Malicious PDF — malware analysis report

Static analysis result for SHA-256 961a77f73534e196…

MALICIOUS

PDF

46.6 KB Created: 2018-11-23 21:08:44 +03:00 Authoring application: XPP (via Adobe Acrobat Pro DC 15.23.20053) First seen: 2019-01-12
MD5: c29186e96fd551f64ffa57047de5e5a2 SHA-1: 1d9adb15319796fe542e3c48fbc65e5d84c73979 SHA-256: 961a77f73534e1961f9ae152193a171c64a26b1d4cf0d81d71d17058c311fbf1
92 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell T1566.002 Spearphishing Attachment

The PDF contains an embedded URI pointing to a remote PDF file. The ML classifier also flagged this PDF as malicious. The document body appears to be obfuscated or corrupted, preventing a clear understanding of its intent beyond the embedded URL. The presence of an external URI suggests a social engineering attempt to trick the user into downloading further content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8883

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/insight-compact-guide-brittany-serial.pdf In PDF document text
    • http://www.gorillawalker.com/eat-your-eggs-kindle-edition.pdfIn PDF document text
    • http://www.gorillawalker.com/digital-electronics-through-project-analysis.pdfIn PDF document text
    • http://www.gorillawalker.com/reading-and-writing-short-arguments-powered-by-catalyst-2-0.pdfIn PDF document text
    • http://www.gorillawalker.com/radar-entomology-observing-insect-flight-and-migration.pdfIn PDF document text
    • http://www.gorillawalker.com/lippincott-s-illustrated-q-a-review-of-rubin-s-pathology.pdfIn PDF document text
    • http://www.gorillawalker.com/the-new-public-health-second-edition-an-introduction-for-the.pdfIn PDF document text
    • http://www.gorillawalker.com/mysteries-of-beekeeping-explained.pdfIn PDF document text
    • http://www.gorillawalker.com/sonar-bangla-agricultural-growth-and-agrarian-change-in-west-bengal.pdfIn PDF document text
    • http://www.gorillawalker.com/a-b-c-of-acrylic-painting-bird-of-paradise-kindle.pdfIn PDF document text
    • http://www.gorillawalker.com/you-can-do-it-bert-gecko-press-titles.pdfIn PDF document text
    • http://www.gorillawalker.com/secrets-of-opening-preparation-school-of-future-champions-vol-2.pdfIn PDF document text
    • http://www.gorillawalker.com/the-in-between-embracing-the-tension-between-now-and-the.pdfIn PDF document text
    • http://www.gorillawalker.com/2-morceaux-op-36-viola-part-qty-4-a7462.pdfIn PDF document text
    • http://www.gorillawalker.com/hypnotherapy-a-handbook-psychotherapy-handbooks-by-heap-michael-2012-paperback.pdfIn PDF document text
    • http://www.gorillawalker.com/what-to-expect-when-you-re-accepted-an-african-american.pdfIn PDF document text
    • http://www.gorillawalker.com/alfred-maudslay-and-the-maya-a-biography.pdfIn PDF document text
    • http://www.gorillawalker.com/area-agencies-on-aging-an-entry-from-macmillan-reference-usa.pdfIn PDF document text
    • http://www.gorillawalker.com/formative-assessment-for-english-language-arts-a-guide-for-middle.pdfIn PDF document text
    • http://www.gorillawalker.com/essentials-of-geometry.pdfIn PDF document text
    • http://www.gorillawalker.com/qui-n-manda-en-esta-casa-la-autoridad-paterna-y.pdfIn PDF document text
    • http://www.gorillawalker.com/healthy-clean-eating-recipes-free-range-chicken-discover-the-secrets.pdfIn PDF document text
    • http://www.gorillawalker.com/from-telecommunications-to-electronic-services-a-global-spectrum-of-definitions.pdfIn PDF document text
    • http://www.gorillawalker.com/coaching-youth-basketball-coaching-youth-sports.pdfIn PDF document text
    • http://www.gorillawalker.com/the-collected-works-of-c-g-jung-vol-9-part.pdfIn PDF document text
    • http://www.gorillawalker.com/vegetarian-samayal-of-south-india-delicious-cooking-from-a-tamil.pdfIn PDF document text
    • http://www.gorillawalker.com/the-dragons-return-tales-of-the-new-earth-book-1.pdfIn PDF document text
    • http://www.gorillawalker.com/the-seven-day-mental-diet-how-to-change-your-life.pdfIn PDF document text
    • http://www.gorillawalker.com/mexicanos-second-edition-a-history-of-mexicans-in-the-united.pdfIn PDF document text
    • http://www.gorillawalker.com/the-bossy-bitchy-bundle.pdfIn PDF document text
    • http://www.gorillawalker.com/101-stories-of-the-great-ballets-the-scene-by-scene.pdfIn PDF document text
    • http://www.gorillawalker.com/handel-s-oratorio-samson-in-vocal-score-with-a-separate.pdfIn PDF document text
    • http://www.gorillawalker.com/cosmo-s-kinky-sex-games-erotic-adventures-that-ll-take.pdfIn PDF document text
    • http://www.gorillawalker.com/aux-jeunes-gens-par-pierre-kropotkine-french-edition.pdfIn PDF document text
    • http://www.gorillawalker.com/code-of-federal-regulations-title-47-telecommunication-pt-0-19.pdfIn PDF document text
    • http://www.gorillawalker.com/ravaged-mmmf-group-domination-beast-erotica-book-6.pdfIn PDF document text
    • http://www.gorillawalker.com/the-morning-which-breaks-loralynn-kennakris-volume-2.pdfIn PDF document text
    • http://www.gorillawalker.com/finite-mathematics-third-custom-for-the-university-of-montana.pdfIn PDF document text
    • http://www.gorillawalker.com/the-death-of-leisure-towards-the-next-resort.pdfIn PDF document text
    • http://www.gorillawalker.com/mauritius-west-a-souvenir-collection-of-colour-photographs-with-captions.pdfIn PDF document text
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
    • http://purl.org/dc/elements/1.1/In PDF document text
    • http://ns.adobe.com/xap/1.0/In PDF document text
    • http://ns.adobe.com/pdf/1.3/In PDF document text
    • http://ns.adobe.com/xap/1.0/mm/In PDF document text
    • http://www.aiim.org/pdfa/ns/extension/In PDF document text
    • http://www.aiim.org/pdfa/ns/schema#In PDF document text
    • http://www.aiim.org/pdfa/ns/property#In PDF document text
    • http://www.aiim.org/pdfa/ns/id/In PDF document text