Malicious PDF — malware analysis report

Static analysis result for SHA-256 9dba46010eda3529…

MALICIOUS

PDF

32.8 KB Created: 2019-07-13 04:50:57 +03:00 Authoring application: XPP (via Adobe Acrobat Pro DC 15.23.20053)
MD5: 109a5d2ae4dfde4ab30fae4c1042e984 SHA-1: 95e6aea51426bb2c17ef808348c5daa8ea54e4c3 SHA-256: 9dba46010eda352996ec8c4d266e0bc2154aa229277c44f6fe0905243631adee
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF contains a large number of embedded links to external PDF files, all hosted on the same domain (www.gorillawalker.com). This behavior is indicative of a link farm, often used for SEO manipulation or to distribute a large volume of content, potentially including malicious payloads. The ML classifier also flagged this PDF as malicious with a high probability. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8529

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-hot-knives-vegetarian-cookbook-salad-daze.pdf
    • http://www.gorillawalker.com/overstreet-comic-book-price-guide-19-19th-edition-1989-1990.pdf
    • http://www.gorillawalker.com/adriana-lecouvreur-act-i-duetto-soprano-tenor-adriana-maurizio-trombone.pdf
    • http://www.gorillawalker.com/ib-english-a-language-literature-standard-higher-level-osc-ib.pdf
    • http://www.gorillawalker.com/your-image-talks-how-to-win-the-pitch-presentation-or.pdf
    • http://www.gorillawalker.com/mythic-monsters-dragons-volume-13.pdf
    • http://www.gorillawalker.com/hamlet-french-edition.pdf
    • http://www.gorillawalker.com/the-automotive-chassis-engineering-principles.pdf
    • http://www.gorillawalker.com/divorce-and-family-mediation-the-family-therapy-collections.pdf
    • http://www.gorillawalker.com/veterinary-drug-handbook-desk-edition.pdf
    • http://www.gorillawalker.com/the-classic-ballet-basic-technique-and-terminology.pdf
    • http://www.gorillawalker.com/fifth-child.pdf
    • http://www.gorillawalker.com/olds-maternal-newborn-nursing-women-s-health-across-the-lifespan.pdf
    • http://www.gorillawalker.com/sexual-ecstasy-the-art-of-orgasm.pdf
    • http://www.gorillawalker.com/the-hippie-house.pdf
    • http://www.gorillawalker.com/c-g-jung-psychological-reflections-a-new-anthology-of-his.pdf
    • http://www.gorillawalker.com/children-s-clothes-since-1750.pdf
    • http://www.gorillawalker.com/a-village-to-village-guide-to-hiking-the-camino-de.pdf
    • http://www.gorillawalker.com/oxford-handbook-of-clinical-skills-in-adult-nursing-oxford-handbooks.pdf
    • http://www.gorillawalker.com/reviews-on-immunoassay-technology-v-2.pdf
    • http://www.gorillawalker.com/freebsd-device-drivers-a-guide-for-the-intrepid-kindle-edition.pdf
    • http://www.gorillawalker.com/phylogenetic-relationships-of-the-earliest-anisostrophically-coiled-gastropods-2002-smithsonian.pdf
    • http://www.gorillawalker.com/jefferson-the-virginian-jefferson-and-his-time.pdf
    • http://www.gorillawalker.com/greek-tragedy-into-film.pdf
    • http://www.gorillawalker.com/two-worlds-and-promised-lands.pdf
    • http://www.gorillawalker.com/2013-2014-basic-and-clinical-science-course-section-9-intraocular.pdf
    • http://www.gorillawalker.com/pre-algebra-grades-6-8-the-100-series-tm.pdf
    • http://www.gorillawalker.com/the-king-s-return-thomas-hill.pdf
    • http://www.gorillawalker.com/beyond-the-highland-mist-to-tame-a-highland-warrior-highlanders.pdf
    • http://www.gorillawalker.com/passover-living-festivals.pdf
    • http://www.gorillawalker.com/the-essential-dave-allen.pdf
    • http://www.gorillawalker.com/daughters-of-joy-sisters-of-misery-prostitutes-in-the-american.pdf
    • http://www.gorillawalker.com/the-best-of-bbc-comedy-50s-v-2-bbc-radio.pdf
    • http://www.gorillawalker.com/student-activities-in-earth-science-for-christian-schools-teacher-s.pdf
    • http://www.gorillawalker.com/valuation-of-companies-in-emerging-markets.pdf
    • http://www.gorillawalker.com/chocolate-cake-recipes-kindle-edition.pdf
    • http://www.gorillawalker.com/the-family-of-god-creating-a-fair-community-a-peacemaking.pdf
    • http://www.gorillawalker.com/our-republican-constitution.pdf
    • http://www.gorillawalker.com/baby-s-abc-so-tall-board-books.pdf
    • http://www.gorillawalker.com/the-causes-of-epilepsy-common-and-uncommon-causes-in-adults.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.