Malicious PDF — malware analysis report

Static analysis result for SHA-256 54e93db891d3f2ea…

MALICIOUS

PDF

41.1 KB Created: 2018-12-14 10:24:02 +03:00 Authoring application: UnknownApplication (via XEP 4.4 build 20050610)
MD5: beb13616b8b454501bb3a8e436fcb9da SHA-1: 68bdb25e5b5ed439030d3dbd2798f172f7ebd327 SHA-256: 54e93db891d3f2eadb531bdb6c9588b0b2e3d1002a983e7e6bee791a1b8d53f1
90 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged this PDF as malicious. The document body is heavily obfuscated and appears to contain the URLs, suggesting a link farm or SEO poisoning tactic to drive traffic to potentially malicious content hosted on www.gorillawalker.com.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/caterham-sevens-the-official-story-of-a-unique-british-sportscar.pdf
    • http://www.gorillawalker.com/intermediate-algebra-books-a-la-carte-edition-4th-edition.pdf
    • http://www.gorillawalker.com/day-of-the-dragons-the-girl-in-the-corner-clockhaven.pdf
    • http://www.gorillawalker.com/under-two-dictators-prisoner-of-stalin-and-hitler-with-an.pdf
    • http://www.gorillawalker.com/duality-in-vector-optimization.pdf
    • http://www.gorillawalker.com/recorder-technique.pdf
    • http://www.gorillawalker.com/de-mendigo-a-principe-spanish-edition.pdf
    • http://www.gorillawalker.com/raising-kids-who-can-protect-themselves.pdf
    • http://www.gorillawalker.com/atlas-of-topographical-anatomy-of-the-dog-kindle-edition.pdf
    • http://www.gorillawalker.com/desert-run.pdf
    • http://www.gorillawalker.com/tales-of-magistrate-bao-and-his-valiant-lieutenants.pdf
    • http://www.gorillawalker.com/disorders-of-voluntary-muscle.pdf
    • http://www.gorillawalker.com/und-pl-tzlich-wurde-es-still-german-edition.pdf
    • http://www.gorillawalker.com/anthropology-at-the-front-lines-of-gender-based-violence-paperback.pdf
    • http://www.gorillawalker.com/the-sports-law-casebook-milestones-in-the-economics-of-sports.pdf
    • http://www.gorillawalker.com/russian-organized-crime-cummings-center-series.pdf
    • http://www.gorillawalker.com/dyspnea-in-hospice-kindle-edition.pdf
    • http://www.gorillawalker.com/the-trial-statements-of-ray-luc-levasseur-the-trial-statement.pdf
    • http://www.gorillawalker.com/somebody-s-husband-somebody-s-son-story-of-peter-sutcliffe.pdf
    • http://www.gorillawalker.com/franklin-goes-to-school-franklin-rides-a-bike-and-franklin.pdf
    • http://www.gorillawalker.com/aaa-spiral-guide-to-dublin-aaa-spiral-guides.pdf
    • http://www.gorillawalker.com/murders-on-shades-of-death-road-kindle-edition.pdf
    • http://www.gorillawalker.com/sherlock-holmes-and-count-dracula-the-adventure-of-the-solitary.pdf
    • http://www.gorillawalker.com/contemporary-disney-duets-intermediate-to-advanced-level.pdf
    • http://www.gorillawalker.com/101-ways-to-improve-your-mind-a-guide-to-wising.pdf
    • http://www.gorillawalker.com/sensory-integration-inventory-for-individuals-with-developmental-disabilities.pdf
    • http://www.gorillawalker.com/beyond-egovernment-measuring-performance-a-global-perspective.pdf
    • http://www.gorillawalker.com/taz-g-man-series-book-4-kindle-edition.pdf
    • http://www.gorillawalker.com/incidents-of-travel-in-yucatan-vol-1.pdf
    • http://www.gorillawalker.com/oxford-handbook-of-pain-management.pdf
    • http://www.gorillawalker.com/mickelson-clarified-concordance-of-the-new-testament-an-advanced-concordance.pdf
    • http://www.gorillawalker.com/the-shepherd-s-calendar.pdf
    • http://www.gorillawalker.com/irregular-gentleman.pdf
    • http://www.gorillawalker.com/the-temple-exciting-erotic-fiction.pdf
    • http://www.gorillawalker.com/postcards-from-new-york-city-p-spanish-and-english-edition.pdf
    • http://www.gorillawalker.com/the-beloved-enemy-the-house-of-winslow-30.pdf
    • http://www.gorillawalker.com/selected-prose-kindle-edition.pdf
    • http://www.gorillawalker.com/olivia-kidney-secret-beneath-city.pdf
    • http://www.gorillawalker.com/emerging-fashion-designers-i.pdf
    • http://www.gorillawalker.com/fuzzy-techniques-in-image-processing-studies-in-fuzziness-and-soft.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.