Malicious PDF — malware analysis report

Static analysis result for SHA-256 951e24e6fc1a3f5d…

MALICIOUS

PDF

45.0 KB Created: 2018-12-15 20:07:46 +03:00 Authoring application: Adobe Acrobat Pro 11.0.18 (via Adobe PDF Library 11.0) First seen: 2019-01-12
MD5: c622e04c71b17520767bbf53dfd67a48 SHA-1: bf07ae256de514e60c4d5d15d74edfc0500ea8fc SHA-256: 951e24e6fc1a3f5d2d941280a6d866cfb39568604801a9001076ad9cb02c40db
92 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell

The PDF contains multiple external URIs pointing to PDF files hosted on www.gorillawalker.com. The ML classifier flagged this PDF as malicious with a high score. The presence of these external links suggests an attempt to trick the user into downloading further content, likely malicious.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8389

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/madness-made-me-a-memoir.pdf In PDF document text
    • http://www.gorillawalker.com/the-cost-of-credit-regulation-preemption-and-industry-abuses-2007.pdfIn PDF document text
    • http://www.gorillawalker.com/the-canonical-effects-of-infamy-of-fact-1954.pdfIn PDF document text
    • http://www.gorillawalker.com/establishing-post-conflict-justice-through-u-s-occupation-military-tribunals.pdfIn PDF document text
    • http://www.gorillawalker.com/3-minutes-to-get-anyone-you-can-see-through-each.pdfIn PDF document text
    • http://www.gorillawalker.com/the-edwardian-modiste-85-authentic-patterns-with-instructions-fashion-plates.pdfIn PDF document text
    • http://www.gorillawalker.com/lego-friends-character-encyclopedia.pdfIn PDF document text
    • http://www.gorillawalker.com/better-learning-better-behaviour-policy-practice-in-education-series-no.pdfIn PDF document text
    • http://www.gorillawalker.com/information-processing-in-medical-imaging.pdfIn PDF document text
    • http://www.gorillawalker.com/the-ala-book-of-library-grant-money-ninth-edition-big.pdfIn PDF document text
    • http://www.gorillawalker.com/die-eden-seuche-seuchenkriege-serie-0-german-edition.pdfIn PDF document text
    • http://www.gorillawalker.com/jean-pierre-de-caussade-abandonment-to-divine-providence.pdfIn PDF document text
    • http://www.gorillawalker.com/know-your-sport-rugby-by-gifford-clive-2012-paperback.pdfIn PDF document text
    • http://www.gorillawalker.com/a-morgan-called-red.pdfIn PDF document text
    • http://www.gorillawalker.com/nouveau-guide-du-touriste-en-espagne-et-en-portugal-itineraire.pdfIn PDF document text
    • http://www.gorillawalker.com/educaci-n-f-sica-eso-physical-education-eso-metodolog-a.pdfIn PDF document text
    • http://www.gorillawalker.com/the-ancient-flame-dante-and-the-poets-nd-devers-series.pdfIn PDF document text
    • http://www.gorillawalker.com/jeeves-and-the-tie-that-binds.pdfIn PDF document text
    • http://www.gorillawalker.com/quantum-field-theory-a-modern-perspective-graduate-texts-in-contemporary.pdfIn PDF document text
    • http://www.gorillawalker.com/tancred-or-the-new-crusade.pdfIn PDF document text
    • http://www.gorillawalker.com/parenting-teens-a-field-guide.pdfIn PDF document text
    • http://www.gorillawalker.com/excuse-me-your-rejection-is-showing.pdfIn PDF document text
    • http://www.gorillawalker.com/the-baby-contract-billionaires-and-babies.pdfIn PDF document text
    • http://www.gorillawalker.com/a-tear-at-the-edge-of-creation-a-radical-new.pdfIn PDF document text
    • http://www.gorillawalker.com/tasting-the-seasons-inspired-in-season-cuisine-thats-easy-healthy.pdfIn PDF document text
    • http://www.gorillawalker.com/165-campfire-recipes-grilling-foil-packets-dutch-oven-how-to.pdfIn PDF document text
    • http://www.gorillawalker.com/ulcers-and-stomach-troubles.pdfIn PDF document text
    • http://www.gorillawalker.com/our-day-in-australia.pdfIn PDF document text
    • http://www.gorillawalker.com/cadillac-an-illustrated-guide-to-1950-thru-1959-motor-cars.pdfIn PDF document text
    • http://www.gorillawalker.com/e-research-methods-strategies-and-issues.pdfIn PDF document text
    • http://www.gorillawalker.com/nap-in-a-snap-a-step-by-step-guide-to.pdfIn PDF document text
    • http://www.gorillawalker.com/adrian-and-super-a-bake-and-like-differently-life-skills.pdfIn PDF document text
    • http://www.gorillawalker.com/sweet-charity-emergency-food-and-the-end-of-entitlement.pdfIn PDF document text
    • http://www.gorillawalker.com/cold-cases-an-evaluation-model-with-follow-up-strategies-for.pdfIn PDF document text
    • http://www.gorillawalker.com/breaking-the-age-barrier-great-looks-and-health-at-every.pdfIn PDF document text
    • http://www.gorillawalker.com/rugby-football-competitive-sports-series.pdfIn PDF document text
    • http://www.gorillawalker.com/configuring-windows-2008-r2-web-server-a-step-by-step.pdfIn PDF document text
    • http://www.gorillawalker.com/dr-ackermans-doberman-pinscher-bb-dog.pdfIn PDF document text
    • http://www.gorillawalker.com/properties-of-aluminum-alloys-tensile-creep-and-fatigue-data-at.pdfIn PDF document text
    • http://www.gorillawalker.com/subjectivity-gender-and-the-struggle-for-recognition.pdfIn PDF document text
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
    • http://purl.org/dc/elements/1.1/In PDF document text
    • http://ns.adobe.com/xap/1.0/In PDF document text
    • http://ns.adobe.com/pdf/1.3/In PDF document text
    • http://ns.adobe.com/xap/1.0/mm/In PDF document text
    • http://www.aiim.org/pdfa/ns/extension/In PDF document text
    • http://www.aiim.org/pdfa/ns/schema#In PDF document text
    • http://www.aiim.org/pdfa/ns/property#In PDF document text
    • http://www.aiim.org/pdfa/ns/id/In PDF document text