Malicious PDF — malware analysis report

Static analysis result for SHA-256 999382aff6831a59…

MALICIOUS

PDF

44.4 KB Created: 2018-11-30 01:49:18 +03:00 Authoring application: - (via ProcessText Group)
MD5: add060494d0b21d39e3fe675c3787225 SHA-1: 61aad8f3927985e9f6c8809006b54472b1ecff7f SHA-256: 999382aff6831a59c0d8119cf1319045fc1ec2551d6ab66fa20f342dc96a0a53
90 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell

The PDF contains a mass of external links, identified by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged this PDF as malicious. The embedded URLs point to a large number of PDF files on the domain www.gorillawalker.com, suggesting a link farm or content distribution strategy. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8439

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/mom-and-mum-are-getting-married.pdf
    • http://www.gorillawalker.com/mark-d-west-slovesick-japan-sex-marriage-romance-law-hardcover.pdf
    • http://www.gorillawalker.com/england-genealogy-parish-registers-and-wills-on-3-dvd-390.pdf
    • http://www.gorillawalker.com/lustful-milf-hq-nude-pics-issue-11a.pdf
    • http://www.gorillawalker.com/introductory-concepts-in-information-science-second-edition-asist-monograph.pdf
    • http://www.gorillawalker.com/essential-elements-piano-theory-level-4.pdf
    • http://www.gorillawalker.com/crossing-broadway-washington-heights-and-the-promise-of-new-york.pdf
    • http://www.gorillawalker.com/the-unicorn-s-mate-kindle-edition.pdf
    • http://www.gorillawalker.com/the-best-american-essays-2012.pdf
    • http://www.gorillawalker.com/dolphins-at-daybreak-magic-tree-house-audiobooks-by-mary-pope.pdf
    • http://www.gorillawalker.com/kokeshi-wooden-treasures-of-japan.pdf
    • http://www.gorillawalker.com/constructing-quality-the-classification-of-goods-in-markets-hardcover.pdf
    • http://www.gorillawalker.com/the-many-faces-of-herod-the-great.pdf
    • http://www.gorillawalker.com/exit-voice-and-loyalty-responses-to-decline-in-firms-organizations.pdf
    • http://www.gorillawalker.com/contemporary-belgian-poetry-selected-and-translated-by-jethro-bithell.pdf
    • http://www.gorillawalker.com/the-professional-secretary.pdf
    • http://www.gorillawalker.com/fourth-generation-corporate-security-asymmetrical-warfare-for-protective-services-professionals.pdf
    • http://www.gorillawalker.com/mel-bay-presents-fingerpicking-the-gospels-book-cd-set.pdf
    • http://www.gorillawalker.com/11-practice-papers-verbal-reasoning-pack-1-standard-format-test.pdf
    • http://www.gorillawalker.com/el-libro-de-los-look-de-maquillaje-spanish-edition.pdf
    • http://www.gorillawalker.com/charlie-christian-solo-flight-the-seminal-electric-guitarist.pdf
    • http://www.gorillawalker.com/internet-electronic-global-village-megatech.pdf
    • http://www.gorillawalker.com/the-application-of-heat-and-chemicals-in-the-control-of.pdf
    • http://www.gorillawalker.com/economics-of-racism-ii-u-s-a-the-roots-of.pdf
    • http://www.gorillawalker.com/decision-gd-gradprg-educ-2004-peterson-s-graduate-programs-in.pdf
    • http://www.gorillawalker.com/a-big-dog-an-opposites-book-boxer-concept-series.pdf
    • http://www.gorillawalker.com/holiday-vegetables-baked-squash-mashed-sweet-potatoes-recipe-an-article.pdf
    • http://www.gorillawalker.com/the-everything-parent-s-guide-to-children-with-autism-expert.pdf
    • http://www.gorillawalker.com/places-through-the-body.pdf
    • http://www.gorillawalker.com/the-new-york-code-of-civil-procedure-as-it-is.pdf
    • http://www.gorillawalker.com/tragicomedy-in-the-endgame-instructive-mistakes-of-the-masters.pdf
    • http://www.gorillawalker.com/hagstrom-suffolk-county-ny-atlas.pdf
    • http://www.gorillawalker.com/the-tempest-orchard-shakespeare.pdf
    • http://www.gorillawalker.com/the-butler-teaches-a-lesson-a-sexy-historical-victorian-era.pdf
    • http://www.gorillawalker.com/so-far-so-good-the-first-94-years.pdf
    • http://www.gorillawalker.com/samurai-executioner-vol-9-v-9.pdf
    • http://www.gorillawalker.com/sitting-bull-a-biography-greenwood-biographies.pdf
    • http://www.gorillawalker.com/amigos-part-1-cd.pdf
    • http://www.gorillawalker.com/locks-safes-and-security-an-international-police-reference-2-volume.pdf
    • http://www.gorillawalker.com/ripped-mary-jane-kelly.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.