Malicious PDF — malware analysis report

Static analysis result for SHA-256 9d82a5e08d3e9c01…

MALICIOUS

PDF

44.8 KB Created: 2018-11-26 20:05:23 +03:00 Authoring application: doPDF Ver 7.2 Build 376 (Windows XP Professional Edition (SP 3) - Version: 5.1.2600 (x86))
MD5: 2d5e0606905963c72992e97829dadb7c SHA-1: 1afb2caed175825c61ca4e67781110d7d996f0c6 SHA-256: 9d82a5e08d3e9c0130027b4510c67d3c4e9bca39ccf50b01d2ca53fd1f7387d7
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF was flagged for containing a large number of external links, a technique often used for SEO manipulation or to host malicious content. The ML classifier also strongly indicated maliciousness. The embedded URL 'http://www.gorillawalker.com/my-time-to-deal-with-it.pdf' is the primary IOC, suggesting a link farm or redirection strategy.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8812

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/my-time-to-deal-with-it.pdf
    • http://www.gorillawalker.com/p-146-eng-te-huai-the-man-and-the-image.pdf
    • http://www.gorillawalker.com/tintin-in-the-congo-the-adventures-of-tintin.pdf
    • http://www.gorillawalker.com/holt-elements-of-language-mississippi-test-prep-workbook-grade-7.pdf
    • http://www.gorillawalker.com/sanctus-holy-holy-holy-from-mass-to-st-aloysius-johann.pdf
    • http://www.gorillawalker.com/the-worlds-greatest-sermons-volumes-i-ii-iii-viii-and.pdf
    • http://www.gorillawalker.com/the-seventh-daughter-the-faerie-path-3.pdf
    • http://www.gorillawalker.com/introduction-to-electromagnetic-theory-a-modern-perspective.pdf
    • http://www.gorillawalker.com/shurley-english-level-3-kit-teacher-s-manual-with-audio.pdf
    • http://www.gorillawalker.com/math-in-focus-singapore-math-teacher-s-edition-book-a.pdf
    • http://www.gorillawalker.com/aime-87-lecture-notes-in-medical-informatics.pdf
    • http://www.gorillawalker.com/quiet-strength-the-principles-practices-and-priorities-of-a-winning.pdf
    • http://www.gorillawalker.com/readings-in-globalization-key-concepts-and-major-debates.pdf
    • http://www.gorillawalker.com/start-saving-henry.pdf
    • http://www.gorillawalker.com/firefighter-written-tests-physical-exams-arco-civil-service-book.pdf
    • http://www.gorillawalker.com/the-american-sign-language-handshape-starter-a-beginner-s-guide.pdf
    • http://www.gorillawalker.com/instinct-for-graduates-the-power-to-unleash-your-inborn-drive.pdf
    • http://www.gorillawalker.com/2010-higher-vocational-college-entrance-examination-guide-the-simulation-papers.pdf
    • http://www.gorillawalker.com/introduction-to-information-behaviour.pdf
    • http://www.gorillawalker.com/stagefright-letting-it-work-for-you.pdf
    • http://www.gorillawalker.com/koinfektion-hepatitis-und-hiv-bd-6.pdf
    • http://www.gorillawalker.com/principles-of-hormone-behavior-relations.pdf
    • http://www.gorillawalker.com/the-master-and-the-maid-downton-abbey-style-erotic-historical.pdf
    • http://www.gorillawalker.com/demand-creating-what-people-love-before-they-know-they-want.pdf
    • http://www.gorillawalker.com/war-at-sea-1939-45-defensive-v-1-official-history.pdf
    • http://www.gorillawalker.com/life-is-a-movie-starring-you-the-pesky-meddling-girls.pdf
    • http://www.gorillawalker.com/in-the-ring-with-sting-wrestlers.pdf
    • http://www.gorillawalker.com/argentina-north-and-uruguay-map-by-nelles-nelles-maps-english.pdf
    • http://www.gorillawalker.com/compass-math-test-success-150-compass-math-problems-solutions.pdf
    • http://www.gorillawalker.com/everything-is-obvious-once-you-know-the-answer-by-watts.pdf
    • http://www.gorillawalker.com/water-laws-air-laws-and-the-environment-handbook-on-environmental.pdf
    • http://www.gorillawalker.com/spooky-ghost-tales-volume-2.pdf
    • http://www.gorillawalker.com/the-architects-of-golf-a-survey-of-golf-course-design.pdf
    • http://www.gorillawalker.com/reliability-theory-with-applications-to-preventive-maintenance.pdf
    • http://www.gorillawalker.com/the-great-call-from-symphony-no-2-kalmus-edition-german.pdf
    • http://www.gorillawalker.com/music-minus-one-violin-mendelssohn-double-concerto-in-d-minor.pdf
    • http://www.gorillawalker.com/activities-for-using-the-internet-in-primary-school.pdf
    • http://www.gorillawalker.com/practical-planning-and-assessment.pdf
    • http://www.gorillawalker.com/cheyenne-warrior-the-original-screenplay-with-author-commentary.pdf
    • http://www.gorillawalker.com/company-law-q-a-2014-2015-questions-answers-oxford.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.