Malicious PDF — malware analysis report

Static analysis result for SHA-256 4aa123b453f4b314…

MALICIOUS

PDF

43.3 KB Created: 2018-12-15 20:07:17 +03:00 Authoring application: - (via Xerox Fiery DC250 2.0[EFI Cyclone])
MD5: c494c95e4d86e846b3375f9cb67cfa57 SHA-1: f65443b361339ee447c2c040d2933e4df29e2b77 SHA-256: 4aa123b453f4b3147d73598617caf7373a17669e893cf5881fa72794575922bc
72 Risk Score

Malware Insights

MITRE ATT&CK
T1204.002 Malicious File T1566.002 Spearphishing Attachment

The PDF contains a heuristic firing for a remote support tool lure, indicating it's designed to trick users into installing potentially malicious software. The document body is heavily obfuscated, but the presence of external URIs and the ML classifier's high confidence score suggest malicious intent. The primary IOC is the external URI found within the document.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8452

Heuristics 3

  • Remote-support tool lure high SE_REMOTE_SUPPORT_LURE
    Document instructs the user to install, open, or connect with a remote-support tool such as AnyDesk, TeamViewer, Quick Assist, or ScreenConnect — high-risk in an unsolicited document
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/analyzing-social-networks.pdf
    • http://www.gorillawalker.com/canciones-en-mi-corazon-poemas-e-ilustraciones-de-matthew-joseph.pdf
    • http://www.gorillawalker.com/the-anzac-horsemen.pdf
    • http://www.gorillawalker.com/cuaderno-de-practica-harcourt-ciencias-spanish-edition.pdf
    • http://www.gorillawalker.com/taverna-the-best-of-casual-mediterranean-cooking-1996-publication.pdf
    • http://www.gorillawalker.com/poppleton-forever.pdf
    • http://www.gorillawalker.com/wandering-in-many-worlds-an-autobiography.pdf
    • http://www.gorillawalker.com/spot-the-bird.pdf
    • http://www.gorillawalker.com/max-habla-sobre-la-vida-spanish-edition.pdf
    • http://www.gorillawalker.com/the-best-american-sports-writing-2013.pdf
    • http://www.gorillawalker.com/what-top-talented-people-think-kindle-edition.pdf
    • http://www.gorillawalker.com/the-miracle-of-lourdes-a-message-of-healing-and-hope.pdf
    • http://www.gorillawalker.com/trains-the-history-of-railroads-wheels.pdf
    • http://www.gorillawalker.com/intelligent-control-developments-in-public-order-policing-in-canada.pdf
    • http://www.gorillawalker.com/diary-of-a-minecraft-creeper-book-2-an-unofficial-minecraft.pdf
    • http://www.gorillawalker.com/pictorial-archive-of-decorative-frames-and-labels-550-copyright-free.pdf
    • http://www.gorillawalker.com/trusts-and-estates-concepts-and-insights.pdf
    • http://www.gorillawalker.com/at-the-altar-of-the-world-the-pontificate-of-john.pdf
    • http://www.gorillawalker.com/fd-mexico-city-1987.pdf
    • http://www.gorillawalker.com/comment-r-diger-un-cv-efficace-les-conseils-pour-booster.pdf
    • http://www.gorillawalker.com/imagine-you-thin-you-can-do-it-all-from-within.pdf
    • http://www.gorillawalker.com/icd-10-cm-pcs-coding-theory-and-practice-2016-edition.pdf
    • http://www.gorillawalker.com/mines-of-the-gwydyr-forest-the-hafna-mine-llanrwst-and.pdf
    • http://www.gorillawalker.com/dr-murkes-gesammeltes-schweigen-fiction-poetry-and-drama-fiction-poetry.pdf
    • http://www.gorillawalker.com/hand-book-your-life-is-in-your-hands-real-palmistry.pdf
    • http://www.gorillawalker.com/writing-erotic-fiction-and-getting-published-teach-yourself-mcgraw-hill.pdf
    • http://www.gorillawalker.com/system-forensics-investigation-and-response-information-systems-security-assurance.pdf
    • http://www.gorillawalker.com/tennis-talk-psych-yourself-to-win-affirmations-for-mental-fitness.pdf
    • http://www.gorillawalker.com/let-s-visit-libya.pdf
    • http://www.gorillawalker.com/renegade-lady-renegade-sons-mc-volume-1.pdf
    • http://www.gorillawalker.com/amici-a-text-for-begginers-in-italian-italian-edition.pdf
    • http://www.gorillawalker.com/sugar-free-on-the-go-recipes-and-sugar-free-vitamix.pdf
    • http://www.gorillawalker.com/dire-str8ts-the-gr8-new-number-logic-puzzle.pdf
    • http://www.gorillawalker.com/shadows-at-the-spring-show-an-antique-print-mystery-antique.pdf
    • http://www.gorillawalker.com/hell-gate.pdf
    • http://www.gorillawalker.com/h-m-s-pinafore-act-i-song-when-i-was.pdf
    • http://www.gorillawalker.com/rosie-rabbit-s-colors.pdf
    • http://www.gorillawalker.com/the-seth-material-a-bantam-book.pdf
    • http://www.gorillawalker.com/ccna-exam-prep-exam-640-802-2nd-edition.pdf
    • http://www.gorillawalker.com/routledge-library-editions-epistemology-the-logic-of-personal-knowledge-essays.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.