Malicious PDF — malware analysis report

Static analysis result for SHA-256 9f1db1e501b22597…

MALICIOUS

PDF

34.3 KB Created: 2019-11-10 05:17:19 +03:00 Authoring application: Adobe InDesign CC 2015 (Macintosh) (via Adobe PDF Library 15.0)
MD5: 584b98cb8c2fcda7bea4db81f95338db SHA-1: aa018a176f8d80aad4fb92cd3674183b44ea2385 SHA-256: 9f1db1e501b2259794010c9d59306b2235005f07c4e7cba9ac1b05d80d8b247e
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF was flagged by a machine learning classifier and contains a large number of external links, indicating a potential link farm or distribution mechanism. The primary heuristic indicates a mass external PDF link farm, with the first URL being http://www.gorillawalker.com/anesthesia-and-the-fetus.pdf. No scripts were extracted from this sample, and the document body was unreadable.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8529

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/anesthesia-and-the-fetus.pdf
    • http://www.gorillawalker.com/oman-and-overseas-studies-on-ibadism-and-oman.pdf
    • http://www.gorillawalker.com/zombie-moose-of-west-bath-maine.pdf
    • http://www.gorillawalker.com/well-logging-data-acquisition-and-applications.pdf
    • http://www.gorillawalker.com/the-corporate-consensus-a-guide-to-the-institutions-of-global.pdf
    • http://www.gorillawalker.com/contemporary-periodontal-surgery-an-illustrated-guide-to-the-art-behind.pdf
    • http://www.gorillawalker.com/inside-the-hits-the-seduction-of-a-rock-and-roll.pdf
    • http://www.gorillawalker.com/facets-of-the-renaissance.pdf
    • http://www.gorillawalker.com/the-meaning-of-meaning.pdf
    • http://www.gorillawalker.com/a-therapeutic-regimen-for-patients-with-cystic-fibrosis.pdf
    • http://www.gorillawalker.com/gateway-to-science-audio-cds-4.pdf
    • http://www.gorillawalker.com/lean-from-the-trenches-managing-large-scale-projects-with-kanban.pdf
    • http://www.gorillawalker.com/germany-s-black-holocaust-1890-1945-the-untold-truth.pdf
    • http://www.gorillawalker.com/multiaxial-fatigue-a-symposium-astm-special-technical-publication-stp.pdf
    • http://www.gorillawalker.com/cambridge-academic-english-c1-advanced-teacher-s-book-an-integrated.pdf
    • http://www.gorillawalker.com/the-rough-guide-to-american-independent-film-rough-guide-reference.pdf
    • http://www.gorillawalker.com/modern-wiring-practice-twelfth-edition.pdf
    • http://www.gorillawalker.com/resurrection-eschatology-theology-in-service-of-the-church-essays-in.pdf
    • http://www.gorillawalker.com/motherhood-silenced-the-experiences-of-natural-mothers-on-adoption-reunion.pdf
    • http://www.gorillawalker.com/belle-cora.pdf
    • http://www.gorillawalker.com/the-long-divergence-how-islamic-law-held-back-the-middle.pdf
    • http://www.gorillawalker.com/yves-behar-fuseproject-design-series-2-sfmoma-design-series.pdf
    • http://www.gorillawalker.com/historic-properties-of-york-county-south-carolina.pdf
    • http://www.gorillawalker.com/john-muir-way-a-scottish-coast-to-coast-route.pdf
    • http://www.gorillawalker.com/ships-make-it-work-science.pdf
    • http://www.gorillawalker.com/human-resource-management-in-the-nonprofit-sector-passion-purpose-and.pdf
    • http://www.gorillawalker.com/super-cookery-wok-oriental.pdf
    • http://www.gorillawalker.com/steamy-erotic-poetry.pdf
    • http://www.gorillawalker.com/the-human-side-of-outsourcing-psychological-theory-and-management-practice.pdf
    • http://www.gorillawalker.com/effectiveness-of-renal-denervation-to-lower-blood-pressure-questioned-doctors.pdf
    • http://www.gorillawalker.com/harvest-moon-animal-parade-official-strategy-guide.pdf
    • http://www.gorillawalker.com/tall-ships-calendar-2010.pdf
    • http://www.gorillawalker.com/corrosion-and-degradation-of-metallic-materials-understanding-of-phenomena-and.pdf
    • http://www.gorillawalker.com/wow-worship-purple-songbook-30-powerful-worship-songs-from-today.pdf
    • http://www.gorillawalker.com/frank-sinatra-more-of-his-best-original-keys-for-singers.pdf
    • http://www.gorillawalker.com/psoriasis-talk-with-your-disease-doctors-books-chinese-edition.pdf
    • http://www.gorillawalker.com/the-kingdom-of-love-and-the-pride-of-life-edward.pdf
    • http://www.gorillawalker.com/tricks-and-tips-for-experienced-players.pdf
    • http://www.gorillawalker.com/the-pathology-of-trauma-3ed-hodder-arnold-publication.pdf
    • http://www.gorillawalker.com/embrace-tiger-return-to-mountain-the-essence-of-tai-chi.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.