Malicious PDF — malware analysis report

Static analysis result for SHA-256 cae72a9ce34bd659…

MALICIOUS

PDF

43.8 KB Created: 2019-04-06 10:13:15 +03:00 Authoring application: QuarkXPressª 4.11: AdobePS 8.7.3 (301) (via Acrobat Distiller 5.0.5 for Macintosh)
MD5: b85a5b66c343930b19e0e5afdeed0d46 SHA-1: 3da8641471da3cdad8def6b27180563483348196 SHA-256: cae72a9ce34bd659d8bb17f31e269cd047bc0f877c57842c9adf392a3c6e6617
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF file contains a large number of embedded links to external PDF documents, primarily hosted on www.gorillawalker.com. This behavior is indicative of a link farm, often used for SEO manipulation or to distribute malicious content. The ML classifier also flagged this PDF as malicious with a high probability. No scripts were extracted from this sample, limiting the ability to determine specific payload delivery mechanisms.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9007

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/awesome-things-to-draw-with-over-80-drawings-to-master.pdf
    • http://www.gorillawalker.com/college-botany-including-organography-vegetable-histology-vegetable-physiology-and-vegetable.pdf
    • http://www.gorillawalker.com/der-arbeiterschutz-seine-theorie-und-politik.pdf
    • http://www.gorillawalker.com/aopa-pilot-ga-serves-america-helicopter-police-patrol-b-24.pdf
    • http://www.gorillawalker.com/american-government-power-and-purpose-full-eleventh-edition-2010-election.pdf
    • http://www.gorillawalker.com/how-to-take-a-japanese-bath-paperback.pdf
    • http://www.gorillawalker.com/reef-fish-identification-florida-caribbean-bahamas.pdf
    • http://www.gorillawalker.com/the-escape-of-oney-judge-martha-washington-s-slave-finds.pdf
    • http://www.gorillawalker.com/an-introduction-to-the-history-of-the-law-of-real.pdf
    • http://www.gorillawalker.com/commentary-on-the-song-of-awakening.pdf
    • http://www.gorillawalker.com/smoothies.pdf
    • http://www.gorillawalker.com/direct-work-with-vulnerable-children-playful-activities-and-strategies-for.pdf
    • http://www.gorillawalker.com/the-official-presto-pressure-cooker-cookbook.pdf
    • http://www.gorillawalker.com/maternity-and-women-s-health-care.pdf
    • http://www.gorillawalker.com/walking-dead-30-1st-printing-nm-kirkman-walking-dead.pdf
    • http://www.gorillawalker.com/the-story-of-the-cleveland-cavaliers-the-nba-a-history.pdf
    • http://www.gorillawalker.com/cottage-style-decorating.pdf
    • http://www.gorillawalker.com/the-last-con.pdf
    • http://www.gorillawalker.com/integrated-circuit-quality-and-reliability-electrical-engineering-and-electronics-series.pdf
    • http://www.gorillawalker.com/american-history-through-the-eyes-of-modern-chaos-theory.pdf
    • http://www.gorillawalker.com/nights-on-the-train-kindle-edition.pdf
    • http://www.gorillawalker.com/the-best-ever-book-of-newcastle-united-jokes-lots-and.pdf
    • http://www.gorillawalker.com/genetic-knowledge-of-human-values.pdf
    • http://www.gorillawalker.com/florida-roadkill-a-novel-serge-storms-series-book-1-kindle.pdf
    • http://www.gorillawalker.com/irritable-bowel-syndrome-psychosocial-assessment-and-treatment.pdf
    • http://www.gorillawalker.com/the-trail-of-the-hare-library-of-anthropology.pdf
    • http://www.gorillawalker.com/pain-passion-and-faith-revisiting-the-place-of-charles-wesley.pdf
    • http://www.gorillawalker.com/rifles-six-years-with-wellington-s-legendary-sharpshooters.pdf
    • http://www.gorillawalker.com/scrabble-strategy-the-secrets-of-a-scrabble-junkie.pdf
    • http://www.gorillawalker.com/treating-schizophrenic-patients.pdf
    • http://www.gorillawalker.com/my-word-is-my-bond-voices-from-inside-the-chicago.pdf
    • http://www.gorillawalker.com/2015-van-gogh-wall-calendar.pdf
    • http://www.gorillawalker.com/wod-midnight-roads-world-of-darkness.pdf
    • http://www.gorillawalker.com/athletic-development-of-the-dressage-horse-manege-patterns-for-classical.pdf
    • http://www.gorillawalker.com/path-to-nigerian-freedom.pdf
    • http://www.gorillawalker.com/scott-catalogue-volume-2-countries-c-f-standard-postage-stamp.pdf
    • http://www.gorillawalker.com/being-presidential-eleven-plays-about-nineteen-presidencies.pdf
    • http://www.gorillawalker.com/matador-q.pdf
    • http://www.gorillawalker.com/barber-of-seville-rossini-easy-piano-sheet-music-kindle-edition.pdf
    • http://www.gorillawalker.com/high-tech-tennis.pdf
    • http://www.gorillawalker.com/american-gov
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.