Malicious PDF — malware analysis report

Static analysis result for SHA-256 4961c349b84c9ab7…

MALICIOUS

PDF

43.8 KB Created: 2018-11-30 20:33:56 +03:00 Authoring application: LaTeX with hyperref package (via pdfTeX-1.40.10)
MD5: d07c02c9392de687c708394074d5b3db SHA-1: ffa9ad5f7223aa8b80da152b3cb22e19f8227b34 SHA-256: 4961c349b84c9ab71b1221eb79a00790a13ba6e2caa79828d4639fbdf4521f4a
72 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell T1204.002 Malicious File

The PDF contains multiple embedded URLs pointing to PDF files on the domain 'gorillawalker.com'. The ML classifier and the presence of visible command execution instructions indicate malicious intent. The primary attack vector appears to be social engineering, tricking the user into downloading and opening a malicious PDF.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8439

Heuristics 3

  • Visible LOLBin command execution instruction high SE_LOLBIN_RUN_COMMAND
    Document contains instructions or visible command text involving Windows script/execution tools such as PowerShell, mshta, cmd, rundll32, or regsvr32
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/drums-in-the-hills.pdf
    • http://www.gorillawalker.com/lough-allen-irish-discoverer-maps.pdf
    • http://www.gorillawalker.com/russia-joint-venture-construction-plans-for-proposed-330-000-metric.pdf
    • http://www.gorillawalker.com/evidence-based-dentistry-for-the-dental-hygienist.pdf
    • http://www.gorillawalker.com/the-stammering-handbook-a-definitive-guide-to-coping-with-a.pdf
    • http://www.gorillawalker.com/auxiliary-verbs-in-english-primary-verbs-english-in-pictures-by.pdf
    • http://www.gorillawalker.com/first-little-readers-parent-pack-guided-reading-level-b-25.pdf
    • http://www.gorillawalker.com/holt-geometry-student-edition-cd-rom-set-of-25-2004.pdf
    • http://www.gorillawalker.com/fall-family-friends-cookbook-gooseberry-patch.pdf
    • http://www.gorillawalker.com/criticism-and-the-growth-of-knowledge-proceedings-of-the-colloquium.pdf
    • http://www.gorillawalker.com/bible-easter-puzzles.pdf
    • http://www.gorillawalker.com/monogatari-bundan-jinkokki-japanese-edition.pdf
    • http://www.gorillawalker.com/glyphs-moab-writers-poets-project-regional-anthology.pdf
    • http://www.gorillawalker.com/40-day-journey-to-purity-guys.pdf
    • http://www.gorillawalker.com/townsend-harris-first-american-envoy-in-japan-primary-source-edition.pdf
    • http://www.gorillawalker.com/norwich-s-maps-of-africa-an-illustrated-and-annotated-carto.pdf
    • http://www.gorillawalker.com/sudden-selector-s-guide-to-communication-studies-resources-alcts-cmds.pdf
    • http://www.gorillawalker.com/rejoicing-all-the-bible-teaches-about-kindle-edition.pdf
    • http://www.gorillawalker.com/safety-and-health-for-engineers-industrial-health-safety.pdf
    • http://www.gorillawalker.com/handbook-of-physical-measurements-oxford-handbook-series.pdf
    • http://www.gorillawalker.com/professional-cd-rom-series-five-disk-set.pdf
    • http://www.gorillawalker.com/7-myths-about-women-and-work.pdf
    • http://www.gorillawalker.com/john-the-valiant-hesperus-classics-hungarian-edition.pdf
    • http://www.gorillawalker.com/anointed-life.pdf
    • http://www.gorillawalker.com/trillion-dollar-300-large-print-word-search-puzzles-book-2.pdf
    • http://www.gorillawalker.com/sounds-of-terror-quickreads-quickreads-series-3.pdf
    • http://www.gorillawalker.com/history-of-knowledge-past-present-and-future.pdf
    • http://www.gorillawalker.com/joe-sacco-the-library-of-graphic-novelists.pdf
    • http://www.gorillawalker.com/studia-patristica-vol-xxxv-ascetica-gnostica-liturgica-orientalia.pdf
    • http://www.gorillawalker.com/cape-cod-popout-map-pop-up-street-map-of-cape.pdf
    • http://www.gorillawalker.com/what-season-is-it-rosen-common-core-readers.pdf
    • http://www.gorillawalker.com/with-more-passion.pdf
    • http://www.gorillawalker.com/a-sense-of-order-and-other-stories.pdf
    • http://www.gorillawalker.com/the-wilde-century-oscar-wilde-effeminacy-and-the-queer-moment.pdf
    • http://www.gorillawalker.com/patient-sedation-without-medication-rapid-rapport-and-quick-hypnotic-techniques.pdf
    • http://www.gorillawalker.com/ah-segnar-invano-io-tento-no-17-from-tancredi-act.pdf
    • http://www.gorillawalker.com/learning-legal-research-a-how-to-manual.pdf
    • http://www.gorillawalker.com/boy-blue-and-his-friends.pdf
    • http://www.gorillawalker.com/legends-idunna-s-enchanted-apples-part-1-of-3-premium.pdf
    • http://www.gorillawalker.com/the-conception-of-god-a-philosophical-discussion-concerning-the-nature.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.