Malicious PDF — malware analysis report

Static analysis result for SHA-256 4c8ddb336a2127cd…

MALICIOUS

PDF

44.0 KB Created: 2019-03-17 02:33:42 +03:00 Authoring application: LaTeX with hyperref package (via pdfTeX-1.40.17)
MD5: be22481b2a9016fb1309a1fde616b0bf SHA-1: c322d28c80308f816b7a8402b50679c4f6d0f44c SHA-256: 4c8ddb336a2127cdf6b592453629c27a03f0421c7e70c7fe2096b66333742c3d
72 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell

The PDF contains a heuristic firing for an external URI pointing to a PDF file, and another for a password-protected archive lure. This suggests the document is designed to trick the user into downloading a password-protected file, likely containing malware. The ML classifier also flagged this PDF as malicious. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8859

Heuristics 3

  • Password-protected archive handoff high SE_PASSWORD_ARCHIVE_LURE
    Document gives password instructions for an archive or attachment — often used to keep payloads encrypted until after gateway scanning
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/understand-your-rights-because-you-re-about-to-lose-them.pdf
    • http://www.gorillawalker.com/sliders-the-classic-episodes.pdf
    • http://www.gorillawalker.com/the-chinese-laundryman-a-study-of-social-isolation-new-york.pdf
    • http://www.gorillawalker.com/early-start-denver-model-for-young-children-with-autism-promoting.pdf
    • http://www.gorillawalker.com/mathematics-of-multidimensional-seismic-imaging-migration-and-inversion-interdisciplinary-applied.pdf
    • http://www.gorillawalker.com/key-concepts-in-politics-and-international-relations-palgrave-key-concepts.pdf
    • http://www.gorillawalker.com/miss-penelope-s-letters.pdf
    • http://www.gorillawalker.com/musings-of-a-full-moon.pdf
    • http://www.gorillawalker.com/the-theologian-slave-trader.pdf
    • http://www.gorillawalker.com/shakespearean-whodunnits.pdf
    • http://www.gorillawalker.com/forty-days-and-forty-nights-devotions-for-new-mothers.pdf
    • http://www.gorillawalker.com/transformational-and-charismatic-leadership-volume-2-the-road-ahead-monographs.pdf
    • http://www.gorillawalker.com/the-qur-an-a-translation.pdf
    • http://www.gorillawalker.com/how-to-survive-getting-into-college-by-hundreds-of-students.pdf
    • http://www.gorillawalker.com/family-maps-of-williamson-county-illinois.pdf
    • http://www.gorillawalker.com/rand-mcnally-folded-map-o-ahu-honolulu-rand-mcnally-streets.pdf
    • http://www.gorillawalker.com/archaeology-in-law.pdf
    • http://www.gorillawalker.com/jovens-em-movimento-a-constru-o-da-identidade-em-contexto.pdf
    • http://www.gorillawalker.com/coachisms-winning-words-from-the-country-s-finest-coaches.pdf
    • http://www.gorillawalker.com/feminist-legal-theory-vol-1.pdf
    • http://www.gorillawalker.com/the-green-and-the-brown-a-history-of-conservation-in.pdf
    • http://www.gorillawalker.com/sacraments-of-healing.pdf
    • http://www.gorillawalker.com/polyphilo-or-the-dark-forest-revisited-an-erotic-epiphany-of.pdf
    • http://www.gorillawalker.com/new-hampshire-civil-jury-instructions-2013-edition.pdf
    • http://www.gorillawalker.com/medieval-iberia-an-encyclopedia-routledge-encyclopedias-of-the-middle-ages.pdf
    • http://www.gorillawalker.com/from-athens-to-beijing-the-history-of-the-olympic-games.pdf
    • http://www.gorillawalker.com/kaiser-wilhelm-ii-a-concise-life.pdf
    • http://www.gorillawalker.com/understanding-psychology-books-a-la-carte-edition-plus-revel-access.pdf
    • http://www.gorillawalker.com/microbiology-an-introduction-6th-edition.pdf
    • http://www.gorillawalker.com/power-electronics-in-transportation-october-24-25-1996-dearborn-michigan.pdf
    • http://www.gorillawalker.com/catching-death-hunters-and-reapers-book-1.pdf
    • http://www.gorillawalker.com/food-its-evolution-through-the-ages.pdf
    • http://www.gorillawalker.com/bride-of-the-water-god-volume-3.pdf
    • http://www.gorillawalker.com/buying-a-home-in-italy-a-survival-handbook.pdf
    • http://www.gorillawalker.com/flexible-sleeved-pile-foundations-for-aseismic-design-final-report-publication.pdf
    • http://www.gorillawalker.com/introduction-to-nanotechnology.pdf
    • http://www.gorillawalker.com/chinese-giant-salamanders-giant-animals.pdf
    • http://www.gorillawalker.com/vulnerability-of-watersheds-to-climate-change-assessed-by-neural-network.pdf
    • http://www.gorillawalker.com/einstein-and-the-ether.pdf
    • http://www.gorillawalker.com/understanding-the-bible-a-guide-to-reading-and-enjoying-scripture.pdf
    • http://www.gorillawalker.com/early-start-denver-model-f
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.