Malicious PDF — malware analysis report

Static analysis result for SHA-256 c57c30a57c46a342…

MALICIOUS

PDF

45.7 KB Created: 2018-11-26 20:07:14 +03:00 Authoring application: XEP 4.4 build 20050610
MD5: ca1d9c7ff36582f7cb4a34e2ae7dbe9b SHA-1: e3484c1ad0ccdc26930cf0f04d97d417dad6b73b SHA-256: c57c30a57c46a342c29f2e7f57cedf3d01bb320fc93c3b3e9448a0a479c031cb
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF contains a large number of embedded links pointing to external PDF files on the domain www.gorillawalker.com. This behavior is indicative of a link farm, often used for SEO manipulation or to distribute malicious content. The ML classifier also flagged this PDF as malicious with a high probability. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8634

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/teaching-what-you-re-not-identity-politics-in-higher-education.pdf
    • http://www.gorillawalker.com/are-these-the-words-of-jesus-dramatic-evidence-from-beyond.pdf
    • http://www.gorillawalker.com/cake-decorating-simplified-the-roth-method.pdf
    • http://www.gorillawalker.com/neurosurgical-nursing-spinal-cord-nursing-unit-2-acute-nursing-care.pdf
    • http://www.gorillawalker.com/the-law-of-precipitation-how-to-successfully-meet-life-s.pdf
    • http://www.gorillawalker.com/the-state-of-the-world-atlas-unique-visual-survey-global.pdf
    • http://www.gorillawalker.com/an-aide-de-camp-of-napoleon-memoirs-of-general-count.pdf
    • http://www.gorillawalker.com/arthur-high-king-of-britain.pdf
    • http://www.gorillawalker.com/interpretation-of-three-dimensional-seismic-data-aapg-memoir-42.pdf
    • http://www.gorillawalker.com/e-study-guide-for-clinical-neuroanatomy-textbook-by-stephen-waxman.pdf
    • http://www.gorillawalker.com/family-maps-of-pulaski-county-arkansas.pdf
    • http://www.gorillawalker.com/the-kids-book-of-awesome-stuff.pdf
    • http://www.gorillawalker.com/skellig.pdf
    • http://www.gorillawalker.com/test-your-driving-iq.pdf
    • http://www.gorillawalker.com/beyond-hidden-dangers-railway-safety-into-the-21st-century.pdf
    • http://www.gorillawalker.com/pen-drawing-techniques-revised-general-higher-education-institutions-of-higher.pdf
    • http://www.gorillawalker.com/the-black-revolution-on-campus.pdf
    • http://www.gorillawalker.com/the-rough-guide-to-india-5-rough-guide-travel-guides.pdf
    • http://www.gorillawalker.com/mcdougal-littell-science-science-kit-consumable-grades-6-8-space.pdf
    • http://www.gorillawalker.com/spanish-reader-for-advanced-students-ii-spanish-stories-advanced-spanish.pdf
    • http://www.gorillawalker.com/kekkaishi-vol-24-kindle-edition.pdf
    • http://www.gorillawalker.com/secrets-of-the-garden-food-chains-and-the-food-web.pdf
    • http://www.gorillawalker.com/functional-equations-and-how-to-solve-them-problem-books-in.pdf
    • http://www.gorillawalker.com/california-dreams-and-realities-3e-ix-visual-exercises.pdf
    • http://www.gorillawalker.com/back-roads-california-eyewitness-travel-back-roads.pdf
    • http://www.gorillawalker.com/youth-studies-fundamental-issues-and-debates.pdf
    • http://www.gorillawalker.com/they-looked-and-loved.pdf
    • http://www.gorillawalker.com/out-of-the-wild-zoo-portraits.pdf
    • http://www.gorillawalker.com/encore-tricolore-revision-handbook-for-gcse-french-with-cassette-with.pdf
    • http://www.gorillawalker.com/yoga-time-travel-yoga-puteshestviya-vo-vremeni.pdf
    • http://www.gorillawalker.com/knife-sharpening-made-easy.pdf
    • http://www.gorillawalker.com/the-justice-league-companion-paperback.pdf
    • http://www.gorillawalker.com/living-related-donor-liver-transplantation-assessment-of-graft-viability-based.pdf
    • http://www.gorillawalker.com/five-strides-on-the-banked-track-the-life-and-times.pdf
    • http://www.gorillawalker.com/the-formal-equality-theory-in-practice-the-inability-of-current.pdf
    • http://www.gorillawalker.com/dead-lust-book-one-desire-death-and-danger.pdf
    • http://www.gorillawalker.com/eat-well-and-stay-slim-the-essential-cuisine-minceur.pdf
    • http://www.gorillawalker.com/financial-accounting-and-reporting-a-global-perspective.pdf
    • http://www.gorillawalker.com/1995-international-conference-on-acoustics-speech-and-signal-processing-5.pdf
    • http://www.gorillawalker.com/visions-gourmandes-l-art-de-dresser-et-pr.pdf
    • http://www.gorillawalker.com/neurosurgical-nursing-spinal-cord-nursing-unit-2-acute-nursin
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.