-years-of-women-s-wisdom.pdf
    • http://www.gorillawalker.com/kindaichi-case-files-the-kindaichi-the-killer-part-2.pdf
    • http://www.gorillawalker.com/chapter-and-unit-tests-with-answer-key-holt-call-to.pdf
    • http://www.gorillawalker.com/my-life-with-a-criminal-makers-of-kenya-s-history.pdf
    • http://www.gorillawalker.com/di
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.