Malicious PDF — malware analysis report

Static analysis result for SHA-256 cb134969865b73ef…

MALICIOUS

PDF

40.9 KB Created: 2018-12-15 08:03:28 +03:00 Authoring application: QuarkXPress(R) 9.0
MD5: a590013c5a03941ef680b7a386241b90 SHA-1: 2500c89886f1edd43a0c5e1dfbc274bbe3b836ec SHA-256: cb134969865b73efaa695371565d5a05a331ce8ea589a097a3de938890e0c5e8
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF contains a large number of embedded external links, identified by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged the document as malicious with high confidence. The embedded URLs point to various PDF documents hosted on gorillawalker.com, suggesting a link farm or content distribution strategy. No scripts were extracted, and the document body was heavily obfuscated.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/homeroom-diaries.pdf
    • http://www.gorillawalker.com/optical-specification-fabrication-and-testing-spie-press-monograph-pm252.pdf
    • http://www.gorillawalker.com/maple-leaf-rag-study-score.pdf
    • http://www.gorillawalker.com/c-mo-convivir-con-hijos-adolescentes-books4pocket-crecimiento-y-salud.pdf
    • http://www.gorillawalker.com/cider-with-rosie.pdf
    • http://www.gorillawalker.com/the-brother-avenged-and-other-ballads.pdf
    • http://www.gorillawalker.com/projekt-b-b.pdf
    • http://www.gorillawalker.com/fundamentals-of-quantum-physics-undergraduate-lecture-notes-in-physics-kindle.pdf
    • http://www.gorillawalker.com/information-technology-intermediate-gnvq.pdf
    • http://www.gorillawalker.com/student-instrumental-course-alto-saxophone-student-level-iii.pdf
    • http://www.gorillawalker.com/secrets-of-the-wonderlic-personnel-test-study-guide-wpt-exam.pdf
    • http://www.gorillawalker.com/annual-statement-studies-2004-2005-financial-ratio-benchmarks.pdf
    • http://www.gorillawalker.com/julius-caesar-timeless-shakespeare.pdf
    • http://www.gorillawalker.com/winter-invierno-of-the-year-las-estaciones-del-ano-seasons.pdf
    • http://www.gorillawalker.com/two-letters-to-gandhi.pdf
    • http://www.gorillawalker.com/return-of-king-visual-companion-the-lord-of-the-rings.pdf
    • http://www.gorillawalker.com/srimad-devi-bhagavatam-translated-by-swami-vijnanananda-volume-26-sanskrit.pdf
    • http://www.gorillawalker.com/handbook-of-muscle-foods-analysis.pdf
    • http://www.gorillawalker.com/medikidz-explain-slipped-hip-what-s-up-with-jacob.pdf
    • http://www.gorillawalker.com/a-little-english-cookbook.pdf
    • http://www.gorillawalker.com/america-s-top-skiing-mountains-snowboarding-in-antarctica-harrison-barnes.pdf
    • http://www.gorillawalker.com/don-wright-s-guide-to-free-campgrounds-western-edition-12th.pdf
    • http://www.gorillawalker.com/qu-mica-org-nica-experimental-spanish-edition.pdf
    • http://www.gorillawalker.com/the-d-b-cooper-hijacking-vanishing-act-true-crime.pdf
    • http://www.gorillawalker.com/reflexology-the-definitive-practitioner-s-manual.pdf
    • http://www.gorillawalker.com/oil-and-gas-pipe-stressing-manual.pdf
    • http://www.gorillawalker.com/7-secrets-of-marketing-in-a-multi-cultural-world.pdf
    • http://www.gorillawalker.com/a-death-at-the-dionysus-club.pdf
    • http://www.gorillawalker.com/native-listening-language-experience-and-the-recognition-of-spoken-words.pdf
    • http://www.gorillawalker.com/7th-conference-on-waves-and-stability-in-continuous-media-bologna.pdf
    • http://www.gorillawalker.com/rhetorical-agendas-political-ethical-spiritual.pdf
    • http://www.gorillawalker.com/how-judges-reason-the-logic-of-adjudication.pdf
    • http://www.gorillawalker.com/daniel-the-triumph-of-god-s-kingdom-preaching-the-word.pdf
    • http://www.gorillawalker.com/harrap-s-pocket-german-verbs.pdf
    • http://www.gorillawalker.com/ultra-p-a-s-s-ultrasound-physics-instrumentation-a-comprehensive.pdf
    • http://www.gorillawalker.com/the-monster-chase.pdf
    • http://www.gorillawalker.com/lose-weight-with-green-tea-a-safe-sensible-way-toward.pdf
    • http://www.gorillawalker.com/glacier-national-park-past-and-present.pdf
    • http://www.gorillawalker.com/occult-chemistry-illustrated.pdf
    • http://www.gorillawalker.com/cracking-the-regents-exam-chemistry-1998-99-edition-princeton-review.pdf
    • http://www.gorillawalker.com/the-brother-avenged-and-other-ballad
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.