Malicious PDF — malware analysis report

Static analysis result for SHA-256 acdfe64e15e28d2a…

MALICIOUS

PDF

40.8 KB Created: 2018-12-02 10:55:49 +03:00 Authoring application: Adobe InDesign CS5.5 (7.5) (via Adobe PDF Library 9.9)
MD5: a2417d87657704e75d51ae4b7dce6e49 SHA-1: f520ed9c8b7822186e35deaebfa985822626932a SHA-256: acdfe64e15e28d2aa935e1f0d5bcf4f48f87caa287de1580942b38c127c83a8a
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF contains a large number of embedded URLs pointing to external PDF files on the domain 'gorillawalker.com'. This is indicative of a link farm or a distribution mechanism for further malicious content. The ML classifier also flagged this PDF as malicious with a high probability. No scripts were extracted, and the document body was heavily obfuscated, limiting further analysis of the immediate intent beyond the URL distribution.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9027

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/proving-and-pricing-construction-claims-2008-cumulative-supplement-construction-law.pdf
    • http://www.gorillawalker.com/my-diary-from-the-edge-of-the-world.pdf
    • http://www.gorillawalker.com/body-shop-massage.pdf
    • http://www.gorillawalker.com/ancient-light-our-changing-view-of-the-universe.pdf
    • http://www.gorillawalker.com/letters-written-between-the-years-1784-and-1807-cambridge-library.pdf
    • http://www.gorillawalker.com/monsters-are-afraid-of-the-moon.pdf
    • http://www.gorillawalker.com/the-edge-of-the-sword.pdf
    • http://www.gorillawalker.com/creation-evolution-chart.pdf
    • http://www.gorillawalker.com/i-await-his-coming-every-day.pdf
    • http://www.gorillawalker.com/ultrasound-physics-and-technology-how-why-and-when-1e.pdf
    • http://www.gorillawalker.com/i-started-crying-monday.pdf
    • http://www.gorillawalker.com/angels-companions-in-magick.pdf
    • http://www.gorillawalker.com/western-civilization-a-critical-guide-to-documentary-films.pdf
    • http://www.gorillawalker.com/the-adventure-of-the-red-circle-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/russkaia-lirika-malenkaia-antologiia-ot-lomonosova-do-pasternaka-russian-edition.pdf
    • http://www.gorillawalker.com/means-ada-compliance-pricing-guide-2nd-edition-cost-estimates-for.pdf
    • http://www.gorillawalker.com/atlas-climatologique-de-madagascar-madagascar-service-meteopologique-publications.pdf
    • http://www.gorillawalker.com/on-liturgical-asceticism.pdf
    • http://www.gorillawalker.com/the-divine-in-acts-and-in-ancient-historiography.pdf
    • http://www.gorillawalker.com/commodity-trading-systems-and-methods.pdf
    • http://www.gorillawalker.com/why-believe-god-exists-rethinking-the-case-for-god-and.pdf
    • http://www.gorillawalker.com/m-xima-seguridad-spanish-edition.pdf
    • http://www.gorillawalker.com/winston-churchill-man-of-the-century.pdf
    • http://www.gorillawalker.com/ale-edi-idoc-technologies-for-sap-2nd-edition-prima-tech.pdf
    • http://www.gorillawalker.com/wjec-eduqas-gcse-english-literature-set-text-teacher-guide-macbeth.pdf
    • http://www.gorillawalker.com/the-time-of-our-lives.pdf
    • http://www.gorillawalker.com/microwaving-light-meals-snacks-microwave-cooking-library.pdf
    • http://www.gorillawalker.com/ieee-guide-for-operation-and-maintenance-of-turbine-generators-ieee.pdf
    • http://www.gorillawalker.com/strategies-tactics-for-the-mbe-volume-2.pdf
    • http://www.gorillawalker.com/entrepreneurship-and-innovation-in-automobile-insurance-samuel-p-black-jr.pdf
    • http://www.gorillawalker.com/the-art-of-airbrushing-a-simple-guide-to-mastering-the.pdf
    • http://www.gorillawalker.com/climbing-higher.pdf
    • http://www.gorillawalker.com/reactions-of-solids-with-gases-comprehensive-chemical-kinetics.pdf
    • http://www.gorillawalker.com/seventeen-modern-german-poets-clarendon-german.pdf
    • http://www.gorillawalker.com/they-ll-cut-off-your-project-a-mingo-county-chronicle.pdf
    • http://www.gorillawalker.com/the-planets-op-32-chorus-score-qty-10-a8208.pdf
    • http://www.gorillawalker.com/p1-management-accounting-cima-practice-exam-kit.pdf
    • http://www.gorillawalker.com/quantum-mechanics-volume-ii.pdf
    • http://www.gorillawalker.com/the-plant-hunters-tales-of-the-botanist-explorers-who-enriched.pdf
    • http://www.gorillawalker.com/betrayal-the-story-of-alrich-ames-an-american-spy.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.