Malicious PDF — malware analysis report

Static analysis result for SHA-256 bc213a9e31a3b321…

MALICIOUS

PDF

44.0 KB Created: 2018-12-11 20:44:46 +03:00 Authoring application: Adobe InDesign CS6 (Windows) (via Adobe PDF Library 10.0.1)
MD5: 53d8e4d904f7cb19ba3848b1493a1595 SHA-1: ef0839834842b6f70fab7a1d84d2e1614bb05ab3 SHA-256: bc213a9e31a3b321bddcdf97e79fbafe4da03620db10d505b416988449b80d99
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF was flagged by a machine learning classifier as malicious and contains a large number of embedded external links to PDF files on the domain 'www.gorillawalker.com'. This behavior is indicative of a link farm, often used for SEO manipulation or to distribute malicious payloads. No scripts were extracted, limiting the ability to determine specific execution techniques.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9171

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/fencing.pdf
    • http://www.gorillawalker.com/the-impact-of-labor-management-relations-on-productivity-and-efficiency.pdf
    • http://www.gorillawalker.com/gypsy-magic-a-romany-book-of-spells-charms-and-fortune.pdf
    • http://www.gorillawalker.com/subject-headings-for-children-a-list-of-subject-headings-used.pdf
    • http://www.gorillawalker.com/selected-poems-clarendon-german-german-edition.pdf
    • http://www.gorillawalker.com/big-league-city-oklahoma-city-s-rise-to-the-nba.pdf
    • http://www.gorillawalker.com/jamaican-anansi-stories.pdf
    • http://www.gorillawalker.com/brandon-and-the-return-to-london-valley-bedtime-stories-book.pdf
    • http://www.gorillawalker.com/mercedes-benz-personenwagen-1886-1986-german-edition.pdf
    • http://www.gorillawalker.com/chordtime-ragtime-marches-level-2b.pdf
    • http://www.gorillawalker.com/the-reduction-of-clerics-to-the-lay-state-1945-cua.pdf
    • http://www.gorillawalker.com/corfu-globetrotter-travel-pack.pdf
    • http://www.gorillawalker.com/adolescent-psychiatry-vol-29.pdf
    • http://www.gorillawalker.com/the-baptism-of-the-ages-and-of-the-nations.pdf
    • http://www.gorillawalker.com/beginnings-understanding-how-we-experience-the-new-birth.pdf
    • http://www.gorillawalker.com/engineering-graphics-design-and-modeling-with-ugs-nx-7-5.pdf
    • http://www.gorillawalker.com/the-remarkable-miss-frankenstein.pdf
    • http://www.gorillawalker.com/mine-environment-and-management-an-indian-scenario.pdf
    • http://www.gorillawalker.com/the-power-of-relentless-7-secrets-to-achieving-mega-success.pdf
    • http://www.gorillawalker.com/family-business-models-practical-solutions-for-the-family-business.pdf
    • http://www.gorillawalker.com/morality-and-the-law-contemporary-issues-prometheus.pdf
    • http://www.gorillawalker.com/metamorphism-and-metamorphic-belts.pdf
    • http://www.gorillawalker.com/computer-cartography-the-mapping-system-normap-location-models.pdf
    • http://www.gorillawalker.com/law-enforcement-media-relations-handbook.pdf
    • http://www.gorillawalker.com/heaven-came-down-tonight-with-gesu-bambino.pdf
    • http://www.gorillawalker.com/perfect-pleasure-guaranteed.pdf
    • http://www.gorillawalker.com/meniere-man-in-the-kitchen-cooking-for-meniere-s-the.pdf
    • http://www.gorillawalker.com/someone-like-you-series-piano-vocal-guitar-sheet-music.pdf
    • http://www.gorillawalker.com/the-definitive-guide-to-apache-mod-rewrite-definitive-guides.pdf
    • http://www.gorillawalker.com/probabilistic-graphical-models-principles-and-techniques-adaptive-computation-and-machine.pdf
    • http://www.gorillawalker.com/compendium-of-hydrogen-energy-hydrogen-production-and-purification-woodhead-publishing.pdf
    • http://www.gorillawalker.com/straddling-worlds-the-jewish-american-journey-of-professor-richard-w.pdf
    • http://www.gorillawalker.com/great-little-book-on-mastering-your-time-brian-tracy-s.pdf
    • http://www.gorillawalker.com/mills-moors-and-luddites-exploring-kirklees-by-rail-and-foot.pdf
    • http://www.gorillawalker.com/el-caso-neruda-spanish-edition.pdf
    • http://www.gorillawalker.com/mutual-funds-in-india-marketing-strategies-and-investment-practices-2nd.pdf
    • http://www.gorillawalker.com/the-consultant-s-quick-start-guide-an-action-plan-for.pdf
    • http://www.gorillawalker.com/a-man-called-white-the-autobiography-of-walter-white.pdf
    • http://www.gorillawalker.com/irritable-bowel-syndrome-the-essential-guide-need2know-books-book-45.pdf
    • http://www.gorillawalker.com/walt-disney-world-for-adults-the-original-guide-for-grown.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.