Malicious PDF — malware analysis report

Static analysis result for SHA-256 8e6bb71f823a8157…

MALICIOUS

PDF

43.2 KB Created: 2018-11-14 08:18:56 +03:00 Authoring application: Adobe InDesign CS3 (5.0.3) (via Adobe PDF Library 8.0)
MD5: 5b75df38dc99088a017d484703e1302c SHA-1: fd20da049bdca369b5746a0cfc04d7b182c74e74 SHA-256: 8e6bb71f823a8157bb76dd874c7acfb41da1e2be749f79509c069ac4f0f5ad6b
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF file exhibits a critical heuristic firing for a link farm, containing 32 external links to other PDF documents hosted on www.gorillawalker.com. This suggests a likely SEO manipulation or content distribution tactic. While no scripts were extracted, the sheer volume of links points towards a malicious intent to direct users to potentially harmful content. The ML classifier also flagged this PDF with high confidence.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8859

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/quicken-for-contractors.pdf
    • http://www.gorillawalker.com/barrons-how-to-prepare-for-the-asvab-armed-services-vocational.pdf
    • http://www.gorillawalker.com/in-here-out-there-ind-her-ud-der-children-s.pdf
    • http://www.gorillawalker.com/the-execution-of-mayor-yin-and-other-stories-from-the.pdf
    • http://www.gorillawalker.com/the-america-s-test-kitchen-family-baking-book-the-only.pdf
    • http://www.gorillawalker.com/second-concerto-for-orchestra-study-score-by-steven-stucky-2006.pdf
    • http://www.gorillawalker.com/license-plate-game-book.pdf
    • http://www.gorillawalker.com/the-art-of-syrian-cookery-a-culinary-trip-to-the.pdf
    • http://www.gorillawalker.com/combustion-engines-development-mixture-formation-combustion-emissions-and-simulation.pdf
    • http://www.gorillawalker.com/working-in-care-settings-common-induction-standards.pdf
    • http://www.gorillawalker.com/c-leste-maisler-la-l-gende-episode-4-french-edition.pdf
    • http://www.gorillawalker.com/100-acts-of-minor-dissent.pdf
    • http://www.gorillawalker.com/calculus-of-variations-ii-grundlehren-der-mathematischen-wissenschaften-v-2.pdf
    • http://www.gorillawalker.com/el-maravilloso-mago-de-oz.pdf
    • http://www.gorillawalker.com/the-triangle-histories-of-the-civil-war-leaders-john-brown.pdf
    • http://www.gorillawalker.com/rick-steves-italy-map-including-rome-florence-venice-and-siena.pdf
    • http://www.gorillawalker.com/ali-baba-and-the-forty-thieves-young-reading-series-1.pdf
    • http://www.gorillawalker.com/anatomy-of-a-boyfriend.pdf
    • http://www.gorillawalker.com/the-energy-of-life-the-ringing-cedars-book-7.pdf
    • http://www.gorillawalker.com/turkey-hunting-digest.pdf
    • http://www.gorillawalker.com/city-guilds-7100-diploma-in-professional-cookery-level-2-candidate.pdf
    • http://www.gorillawalker.com/first-grade-civil-engineering-construction-management-engineer-exam-measures-400.pdf
    • http://www.gorillawalker.com/island-of-the-cavemen-the-mating-ritual-huge-size-monster.pdf
    • http://www.gorillawalker.com/string-quartet-no-4-op-44-no-2-a-score.pdf
    • http://www.gorillawalker.com/shanghai-to-hong-kong.pdf
    • http://www.gorillawalker.com/the-prison-door-is-open-what-are-you-still-doing.pdf
    • http://www.gorillawalker.com/cool-careers-for-girls-health.pdf
    • http://www.gorillawalker.com/the-freeman.pdf
    • http://www.gorillawalker.com/plunkett-s-transportation-supply-chain-logistics-industry-almanac-2010-transportation.pdf
    • http://www.gorillawalker.com/minecraft-the-nether-kingdom-unofficial-minecraft-book-minecraft-books-minecraft.pdf
    • http://www.gorillawalker.com/dot-dot-dot-13.pdf
    • http://www.gorillawalker.com/social-work-treatment-interlocking-theoretical-approaches.pdf
    • http://www.gorillawalker.com/kim-kardashian-the-untold-story.pdf
    • http://www.gorillawalker.com/harrington-on-hold-em-expert-strategies-for-no-limit-tournaments.pdf
    • http://www.gorillawalker.com/design-and-launch-an-online-web-design-business-in-a.pdf
    • http://www.gorillawalker.com/iconic-voices.pdf
    • http://www.gorillawalker.com/elemental-theology.pdf
    • http://www.gorillawalker.com/animal-magic.pdf
    • http://www.gorillawalker.com/financial-aid-for-veterans-military-personnel-and-their-families-2010.pdf
    • http://www.gorillawalker.com/shanghai-tourist-map.pdf
    • http://www.gorillawalker.com/second-concerto-for-orchestra-study-score-by-steven-s
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.