Malicious PDF — malware analysis report

Static analysis result for SHA-256 cbf3904f12c3597d…

MALICIOUS

PDF

45.6 KB Created: 2019-04-07 18:03:47 +03:00 Authoring application: Adobe InDesign CC 2015 (Windows) (via Adobe PDF Library 15.0)
MD5: c4a917d320b9b62f1da10aadc63ee675 SHA-1: 0e8bc75d1ddb0262946ed38364463a439d9f06a1 SHA-256: cbf3904f12c3597d1e83e9a5ac51fd3d5d950145e23564a539650b58f7b5ab75
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF contains a large number of embedded URLs pointing to various documents on www.gorillawalker.com. This is indicative of a link farm, often used for SEO manipulation or to distribute malicious payloads. The ML classifier also flagged this PDF as malicious. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8173

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-revolutionary-constitution.pdf
    • http://www.gorillawalker.com/beyond-basics-acoustic-slide-guitar-pal-video.pdf
    • http://www.gorillawalker.com/70-state-bar-essays-tutor-estudiante-de-derecho-americano-a.pdf
    • http://www.gorillawalker.com/my-husbands-fantasy.pdf
    • http://www.gorillawalker.com/you-raise-me-up-piano-vocal-sheet-music.pdf
    • http://www.gorillawalker.com/deserts-a-firefly-guide.pdf
    • http://www.gorillawalker.com/particle-mechanics-the-theory-of-energy-states.pdf
    • http://www.gorillawalker.com/did-you-know-that-a-basic-guide-to-being-politically.pdf
    • http://www.gorillawalker.com/an-english-chinese-chinese-english-dictionary-of-accounting-auditing.pdf
    • http://www.gorillawalker.com/the-fortunate-aeon-how-the-thousand-buddhas-became-enlightened-tibetan.pdf
    • http://www.gorillawalker.com/nevogenesis-mechanisms-and-clinical-implications-of-nevus-development.pdf
    • http://www.gorillawalker.com/escaping-the-delta-robert-johnson-and-the-invention-of-the.pdf
    • http://www.gorillawalker.com/we-are-all-connected-historic-inspirational-short-stories.pdf
    • http://www.gorillawalker.com/lippincott-s-textbook-for-nursing-assistants-a-humanist-approach-to.pdf
    • http://www.gorillawalker.com/berek-and-novak-s-gynecology.pdf
    • http://www.gorillawalker.com/congenital-heart-disease-in-adults-3e-congenital-heart-disease-in.pdf
    • http://www.gorillawalker.com/encyclopedia-of-essential-oils-the-complete-guide-to-the-use.pdf
    • http://www.gorillawalker.com/advanced-group-leadership.pdf
    • http://www.gorillawalker.com/the-alchemyst-the-secrets-of-the-immortal-nicholas-flamel.pdf
    • http://www.gorillawalker.com/obadiah-jonah-micah-tyndale-old-testament-commentaries.pdf
    • http://www.gorillawalker.com/bonnard-the-complete-graphic-work.pdf
    • http://www.gorillawalker.com/101-nook-tips-tricks-and-hacks-the-unofficial-guide-to.pdf
    • http://www.gorillawalker.com/rose-s-big-decision-ballerina-dreams-book-3.pdf
    • http://www.gorillawalker.com/walking-dead-17-1st-print.pdf
    • http://www.gorillawalker.com/uno-degli-onesti-italian-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/die-rache-der-wale-german-edition.pdf
    • http://www.gorillawalker.com/mechwarrior-fire-for-effect-booster.pdf
    • http://www.gorillawalker.com/saga-2.pdf
    • http://www.gorillawalker.com/ploiesti-planul-orasului-1-10-000-contine-indexul-strazilor-si.pdf
    • http://www.gorillawalker.com/contemporary-arab-thought-cultural-critique-in-comparative-perspective.pdf
    • http://www.gorillawalker.com/sister-sarah-s-wyoming-lucky-address-finders-kindle-edition.pdf
    • http://www.gorillawalker.com/polizeikostenrecht-in-rechtsvergleichender-perspektive-vorschlag-f-r-ein-neues-polizeikostenrecht.pdf
    • http://www.gorillawalker.com/revenge-he-needs-her-to-complete-his-revenge.pdf
    • http://www.gorillawalker.com/orange-sunshine-the-brotherhood-of-eternal-love-and-its-quest.pdf
    • http://www.gorillawalker.com/the-expedition.pdf
    • http://www.gorillawalker.com/group-theory-in-physics-volume-3-supersymmetries-and-infinite-dimensional.pdf
    • http://www.gorillawalker.com/over-indonesia-aerial-views-of-the-archipelago.pdf
    • http://www.gorillawalker.com/mastering-linux.pdf
    • http://www.gorillawalker.com/dog-eyewitness-books.pdf
    • http://www.gorillawalker.com/exotic-england-the-making-of-a-curious-nation.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.