Malicious PDF — malware analysis report

Static analysis result for SHA-256 79865a7c6878e850…

MALICIOUS

PDF

44.2 KB Created: 2019-04-10 14:11:27 +03:00 Authoring application: Word 10.0 (via AFPL Ghostscript 8.13)
MD5: aa7ff2edafe90c00e4f63f58d10487a5 SHA-1: 6b5506456cdff238f8f9c1948abf41faa14e2fab SHA-256: 79865a7c6878e8509ffb00bdfadb18954333eebb2965b731f62444fdacbb1fca
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF file contains a large number of embedded links pointing to external PDF documents on the domain www.gorillawalker.com. This behavior is indicative of a link farm, often used for SEO manipulation or to distribute malicious content. The ML classifier also flagged this PDF as malicious with a high probability. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8824

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/come-and-have-breakfast-a-kitchen-calendar-with-breakfast-ideas.pdf
    • http://www.gorillawalker.com/the-history-of-cartography-vol-2-cartography-in-the-traditional.pdf
    • http://www.gorillawalker.com/eec-fisheries-law.pdf
    • http://www.gorillawalker.com/sauer-morphology-physiology-and-behavioral-biology-of-ticks.pdf
    • http://www.gorillawalker.com/crossroad-blues-nick-travers-book-1.pdf
    • http://www.gorillawalker.com/living-abroad-in-costa-rica.pdf
    • http://www.gorillawalker.com/a-real-cowboy-rides-a-motorcycle-wyoming-rebels.pdf
    • http://www.gorillawalker.com/a-retargetable-c-compiler-design-and-implementation.pdf
    • http://www.gorillawalker.com/die-fledermaus-the-bat-an-operetta-in-three-acts-kalmus.pdf
    • http://www.gorillawalker.com/rappin-with-jesus-the-good-news-according-to-the-four.pdf
    • http://www.gorillawalker.com/gate-of-the-sun.pdf
    • http://www.gorillawalker.com/the-aesthetics-of-darkness-a-study-of-hellenistic-romanticism-in.pdf
    • http://www.gorillawalker.com/the-essay-a-novel.pdf
    • http://www.gorillawalker.com/chaplin-in-the-sound-era-an-analysis-of-the-seven.pdf
    • http://www.gorillawalker.com/padres-sin-derechos-hijos-sin-deberes.pdf
    • http://www.gorillawalker.com/timeless-voices-timeless-themes-california-edition-copper-level.pdf
    • http://www.gorillawalker.com/solitary-apprenticeship-james-wright-and-german-poetry-distinguished-dissertations.pdf
    • http://www.gorillawalker.com/non-dualism-in-eckhart-julian-of-norwich-and-traherne-a.pdf
    • http://www.gorillawalker.com/conquering-your-child-s-chronic-pain-a-pediatrician-s-guide.pdf
    • http://www.gorillawalker.com/les-liaisons-dangereuses-french-edition.pdf
    • http://www.gorillawalker.com/social-care-and-the-law-an-nvq-related-reference-guide.pdf
    • http://www.gorillawalker.com/pamela-tiffin-hollywood-to-rome-1961-1974.pdf
    • http://www.gorillawalker.com/metodos-5bx-para-hombres-xbx-para-mujeres-spanish-edition.pdf
    • http://www.gorillawalker.com/baba-bulleh-shah-the-pearl-of-punjab-selective-kafis-of.pdf
    • http://www.gorillawalker.com/by-raymond-r-ashdown-bvsc-phd-mrcvs-stephen-w-barnett.pdf
    • http://www.gorillawalker.com/faking-it-mock-documentary-and-the-subversion-of-factuality.pdf
    • http://www.gorillawalker.com/dawkins-en-observaci-n-spanish-edition.pdf
    • http://www.gorillawalker.com/minecraft-mc-gaming-expert-awesome-combat-guide-unofficial-minecraft-guides.pdf
    • http://www.gorillawalker.com/quick-and-easy-protein-bars-kindle-edition.pdf
    • http://www.gorillawalker.com/clinton-cash-the-untold-story-of-how-and-why-foreign.pdf
    • http://www.gorillawalker.com/rats-saw-god-kindle-edition.pdf
    • http://www.gorillawalker.com/the-other-victorians-a-study-of-sexuality-and-pornograhy-in.pdf
    • http://www.gorillawalker.com/surf-s-up-for-kimo.pdf
    • http://www.gorillawalker.com/ballroom-dancing-teach-yourself.pdf
    • http://www.gorillawalker.com/lucky-peach-issue-16.pdf
    • http://www.gorillawalker.com/insect-pests-and-their-control.pdf
    • http://www.gorillawalker.com/the-fundamental-principles-of-old-and-new-world-civilizations-a.pdf
    • http://www.gorillawalker.com/the-cruellest-game-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/natural-chemicals-in-sediments.pdf
    • http://www.gorillawalker.com/action-science-relevant-teaching-and-active-learning.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.