Malicious PDF — malware analysis report

Static analysis result for SHA-256 9ce942d740347b1b…

MALICIOUS

PDF

43.7 KB Created: 2018-12-02 10:55:02 +03:00 Authoring application: FrameMaker 7.1 (via Acrobat Distiller 7.0.5 (Windows))
MD5: 1deefbb5ef70cf3e5282ba10fd401ba1 SHA-1: 9011af1774715a34559dfddee83fc512bff15351 SHA-256: 9ce942d740347b1b55a3a2fbc48a37d5bb7fe7c5922011b6aaac5290a6da7de8
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF file was flagged by a machine learning classifier as malicious and contains a large number of external links, indicating a potential SEO manipulation or content distribution scheme. The primary heuristic identified a 'PDF_SEO_LINK_FARM' with 32 external PDF links, predominantly hosted on www.gorillawalker.com. No scripts were extracted from this sample, and the document body was heavily truncated and unreadable.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9171

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/a-fundamental-fear-critique-influence-change-kindle-edition.pdf
    • http://www.gorillawalker.com/the-secret-of-the-long-lost-cousin-can-you-solve.pdf
    • http://www.gorillawalker.com/education-for-a-sustainable-future-a-paradigm-of-hope-for.pdf
    • http://www.gorillawalker.com/a-ranger-to-stand-with-lone-star-ranger-book-5.pdf
    • http://www.gorillawalker.com/moths-of-borneo-nolidae-pt-18.pdf
    • http://www.gorillawalker.com/carrabba-s-italian-grill-recipes-from-around-our-family-table.pdf
    • http://www.gorillawalker.com/doing-my-part-home-front-heroes.pdf
    • http://www.gorillawalker.com/distance-regular-graphs-ergebnisse-der-mathematik-und-ihrer-grenzgebiete-3.pdf
    • http://www.gorillawalker.com/human-resource-development-3rd-edition-managing-learning-and-knowledge-capital.pdf
    • http://www.gorillawalker.com/211-things-a-bright-boy-can-do.pdf
    • http://www.gorillawalker.com/the-history-of-the-translation-of-the-holy-scriptures-into.pdf
    • http://www.gorillawalker.com/the-daniel-plan-40-days-to-a-healthier-life-unabridged.pdf
    • http://www.gorillawalker.com/black-decker-the-complete-outdoor-builder-from-arbors-to-walkways.pdf
    • http://www.gorillawalker.com/biblioteca-de-ideas-eventos-especiales-especialidades-juveniles-biblioteca-de-ideas.pdf
    • http://www.gorillawalker.com/a-gem-of-a-daughter-jewels.pdf
    • http://www.gorillawalker.com/the-holy-spirit.pdf
    • http://www.gorillawalker.com/praxis-ii-teaching-reading-5204-exam-flashcard-study-system-praxis.pdf
    • http://www.gorillawalker.com/basic-bible-teachings-an-introduction-to-the-lutheran-faith.pdf
    • http://www.gorillawalker.com/white-noise-a-science-fiction-romance-a-particle-beam-from.pdf
    • http://www.gorillawalker.com/north-carolina-research-genealogy-and-local-history.pdf
    • http://www.gorillawalker.com/runaway-slaves-history-firsthand.pdf
    • http://www.gorillawalker.com/caroline-fox-quaker-blue-stocking-1819-71.pdf
    • http://www.gorillawalker.com/streetwise-jerusalem-map-laminated-city-center-street-map-of-jerusalem.pdf
    • http://www.gorillawalker.com/this-happened-everywhere-selected-poems-of-remco-campert.pdf
    • http://www.gorillawalker.com/violoncello-cl-sico-piezas-f-ciles-de-beethoven-mozart-tchaikovsky.pdf
    • http://www.gorillawalker.com/auriculotherapy-complementary-medicine-thieme-paperback.pdf
    • http://www.gorillawalker.com/soulsource-had-he-come-to-america-now.pdf
    • http://www.gorillawalker.com/solar-pv-off-grid-vermogen-hoe-bouw-je-solar-pv.pdf
    • http://www.gorillawalker.com/teaching-and-addresses.pdf
    • http://www.gorillawalker.com/a-naturalist-s-guide-to-forest-plants-an-ecology-for.pdf
    • http://www.gorillawalker.com/abrir-la-mano-del-pensamiento-fundamentos-de-la-pr-ctica.pdf
    • http://www.gorillawalker.com/in-the-time-of-assignments.pdf
    • http://www.gorillawalker.com/the-political-economy-of-central-asia.pdf
    • http://www.gorillawalker.com/head-injury-the-facts.pdf
    • http://www.gorillawalker.com/british-campaign-medals-1914-2000-shire-album.pdf
    • http://www.gorillawalker.com/evil-and-the-unconscious-studies-in-religion-american-academy-of.pdf
    • http://www.gorillawalker.com/us-army-counter-intelligence-fm-34-60-kindle-edition.pdf
    • http://www.gorillawalker.com/a-fine-madness.pdf
    • http://www.gorillawalker.com/holt-mcdougal-middle-school-math-virginia-student-edition-course-2.pdf
    • http://www.gorillawalker.com/canterwood-crest-stable-of-stories-take-the-reins-behind-the.pdf
    • http://www.gorillawalker.com/carrabba-s-italian-grill-recipes-from-around-our-family-table
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.