Malicious PDF — malware analysis report

Static analysis result for SHA-256 a8a99acbf7c9a9d7…

MALICIOUS

PDF

34.8 KB Created: 2020-02-08 18:30:12 +03:00 Authoring application: QuarkXPress(tm) 6.1
MD5: 083cc36424086f5f5786bd8e44bf3776 SHA-1: d20c860c0bca1e42de55fa162a4054c110570871 SHA-256: a8a99acbf7c9a9d755a76b84d9ee20ee97746db63fafd1f00df327b6b538b8af
90 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell

The PDF file contains a large number of embedded URLs pointing to PDF documents on the domain www.gorillawalker.com. This is indicative of a link farm or SEO manipulation tactic. The ML classifier also flagged this PDF as malicious. No scripts were extracted, and the document body was heavily obfuscated, preventing a deeper analysis of the specific lure.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8018

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/colgate-university-off-the-record-college-prowler.pdf
    • http://www.gorillawalker.com/istfa-2014-proceedings-from-the-40th-international-symposium-for-testing.pdf
    • http://www.gorillawalker.com/reconstruction-of-the-head-and-neck-a-defect-oriented-approach.pdf
    • http://www.gorillawalker.com/crook-s-media-law-analysing-key-cases.pdf
    • http://www.gorillawalker.com/delirious-delhi-inside-india-s-incredible-capital.pdf
    • http://www.gorillawalker.com/traveller-character-record-pack.pdf
    • http://www.gorillawalker.com/the-everything-vegetarian-slow-cooker-cookbook-includes-tofu-noodle-soup.pdf
    • http://www.gorillawalker.com/the-antarctic-a-very-short-introduction-very-short-introductions.pdf
    • http://www.gorillawalker.com/commercial-and-investment-banking-and-the-international-credit-and-capital.pdf
    • http://www.gorillawalker.com/the-guinness-book-of-classic-british-tv.pdf
    • http://www.gorillawalker.com/a-generalization-of-reset-options-pricing-formulae-with-stochastic-interest.pdf
    • http://www.gorillawalker.com/stone-heart.pdf
    • http://www.gorillawalker.com/indium.pdf
    • http://www.gorillawalker.com/ahs-great-plant-guide.pdf
    • http://www.gorillawalker.com/lonely-planet-india-phrasebook-dictionary-lonely-planet-phrasebook-and-dictionary.pdf
    • http://www.gorillawalker.com/science-through-childrens-literature-an-integrated-approach.pdf
    • http://www.gorillawalker.com/analytical-chemistry-of-minerals.pdf
    • http://www.gorillawalker.com/hamburger-hill.pdf
    • http://www.gorillawalker.com/crime-tells-cole-s-gamble-paperback.pdf
    • http://www.gorillawalker.com/leonard-maltin-s-movie-encyclopedia-career-profiles-of-more-than.pdf
    • http://www.gorillawalker.com/culture-bodies-and-the-sociology-of-health.pdf
    • http://www.gorillawalker.com/bourgeois-aka-boojee-detective-honey-sinclair-book-2-kindle-edition.pdf
    • http://www.gorillawalker.com/annual-editions-internationa-business-05-06.pdf
    • http://www.gorillawalker.com/landscape-architecture-construction-3rd-edition.pdf
    • http://www.gorillawalker.com/adosphere-cahier-d-activites-2-cd-rom-french-edition.pdf
    • http://www.gorillawalker.com/the-animals-football-final-froglets.pdf
    • http://www.gorillawalker.com/development-of-movement-coordination-in-children-applications-in-the-field.pdf
    • http://www.gorillawalker.com/hellfire-danny-black-thriller-3.pdf
    • http://www.gorillawalker.com/brazil-gdebk-pb.pdf
    • http://www.gorillawalker.com/the-art-of-home-candy-making-cookbook-kindle-edition.pdf
    • http://www.gorillawalker.com/buenos-aires-chic-to-chic-spanish-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/when-bad-grammar-happens-to-good-people-how-to-avoid.pdf
    • http://www.gorillawalker.com/jacob-s-children-in-the-land-of-the-mahdi-jews.pdf
    • http://www.gorillawalker.com/current-mode-vlsi-analog-filters-design-and-applications.pdf
    • http://www.gorillawalker.com/the-scandal-of-jesus.pdf
    • http://www.gorillawalker.com/the-red-book-kirchner-s-pacific-northwest-march-2004.pdf
    • http://www.gorillawalker.com/great-source-write-source-interactive-cd-package-of-10-grade.pdf
    • http://www.gorillawalker.com/be-glad-your-nose-is-on-your-face-and-other.pdf
    • http://www.gorillawalker.com/the-sociology-of-food-and-agriculture-earthscan-food-and-agriculture.pdf
    • http://www.gorillawalker.com/whole-and-gluten-free-the-whole-foods-kitchen-book-3.pdf
    • http://www.gorillawalker.com/commercial-and
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.