Malicious PDF — malware analysis report

Static analysis result for SHA-256 555b5d98b2783c6b…

MALICIOUS

PDF

44.7 KB Created: 2019-02-14 08:26:41 +03:00 Authoring application: QuarkXPressª: LaserWriter 8 8.5.1 (via Acrobat Distiller 3.01 for Power Macintosh)
MD5: ec704932b87777668f35d8227f7d4dd7 SHA-1: 96e8e07c730668dae40cbd0cb98e728cfaf1bc57 SHA-256: 555b5d98b2783c6b5f99b00827fa76202dc416623716ff44095cda56bedb6497
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF contains a large number of external links, identified by the PDF_SEO_LINK_FARM heuristic, pointing to various PDF documents on www.gorillawalker.com. The ML_NYX_PDF_MALICIOUS heuristic also flagged the document with high confidence. While no scripts were extracted, the sheer volume of links suggests a malicious intent, possibly for SEO manipulation or to serve as a distribution point for further malware. The embedded URLs are the primary IOCs.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9016

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-florentine-codex-a-general-history-of-the-things-of.pdf
    • http://www.gorillawalker.com/the-tarot-history-symbolism-and-divination.pdf
    • http://www.gorillawalker.com/coal-combustion-chemistry-correlation-aspects-coal-science-and-technology-six.pdf
    • http://www.gorillawalker.com/craving-silence-cowboys-and-werewolves-1-siren-publishing-menage-amour.pdf
    • http://www.gorillawalker.com/when-the-comics-went-to-war.pdf
    • http://www.gorillawalker.com/path-of-a-patriot.pdf
    • http://www.gorillawalker.com/fine-art-wedding-photography-how-to-capture-images-with-style.pdf
    • http://www.gorillawalker.com/infusion-nursing-standards-of-practice-journal-of-infusion-nursing-supplement.pdf
    • http://www.gorillawalker.com/cd-of-audio-examples-for-elements-of-music.pdf
    • http://www.gorillawalker.com/studyguide-for-process-geomorphology-by-ritter-kochel-miller-4th-fourth.pdf
    • http://www.gorillawalker.com/you-re-hired-business-basics-every-babysitter-needs-to-know.pdf
    • http://www.gorillawalker.com/intellectual-and-cultural-change-in-central-and-eastern-europe-new.pdf
    • http://www.gorillawalker.com/cadivel-a-town-by-the-rough-edges-of-the-sea.pdf
    • http://www.gorillawalker.com/apuntes-para-la-historia-eclesiastica-del-per-arzobispado-de-lima.pdf
    • http://www.gorillawalker.com/los-grandes-iniciados-spanish-edition.pdf
    • http://www.gorillawalker.com/introduction-to-clinical-psychology-7th-edition.pdf
    • http://www.gorillawalker.com/aat-personal-tax-fa2012-question-bank-l4o-paperback-common.pdf
    • http://www.gorillawalker.com/queer-america-a-people-s-glbt-history-of-the-united.pdf
    • http://www.gorillawalker.com/the-kidnapping-of-madame-storey-and-other-stories.pdf
    • http://www.gorillawalker.com/novak.pdf
    • http://www.gorillawalker.com/aviation-maintenance-ratings-supervisor.pdf
    • http://www.gorillawalker.com/level-3a-theory-book-piano-adventures.pdf
    • http://www.gorillawalker.com/die-arzte-bast-of-songbook-schlagzeug-ausgabe-german-edition.pdf
    • http://www.gorillawalker.com/vanishing-cultures-down-under.pdf
    • http://www.gorillawalker.com/the-ecology-of-a-tropical-forest-seasonal-rhythms-and-long.pdf
    • http://www.gorillawalker.com/outsourcing-the-digitization-and-encoding-of-legacy-finding-aids.pdf
    • http://www.gorillawalker.com/6-pillars-for-the-believer-volume-6-six-pillars-for.pdf
    • http://www.gorillawalker.com/diagnosis-of-ill-health-in-trees.pdf
    • http://www.gorillawalker.com/bartolome-de-las-casas-en-el-peru-el-espiritu-lascasiano.pdf
    • http://www.gorillawalker.com/fema-310-seismic-evaluation-of-buildings-boise-district-office-building.pdf
    • http://www.gorillawalker.com/mysteries-books-for-children-the-clue-finder-club-the-case.pdf
    • http://www.gorillawalker.com/amish-sunrise-blessings-christmas-boxed-set-kindle-edition.pdf
    • http://www.gorillawalker.com/the-new-cultures-of-food-food-and-agricultural-marketing.pdf
    • http://www.gorillawalker.com/automobile-heating-and-cooling-s-p-society-of-automotive-engineers.pdf
    • http://www.gorillawalker.com/operatic-vocal-score-bellini-s-norma-lyric-tragedy-in-two.pdf
    • http://www.gorillawalker.com/be-the-chief-executive-of-your-executive-functions-the-entreprenuerial.pdf
    • http://www.gorillawalker.com/bristol-football-club-rfu-1888-1945-archive-photographs-images-of.pdf
    • http://www.gorillawalker.com/journey-into-barbary-travels-across-morocco-by-lewis-wyndham-2013.pdf
    • http://www.gorillawalker.com/sheet-music-wir-geniessen-die-himmlischen-freuden-in-the-pleasures.pdf
    • http://www.gorillawalker.com/surviving-academia-a-guide-to-new-professors.pdf
    • http://www.gorillawalker.com/pat
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.