Malicious PDF — malware analysis report

Static analysis result for SHA-256 b69e4923fe9edb7c…

MALICIOUS

PDF

44.6 KB Created: 2018-12-15 08:53:45 +03:00 Authoring application: - (via Python PDF Library - http://pybrary.net/pyPdf/)
MD5: f9729c7c9a5a3cbc47cbec2f7d1f8085 SHA-1: 963e3f7779fdb4db27075dd2ebfc8cdaaf7c81eb SHA-256: b69e4923fe9edb7c223748e1526af87768ccf15f31e52afd7dcac46ee4922190
72 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF contains embedded URLs, one of which is http://www.gorillawalker.com/more-word-histories-and-mysteries-from-aardvark-to-zombie.pdf. The heuristic SE_PASSWORD_ARCHIVE_LURE indicates that the document likely instructs the user to open a password-protected archive, a common tactic to bypass gateway security. The ML classifier also flagged this PDF as malicious.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9171

Heuristics 3

  • Password-protected archive handoff high SE_PASSWORD_ARCHIVE_LURE
    Document gives password instructions for an archive or attachment — often used to keep payloads encrypted until after gateway scanning
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/more-word-histories-and-mysteries-from-aardvark-to-zombie.pdf
    • http://www.gorillawalker.com/spiral-jetta-a-road-trip-through-the-land-art-of.pdf
    • http://www.gorillawalker.com/los-cabos-oklahoma.pdf
    • http://www.gorillawalker.com/lust-in-a-labcoat-a-bbw-erotic-story.pdf
    • http://www.gorillawalker.com/oral-tradition-and-literary-dependency-variability-and-stability-in-the.pdf
    • http://www.gorillawalker.com/zack-s-alligator-goes-to-school.pdf
    • http://www.gorillawalker.com/transmission-and-reception-with-multiple-antennas-theoretical-foundations-foundations-and.pdf
    • http://www.gorillawalker.com/silverplated-flatware-an-identification-and-value-guide-4th-revised-edition.pdf
    • http://www.gorillawalker.com/byron-katie-s-katieisms-inner-wisdom-cards.pdf
    • http://www.gorillawalker.com/swamp-thing-by-scott-snyder-deluxe-edition.pdf
    • http://www.gorillawalker.com/caillou-lights-out-playtime.pdf
    • http://www.gorillawalker.com/their-fathers-god-a-novel.pdf
    • http://www.gorillawalker.com/jumpin-jim-crow.pdf
    • http://www.gorillawalker.com/neo-jurassic-a-post-apocalyptic-thriller-the-first-book-in.pdf
    • http://www.gorillawalker.com/ancient-puzzles-classic-brainteasers-and-other-timeless-mathematical-games-of.pdf
    • http://www.gorillawalker.com/dictionary-of-new-zealand-biography-volume-5-1941-1960.pdf
    • http://www.gorillawalker.com/intermediate-algebra-for-college-students-a-la-carte-with-mml.pdf
    • http://www.gorillawalker.com/mickey-muennig-dreams-and-realizations-for-a-living-architecture.pdf
    • http://www.gorillawalker.com/voice-of-the-eagle-kindle-edition.pdf
    • http://www.gorillawalker.com/jason-s-duty-the-mcgregor-saga-volume-1.pdf
    • http://www.gorillawalker.com/the-before-now-and-after-then-kindle-edition.pdf
    • http://www.gorillawalker.com/handbook-of-advanced-radioactive-waste-conditioning-technologies-woodhead-publishing-series.pdf
    • http://www.gorillawalker.com/celtic-blessings-prayers-for-everyday-life.pdf
    • http://www.gorillawalker.com/millionaire-by-thirty-the-quickest-path-to-early-financial-independence.pdf
    • http://www.gorillawalker.com/everything-and-a-mini-series-for-the-kitchen-sink-understanding.pdf
    • http://www.gorillawalker.com/field-mathematics-for-electromagnetics-photonics-and-materials-science-a-guide.pdf
    • http://www.gorillawalker.com/cholera-the-biography-biographies-of-diseases.pdf
    • http://www.gorillawalker.com/what-jesus-demands-from-the-world-gospel-coalition.pdf
    • http://www.gorillawalker.com/treating-patients-with-adhd-and-coexisting-conditions-special-section-attention.pdf
    • http://www.gorillawalker.com/stick-control-for-the-snare-drummer.pdf
    • http://www.gorillawalker.com/birds-dogs-and-kangaroos-life-on-the-back-roads-of.pdf
    • http://www.gorillawalker.com/goal-setting-for-students-a-sucess-tool-for-the-classroom.pdf
    • http://www.gorillawalker.com/game-theory-a-multi-leveled-approach-springer-texts-in-business.pdf
    • http://www.gorillawalker.com/the-new-2015-complete-guide-to-lego-lord-of-the.pdf
    • http://www.gorillawalker.com/high-output-management.pdf
    • http://www.gorillawalker.com/sedimentary-geology-an-introduction-to-sedimentary-rocks-and-stratigraphy-by.pdf
    • http://www.gorillawalker.com/the-audacious-crimes-of-colonel-blood-the-spy-who-stole.pdf
    • http://www.gorillawalker.com/enrique-iglesias.pdf
    • http://www.gorillawalker.com/quantum-ghosts-the-singularity-has-arrived.pdf
    • http://www.gorillawalker.com/china-s-banking-law-and-the-national-treatment-of-foreign.pdf
    • http://pybrary.net/pyPdf/
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.