Malicious PDF — malware analysis report

Static analysis result for SHA-256 c605072b0228d0c7…

MALICIOUS

PDF

33.6 KB Created: 2019-12-14 01:47:19 +03:00 Authoring application: PScript5.dll Version 5.2.2 (via Acrobat Distiller 10.1.2 (Windows))
MD5: 7577852abfc06eb8fc02939f4f3afcf8 SHA-1: 0e2344655b6c473000c267b4736036e15a7dc98f SHA-256: c605072b0228d0c7ebf71da2db4bb4f451d77c88cd4d1de190d0d2a24de952fe
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF contains a large number of embedded links pointing to external PDF files on the domain 'gorillawalker.com'. This is indicative of a link farm, often used for SEO manipulation or to distribute malicious content. The ML classifier also flagged this PDF as malicious with a high score. No scripts were extracted from this sample, and the document body was heavily obfuscated.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8529

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/get-raw-with-joi-kindle-edition.pdf
    • http://www.gorillawalker.com/digital-world-connectivity-creativity-and-rights.pdf
    • http://www.gorillawalker.com/increasing-student-engagement-and-retention-using-immersive-interfaces-virtual-worlds.pdf
    • http://www.gorillawalker.com/room-at-the-inn-a-jeff-resnick-mystery-book-5.pdf
    • http://www.gorillawalker.com/menopause-master-plan-kindle-edition.pdf
    • http://www.gorillawalker.com/modern-well-test-analysis-a-computer-aided-approach.pdf
    • http://www.gorillawalker.com/labyrinths-path-of-thunder.pdf
    • http://www.gorillawalker.com/digital-printing-technologies-offers-inks-for-digital-textile-inkjet-printing.pdf
    • http://www.gorillawalker.com/adventure-riding-techniques-the-essential-guide-to-all-the-skills.pdf
    • http://www.gorillawalker.com/alfred-s-basic-all-in-one-course-book-4-lesson.pdf
    • http://www.gorillawalker.com/joints-and-jointmaking-woodworking-workshops-series-professional-skills-made-easy.pdf
    • http://www.gorillawalker.com/en-defensa-de-israel-evidencia-b-blica-de-por-qu.pdf
    • http://www.gorillawalker.com/why-women-need-chocolate.pdf
    • http://www.gorillawalker.com/city-of-permanent-temporality-the-making-of-luchtsingel-schieblock-test.pdf
    • http://www.gorillawalker.com/massachusetts-advance-sheet-september-2013-kindle-edition.pdf
    • http://www.gorillawalker.com/seminars-in-practical-forensic-psychiatry-college-seminars-series.pdf
    • http://www.gorillawalker.com/hitler-s-secret-weapon-the-managed-press-and-propaganda-machine.pdf
    • http://www.gorillawalker.com/william-joseph-beyond.pdf
    • http://www.gorillawalker.com/reading-explorer-student-s-book-4.pdf
    • http://www.gorillawalker.com/owner-will-carry-how-to-squeeze-profits-out-of-every.pdf
    • http://www.gorillawalker.com/tantric-transformation-when-love-meets-meditation.pdf
    • http://www.gorillawalker.com/iran-u-s-claims-tribunal-reports-volume-23.pdf
    • http://www.gorillawalker.com/nursing-the-feline-patient-kindle-edition.pdf
    • http://www.gorillawalker.com/berryman-s-shakespeare.pdf
    • http://www.gorillawalker.com/legoland.pdf
    • http://www.gorillawalker.com/the-young-elites.pdf
    • http://www.gorillawalker.com/cityflash-stockholm-map.pdf
    • http://www.gorillawalker.com/a-sceptical-guide-to-meaning-and-rules-defending-kripke-s.pdf
    • http://www.gorillawalker.com/caplan-s-stroke-a-clinical-approach-4e.pdf
    • http://www.gorillawalker.com/hymn-and-scripture-selection-guide-a-cross-reference-tool-for.pdf
    • http://www.gorillawalker.com/webs-of-resistence-in-a-newly-privatized-polish-firm-workers.pdf
    • http://www.gorillawalker.com/the-bi-centennial-celebration-of-the-first-congregational-church-and.pdf
    • http://www.gorillawalker.com/arizona-highways-december-1969-classic-color-photography-vol-45-no.pdf
    • http://www.gorillawalker.com/entre-nous-les-femmes-french-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/contributions-of-land-remote-sensing-for-decisions-about-food-security.pdf
    • http://www.gorillawalker.com/twelve-minutes-of-love-a-tango-story.pdf
    • http://www.gorillawalker.com/ultimate-beginner-rock-drum-basics-mega-pak-book-cd-dvd.pdf
    • http://www.gorillawalker.com/agape.pdf
    • http://www.gorillawalker.com/political-parties-development-and-decay-sage-electoral-studies-yearbook-vol.pdf
    • http://www.gorillawalker.com/modeling-of-asphalt-concrete-mcgraw-hill-construction.pdf
    • http://www.gorillawalker.com/digital-printing-technologies-offers-inks-for-digital-textile-inkjet-printing
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.