Malicious PDF — malware analysis report

Static analysis result for SHA-256 ab8837a8971d6183…

MALICIOUS

PDF

44.7 KB Created: 2018-11-30 21:01:06 +03:00 Authoring application: pdfFactory Pro www.pdffactory.com (via pdfFactory Pro 4.05 (Windows 7 Home Basic x86 Russian))
MD5: 7bd89f0208f012cb1166a308b4e66e41 SHA-1: a40e31763ef1f8ef521020f81399365ef9f2adb4 SHA-256: ab8837a8971d61839f405e72eb7b8c5b4fafffb96b0291a1972aebed913198d8
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF contains a large number of embedded links to external PDF files, primarily hosted on www.gorillawalker.com. This behavior is indicative of a link farm, often used for SEO manipulation or to distribute a wide variety of content, potentially including malicious payloads. The ML classifier also flagged this document as malicious. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8439

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-real-estate-game-the-intelligent-guide-to-decisionmaking-and.pdf
    • http://www.gorillawalker.com/the-landmark-thucydides-a-comprehensive-guide-to-the-peloponnesian-war.pdf
    • http://www.gorillawalker.com/per-n-y-los-alemanes-spanish-edition.pdf
    • http://www.gorillawalker.com/wolves-a-falcon-field-guide-falcon-field-guide-series.pdf
    • http://www.gorillawalker.com/shadows-on-the-sea-aladdin-historical-fiction.pdf
    • http://www.gorillawalker.com/france-profiled-syb-factbook.pdf
    • http://www.gorillawalker.com/higiene-y-seguridad-aplicadas-en-los-centros-de-belleza-beauty.pdf
    • http://www.gorillawalker.com/the-fellowship-of-the-ring-bbc-full-cast-dramatization.pdf
    • http://www.gorillawalker.com/holt-science-technology-chapter-resources-cd-rom-life-science.pdf
    • http://www.gorillawalker.com/liling-po-volume-5-v-5.pdf
    • http://www.gorillawalker.com/techniques-of-chemistry-microwave-molecular-spectra-volume-18.pdf
    • http://www.gorillawalker.com/oxford-children-s-rhyming-dictionary.pdf
    • http://www.gorillawalker.com/international-business-negotiations-second-edition-international-business-and-management-international.pdf
    • http://www.gorillawalker.com/jerusalem-blue-guides.pdf
    • http://www.gorillawalker.com/dead-angels-kiera-hudson-series-two-book-2.pdf
    • http://www.gorillawalker.com/history-of-the-first-reformed-dutch-church-of-jamaica-l.pdf
    • http://www.gorillawalker.com/rapture-and-revolution-essays-on-turkish-literature.pdf
    • http://www.gorillawalker.com/la-vida-en-las-selvas-animales-gente-plantas-spanish-edition.pdf
    • http://www.gorillawalker.com/psychiatric-intensive-care.pdf
    • http://www.gorillawalker.com/las-cr-nicas-insekto-vol-vii-el-sektor-vii-las.pdf
    • http://www.gorillawalker.com/biogeochemistry-of-mid-sized-tropical-river-linthipe-malawi-effects-of.pdf
    • http://www.gorillawalker.com/benjamin-britten-complete-folksong-arrangements-61-songs.pdf
    • http://www.gorillawalker.com/wrinkles-wallace-fighters-of-foreclosure-kindle-edition.pdf
    • http://www.gorillawalker.com/satan-absolved-a-victorian-mystery-1899.pdf
    • http://www.gorillawalker.com/hong-kong-an-affordable-trip-return-airfare-from-vancouver-less.pdf
    • http://www.gorillawalker.com/child-care-design-guide.pdf
    • http://www.gorillawalker.com/colorado-wild-scenic-2012-deluxe-wall-calendar.pdf
    • http://www.gorillawalker.com/landscapes-of-emotion-mapping-three-cultures-of-emotion-in-indonesia.pdf
    • http://www.gorillawalker.com/total-freedom-the-essential-krishnamurti-kindle-edition.pdf
    • http://www.gorillawalker.com/global-woman-nannies-maids-sex-workers-in-the-new-economy.pdf
    • http://www.gorillawalker.com/proline-play-drums-today-book-dvd-pack.pdf
    • http://www.gorillawalker.com/elementary-and-intermediate-algebra-concepts-and-applications-books-a-la.pdf
    • http://www.gorillawalker.com/smoothies-ice-treats-a-guide-to-enjoying-fresh-frozen-treats.pdf
    • http://www.gorillawalker.com/enterprise-soa-service-oriented-architecture-best-practices.pdf
    • http://www.gorillawalker.com/luxe-hanoi-luxe-city-guides.pdf
    • http://www.gorillawalker.com/principles-of-research-methodology-a-guide-for-clinical-investigators.pdf
    • http://www.gorillawalker.com/the-oxytocin-opera-by-bret-hoveskeland.pdf
    • http://www.gorillawalker.com/a-table-in-tuscany-classic-recipes-from-the-heart-of.pdf
    • http://www.gorillawalker.com/oase-87-alan-colquhoun.pdf
    • http://www.gorillawalker.com/catalog-of-unabashed-gratitude-pitt-poetry-series.pdf
    • http://www.gorillawalker.com/shadows-on-the-sea
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.