Malicious PDF — malware analysis report

Static analysis result for SHA-256 c25132d1f8d7c90b…

MALICIOUS

PDF

44.9 KB Created: 2018-11-14 11:22:48 +03:00 Authoring application: Documill Publishor 6.3.9.1 by Documill (http://www.documill.com/) (via iText 2.1.6 by 1T3XT)
MD5: 5e947fa3e2b9be3798f607be36b20195 SHA-1: 3573572cc9705a33e765a0b16e2d0c11f4a02d37 SHA-256: c25132d1f8d7c90ba8019d18166e645c1f1a5393191392b5056d42a43342a5d0
90 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell

The PDF was flagged by a critical heuristic for containing a large number of external links, suggesting a link farm or distribution mechanism. The ML classifier also indicated a high probability of maliciousness. While no scripts were extracted, the sheer volume of links to external PDFs from the domain 'gorillawalker.com' points to a coordinated effort to distribute content, potentially malicious, under the guise of legitimate-looking document titles.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8173

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/buy-a-band-new-world-symphony-slow-movement.pdf
    • http://www.gorillawalker.com/the-criminal-justice-system.pdf
    • http://www.gorillawalker.com/misa-negra-black-mass-la-religion-apocaliptica-y-la-muerte.pdf
    • http://www.gorillawalker.com/flying-trip-to-the-tropics-a-record-of-an-ornithological.pdf
    • http://www.gorillawalker.com/around-the-world-on-a-frayed-shoestring-travel-tales-for.pdf
    • http://www.gorillawalker.com/a-giant-cow-tipping-by-savages-inside-the-turbulent-world.pdf
    • http://www.gorillawalker.com/save-a-bundle-50-ways-to-save-big-on-baby.pdf
    • http://www.gorillawalker.com/slave-and-freeman-the-autobiography-of-george-l-knox.pdf
    • http://www.gorillawalker.com/frankfurt-vista-point-city-guide-and-plan.pdf
    • http://www.gorillawalker.com/sixth-beatle-when-music-changed-the-world.pdf
    • http://www.gorillawalker.com/cracking-the-gre-chemistry-test-2nd-edition-graduate-test-prep.pdf
    • http://www.gorillawalker.com/the-politics-of-birth-1e.pdf
    • http://www.gorillawalker.com/watching-earth-from-space-how-surveillance-helps-us-and-harms.pdf
    • http://www.gorillawalker.com/madrid-sevilla.pdf
    • http://www.gorillawalker.com/financially-distressed-companies-answer-book-2013-4-practising-law-institute.pdf
    • http://www.gorillawalker.com/aqa-gcse-sciences-biology-chemistry-and-physics-spec-by-step.pdf
    • http://www.gorillawalker.com/colonialism-a-theoretical-overview.pdf
    • http://www.gorillawalker.com/fibers-made-by-people-innovations-in-science.pdf
    • http://www.gorillawalker.com/morocco-cultureshock-cultureshock.pdf
    • http://www.gorillawalker.com/the-complete-idiot-s-guide-to-team-building.pdf
    • http://www.gorillawalker.com/co-os-y-barro-spanish-edition.pdf
    • http://www.gorillawalker.com/how-to-make-homemade-organic-natto-kindle-edition.pdf
    • http://www.gorillawalker.com/a-voice-for-human-rights-pennsylvania-studies-in-human-rights.pdf
    • http://www.gorillawalker.com/the-washington-manual-of-medical-therapeutics-thirty-first-edition-for.pdf
    • http://www.gorillawalker.com/margaret-of-greenwich-margaret-of-greenwich-r-book-1-kindle.pdf
    • http://www.gorillawalker.com/beethoven-s-tempest-sonata-perspectives-of-analysis-and-performance-analysis.pdf
    • http://www.gorillawalker.com/healing-your-heart-of-painful-emotions.pdf
    • http://www.gorillawalker.com/the-role-of-law-enforcement-in-the-response-to-child.pdf
    • http://www.gorillawalker.com/chrysler-outboards-all-engines-1962-1984-seloc-marine-tune-up.pdf
    • http://www.gorillawalker.com/a-land-of-ghosts-the-braided-lives-of-people-and.pdf
    • http://www.gorillawalker.com/miss-don-t-touch-me-vol-2.pdf
    • http://www.gorillawalker.com/handbook-of-research-on-venture-capital.pdf
    • http://www.gorillawalker.com/same-job-new-life-how-to-work-from-home-from.pdf
    • http://www.gorillawalker.com/knocked-up-michelle-a-forbidden-taboo-erotica-kindle-edition.pdf
    • http://www.gorillawalker.com/the-water-gates-water-rights-water-wars-in-the-50.pdf
    • http://www.gorillawalker.com/echo-soul-seekers.pdf
    • http://www.gorillawalker.com/dream-katcher.pdf
    • http://www.gorillawalker.com/the-high-speed-blender-cookbook-how-to-get-the-best.pdf
    • http://www.gorillawalker.com/sudoku-25x25-volume-3-sudoku-xtra-specials.pdf
    • http://www.gorillawalker.com/protein-diet-high-protein-low-carb-slow-cooker-cookbook-kindle.pdf
    • http://www.documill.com/
    • http://www.gorillawalker.com
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    +1 more URL(s)

Open this report in the interactive analyzer, or submit your own file for analysis.