Malicious PDF — malware analysis report

Static analysis result for SHA-256 81c4431cc5b95d99…

MALICIOUS

PDF

46.4 KB Created: 2018-11-26 20:03:21 +03:00 Authoring application: BookVirtual Digital Works (via BookVirtual Corp. Patents Pending.)
MD5: 01ac9b4c22752542c794aa4a4c8bf36c SHA-1: ffe462f3b7e45ed4ad6302648ce4c9c94bb9f5f1 SHA-256: 81c4431cc5b95d99fe4ab1e4622e5a1ff4f32a4172526d8d1e2ab00577369271
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF contains a large number of embedded links pointing to external PDF files on the domain www.gorillawalker.com. This is indicative of a link farm or SEO manipulation tactic. The ML classifier also flagged this PDF as malicious. No scripts were extracted from this sample, and the document body was heavily obfuscated, preventing a deeper analysis of its specific intent beyond link distribution.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8026

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/after-ikkyu-and-other-poems.pdf
    • http://www.gorillawalker.com/halsbury-s-laws-of-england-volume-2-2.pdf
    • http://www.gorillawalker.com/prohibition-american-history-lucent-hardcover.pdf
    • http://www.gorillawalker.com/hidden-worldviews-eight-cultural-stories-that-shape-our-lives.pdf
    • http://www.gorillawalker.com/sanctuary-in-the-wilderness-a-critical-introduction-to-american-hebrew.pdf
    • http://www.gorillawalker.com/the-mammoth-book-of-scottish-romance.pdf
    • http://www.gorillawalker.com/urban-sustainability-in-theory-and-practice-circles-of-sustainability-advances.pdf
    • http://www.gorillawalker.com/after-the-merger-the-authoritative-guide-for-integration-success-revised.pdf
    • http://www.gorillawalker.com/this-is-belgian-chocolate-manifestations-of-poetry.pdf
    • http://www.gorillawalker.com/be-compassionate-luke-1-13-let-the-world-know-that.pdf
    • http://www.gorillawalker.com/the-manual-of-cultivated-orchid-species-3rd-edition.pdf
    • http://www.gorillawalker.com/kinetics-applied-to-organic-reactions-studies-in-organic-chemistry-v.pdf
    • http://www.gorillawalker.com/miss-jane-austen-s-guide-to-modern-life-s-dilemmas.pdf
    • http://www.gorillawalker.com/biblical-year-2010-wall-calendar-calendar.pdf
    • http://www.gorillawalker.com/german-infantry-in-action-weapons-combat-troops-no-2.pdf
    • http://www.gorillawalker.com/the-consumer-s-guide-to-effective-environmental-choices-practical-advice.pdf
    • http://www.gorillawalker.com/vail-colorado-triumph-of-a-dream.pdf
    • http://www.gorillawalker.com/skymaul-2-where-america-buys-his-stuff.pdf
    • http://www.gorillawalker.com/cameron-s-control-enthrall-novella-1.pdf
    • http://www.gorillawalker.com/federal-communications-laws-2013-ed.pdf
    • http://www.gorillawalker.com/decisions-decisions-the-dynamics-of-choice-chrysalis-readers.pdf
    • http://www.gorillawalker.com/the-treaty-of-nice.pdf
    • http://www.gorillawalker.com/benighted-arrival.pdf
    • http://www.gorillawalker.com/diccionario-biografico-de-personajes-historicos-del-siglo-xx-espanol-biographical.pdf
    • http://www.gorillawalker.com/the-religious-origins-of-american-freedom-and-equality-a-response.pdf
    • http://www.gorillawalker.com/scott-2012-standard-postage-stamp-catalogue-volume-2-countries-of.pdf
    • http://www.gorillawalker.com/the-young-entrepreneur-what-young-entrepreneurs-can-teach-all-people.pdf
    • http://www.gorillawalker.com/math-jokes-4-mathy-folks.pdf
    • http://www.gorillawalker.com/not-by-bread-alone-the-biblical-and-historical-evidence-for.pdf
    • http://www.gorillawalker.com/they-call-me-baba-booey.pdf
    • http://www.gorillawalker.com/due-diligence-periodic-reports-and-securities-offerings-2012-2013-ed.pdf
    • http://www.gorillawalker.com/the-long-peace-ottoman-lebanon-1861-1920.pdf
    • http://www.gorillawalker.com/ancient-mythologies-india-persia-babylon-egypt.pdf
    • http://www.gorillawalker.com/artes-de-mexico-3-la-talavera-de-puebla-talavera-pottery.pdf
    • http://www.gorillawalker.com/nante-el-grande-sobre-ruedas-3-spanish-edition-nate-el.pdf
    • http://www.gorillawalker.com/anatomy-for-martial-artists.pdf
    • http://www.gorillawalker.com/power-of-the-blood.pdf
    • http://www.gorillawalker.com/check-your-vocabulary-for-natural-collocations-all-you-need-to.pdf
    • http://www.gorillawalker.com/animal-behavior-theory-and-research.pdf
    • http://www.gorillawalker.com/primary-comprehension-skills-book-2-bk-2.pdf
    • http://www.gorillawalker.com/sanctuary-in-the-wilderne
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.