Malicious PDF — malware analysis report

Static analysis result for SHA-256 ae6827a09b587beb…

MALICIOUS

PDF

42.3 KB Created: 2018-12-28 08:09:02 +03:00 Authoring application: Acrobat PDFMaker 5.0 for Word (via Acrobat Distiller 5.0.5 (Windows))
MD5: 7154050560165280551ac5782640eacb SHA-1: 3ed756b9f16fb09771e0a0fcdddce3ac818ceb02 SHA-256: ae6827a09b587bebebdee2ed104e77e45b000c08d1811f523e874e2779761e5c
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF was flagged by a machine learning classifier and a critical heuristic for containing a large number of external links to PDF files hosted on gorillawalker.com. This suggests a link farm or distribution mechanism. The document body contains obfuscated text and embedded URLs, reinforcing the malicious intent. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/l-afrique-entre-pass-et-futur-l-urgence-d-un.pdf
    • http://www.gorillawalker.com/an-arabic-english-lexicon-in-eight-volumes-vol-i-derived.pdf
    • http://www.gorillawalker.com/the-game-part-1.pdf
    • http://www.gorillawalker.com/sap-r-3-quality-management-making-it-work-for-your.pdf
    • http://www.gorillawalker.com/decorative-dollhouses.pdf
    • http://www.gorillawalker.com/mathematics-for-new-speakers-of-english.pdf
    • http://www.gorillawalker.com/sex-and-eroticism-in-mesopotamian-literature.pdf
    • http://www.gorillawalker.com/verf-hrerische-verstrickungen-german-edition.pdf
    • http://www.gorillawalker.com/42-rules-for-saving-your-house-from-foreclosure-a-practical.pdf
    • http://www.gorillawalker.com/morning-pilates-workouts.pdf
    • http://www.gorillawalker.com/a-sourcebook-for-baptist-heritage.pdf
    • http://www.gorillawalker.com/draw-with-joan-miro.pdf
    • http://www.gorillawalker.com/the-arrangement-3-die-familie-ferro-german-edition.pdf
    • http://www.gorillawalker.com/aphid-management-in-alfalfa-for-wyoming.pdf
    • http://www.gorillawalker.com/love-doesn-t-cost-a-thing-connecting-hearts-paperback.pdf
    • http://www.gorillawalker.com/the-puzzling-world-of-winston-breen-puzzling-world-winston-breen.pdf
    • http://www.gorillawalker.com/advanced-electrical-installation-work-fourth-edition.pdf
    • http://www.gorillawalker.com/out-from-the-underworld-kindle-edition.pdf
    • http://www.gorillawalker.com/salvation-tomorrow.pdf
    • http://www.gorillawalker.com/max-the-stubborn-little-wolf.pdf
    • http://www.gorillawalker.com/the-chiropractor-s-self-help-back-and-body-book-your.pdf
    • http://www.gorillawalker.com/concert-favorites-vol1-keyboard-percussion-essential-elements-2000-band.pdf
    • http://www.gorillawalker.com/the-uncertain-trumpet-a-history-of-church-of-england-school.pdf
    • http://www.gorillawalker.com/an-introduction-to-time-series-analysis-and-forecasting-with-applications.pdf
    • http://www.gorillawalker.com/tourist-attractions-and-events-of-the-world.pdf
    • http://www.gorillawalker.com/rumblee-in-my-tummy-kindle-edition.pdf
    • http://www.gorillawalker.com/rave-america-new-school-dancescapes.pdf
    • http://www.gorillawalker.com/smaragdus-of-saint-mihiel-the-crown-of-monks-cistercian-studies.pdf
    • http://www.gorillawalker.com/tempting-treats-canapes-over-100-cocktail-party-recipes.pdf
    • http://www.gorillawalker.com/the-education-of-little-tree-chinese-edition.pdf
    • http://www.gorillawalker.com/finite-group-theory-cambridge-studies-in-advanced-mathematics.pdf
    • http://www.gorillawalker.com/comprehension-processes-in-reading.pdf
    • http://www.gorillawalker.com/statistical-forecasting-for-inventory-control.pdf
    • http://www.gorillawalker.com/the-outlaw-s-bible-how-to-evade-the-system-using.pdf
    • http://www.gorillawalker.com/sabbath-day-all-the-bible-teaches-about-kindle-edition.pdf
    • http://www.gorillawalker.com/science-project-ideas-about-the-sun.pdf
    • http://www.gorillawalker.com/the-cia-world-factbook-2009.pdf
    • http://www.gorillawalker.com/samurai-sudoku-hard-volume-4-159-puzzles.pdf
    • http://www.gorillawalker.com/elements-of-structural-geology-1963-483-pages.pdf
    • http://www.gorillawalker.com/the-revenge-game-a-tale-of-domination-and-seduction-volume.pdf
    • http://www.gorillawalker.com/sex-and-eroticism-in-me
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.