Malicious PDF — malware analysis report

Static analysis result for SHA-256 9d47d964c4431b1c…

MALICIOUS

PDF

46.5 KB Created: 2018-11-23 08:05:53 +03:00 Authoring application: QuarkXPress: pictwpstops filter 1.0 (via Acrobat Distiller 6.0 for Macintosh)
MD5: 3966e818d845af58a91637c81c6d4af0 SHA-1: 5e9c7e34727aaaca26669ed6f3e705509a9eb1b2 SHA-256: 9d47d964c4431b1c1bd81e21202474bf69db26908f236146f634a11cbb0a506b
72 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell T1204.002 Malicious File

The PDF contains a heuristic firing for 'SE_PASSWORD_ARCHIVE_LURE', indicating it's designed to trick users into downloading a password-protected archive. The embedded URL points to a PDF file, likely intended as a lure. The ML classifier also flagged the PDF as malicious. No scripts were extracted, and the document body was unreadable, limiting further analysis of the exact payload.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8480

Heuristics 3

  • Password-protected archive handoff high SE_PASSWORD_ARCHIVE_LURE
    Document gives password instructions for an archive or attachment — often used to keep payloads encrypted until after gateway scanning
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/a-load-of-trouble-christopher-churchmouse-classics.pdf
    • http://www.gorillawalker.com/the-brave-turtleback-school-library-binding-edition.pdf
    • http://www.gorillawalker.com/black-dance.pdf
    • http://www.gorillawalker.com/the-spongebob-squarepants-experience-a-deep-dive-into-the-world.pdf
    • http://www.gorillawalker.com/airbus-a320-airliner-color-history.pdf
    • http://www.gorillawalker.com/iq-and-psychometric-test-workbook-essential-preparation-for-verbal-numerical.pdf
    • http://www.gorillawalker.com/shatner-rules-your-key-to-understanding-the-shatnerverse-and-the.pdf
    • http://www.gorillawalker.com/make-it-all-about-them-winning-sales-presentations.pdf
    • http://www.gorillawalker.com/we-have-heard-that-god-is-with-you-preaching-the.pdf
    • http://www.gorillawalker.com/girltalk-all-the-stuff-your-sister-never-told-you-third.pdf
    • http://www.gorillawalker.com/applied-writing-for-technicians-with-student-tutorial-cd.pdf
    • http://www.gorillawalker.com/photographing-children-life-library-of-photography.pdf
    • http://www.gorillawalker.com/faith-run-camino-del-sol.pdf
    • http://www.gorillawalker.com/construction-for-landscape-architecture-portfolio-skills-portfolio-skills-landscape-architecture.pdf
    • http://www.gorillawalker.com/rusty-wilson-s-alaskan-bigfoot-campfire-stories.pdf
    • http://www.gorillawalker.com/weight-loss-20-proven-smoothie-recipes-for-weight-loss-health.pdf
    • http://www.gorillawalker.com/magenta-4-drop-dead-gorgeous.pdf
    • http://www.gorillawalker.com/zapotec-renaissance-ethnic-politics-and-cultural-revivalism-in-southern-mexico.pdf
    • http://www.gorillawalker.com/field-manual-fm-3-21-12-the-infantry-weapons-company.pdf
    • http://www.gorillawalker.com/south-from-ephesus-travels-in-aegean-turkey.pdf
    • http://www.gorillawalker.com/new-york-city-neighborhoods-the-18th-century-foundations-of-archaeology.pdf
    • http://www.gorillawalker.com/alabama-life-accident-health-insurance-license-exam-manual-2nd-edition.pdf
    • http://www.gorillawalker.com/cooking-in-croatia-bosnia-425-croatian-and-bosnian-recipes.pdf
    • http://www.gorillawalker.com/gods-demigods-and-demons-a-handbook-of-greek-mythology.pdf
    • http://www.gorillawalker.com/new-melanoma-metastasis-risk-factors-are-identified-past-history-of.pdf
    • http://www.gorillawalker.com/hope-after-cancer.pdf
    • http://www.gorillawalker.com/cuando-el-abismo-separa-the-divide-spanish-edition.pdf
    • http://www.gorillawalker.com/chiltern-hills-east-os-explorer-active-map.pdf
    • http://www.gorillawalker.com/transportation-reference-data-fm-55-15.pdf
    • http://www.gorillawalker.com/healing-waters-women-s-bible-study-participant-book-a-bible.pdf
    • http://www.gorillawalker.com/durch-massailand-zur-nilquelle-d-reimer.pdf
    • http://www.gorillawalker.com/the-story-of-buddhism-a-concise-guide-to-its-history.pdf
    • http://www.gorillawalker.com/literature-review-of-the-effects-of-child-maltreatment-a-compelling.pdf
    • http://www.gorillawalker.com/fresh-market-wisconsin-recipes-resources-and-stories-celebrating-wisconsin-farm.pdf
    • http://www.gorillawalker.com/croaking-frogs-a-guide-to-sanskrit-metrics-and-figures-of.pdf
    • http://www.gorillawalker.com/waste-to-energy-technologies-and-project-implementation-kindle-edition.pdf
    • http://www.gorillawalker.com/engine-tribology-s-p-society-of-automotive-engineers.pdf
    • http://www.gorillawalker.com/joy-kogawa-essays-on-her-works-writers-series.pdf
    • http://www.gorillawalker.com/astronaut-cool-careers.pdf
    • http://www.gorillawalker.com/hunt-for-the-soul-hunt-for-the-witch-book-2.pdf
    • http://www.gorillawalker.com/iq-and-psycho
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.