Malicious PDF — malware analysis report

Static analysis result for SHA-256 cefc89ccad43e211…

MALICIOUS

PDF

43.9 KB Created: 2018-12-15 20:02:04 +03:00 Authoring application: AdobePS5.dll Version 5.0.1 (via Acrobat Distiller 4.0 for Windows)
MD5: 5d439dd2e8b594d1af119c0c7d0b6b9a SHA-1: 4517cccee249144bea8f32b93c41f761149d4b6a SHA-256: cefc89ccad43e211609fe393d7d9c524778b96add7d06377cfe6ab2c3fe13cee
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF contains a large number of embedded links pointing to external PDF files on the domain 'gorillawalker.com'. This behavior is indicative of a link farm, likely used for SEO manipulation or to distribute a variety of content, potentially including malicious payloads. The ML classifier also flagged this PDF as malicious. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9016

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-viruses-at-our-gates-the-effect-on-our-everyday.pdf
    • http://www.gorillawalker.com/selected-topics-in-automation.pdf
    • http://www.gorillawalker.com/the-metaphysics-of-text.pdf
    • http://www.gorillawalker.com/highlights-in-american-history-to-1850.pdf
    • http://www.gorillawalker.com/behind-the-wheel-german-2-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/the-college-journey-from-college-to-career-2009.pdf
    • http://www.gorillawalker.com/word-ladders-100-wonderful-word-ladder-puzzles.pdf
    • http://www.gorillawalker.com/the-mathematician-s-shiva.pdf
    • http://www.gorillawalker.com/dungeons-dragons-divine-power-roleplaying-game-supplement.pdf
    • http://www.gorillawalker.com/sams-teach-yourself-microsoft-dynamics-crm-2011-in-24-hours.pdf
    • http://www.gorillawalker.com/a-dictionary-of-the-english-language-2-volume-set-in.pdf
    • http://www.gorillawalker.com/lion-of-the-piano.pdf
    • http://www.gorillawalker.com/the-ruins-of-myth-drannor-advanced-dungeons-dragons-forgotten-realms.pdf
    • http://www.gorillawalker.com/pathology-of-the-stomach-and-duodenum.pdf
    • http://www.gorillawalker.com/colon-cancer-is-preventable-but-screening-is-key-commentary-an.pdf
    • http://www.gorillawalker.com/technology-common-to-aero-and-marine-engineering-advances-in-underwater.pdf
    • http://www.gorillawalker.com/procedures-for-commercial-building-energy-audits-2nd-edition.pdf
    • http://www.gorillawalker.com/how-i-relearned-what-to-eat-and-how-to-exercise.pdf
    • http://www.gorillawalker.com/hmo-ppo-directory-2014-detailed-profiles-oa-u-s-managed.pdf
    • http://www.gorillawalker.com/rick-steves-europe-london-and-paris-vhs.pdf
    • http://www.gorillawalker.com/healing-stories.pdf
    • http://www.gorillawalker.com/digital-marketing-strategy-implementation-and-practice.pdf
    • http://www.gorillawalker.com/top-secret-a-handbook-of-codes-ciphers-and-secret-writing.pdf
    • http://www.gorillawalker.com/rad-tech-s-guide-to-mammography-physics-instrumentation-and-quality.pdf
    • http://www.gorillawalker.com/the-bee-book-for-beginners-2nd-edition-revised-an-apiculture.pdf
    • http://www.gorillawalker.com/dawning-of-clear-light-a-western-approach-to-tibetan-dark.pdf
    • http://www.gorillawalker.com/dog-problems-the-gentle-modern-cure.pdf
    • http://www.gorillawalker.com/healing-foods-a-step-by-step-guide-in-a-nutshell.pdf
    • http://www.gorillawalker.com/mesopotamia-introductory-guides.pdf
    • http://www.gorillawalker.com/porphyry-to-gaurus-on-how-embryos-are-ensouled-and-on.pdf
    • http://www.gorillawalker.com/cosmology-the-history-and-nature-of-our-universe-complete-set.pdf
    • http://www.gorillawalker.com/scenic-west-scotland-a-scenic-look-at-west-scotland-s.pdf
    • http://www.gorillawalker.com/noise-control-in-building-services.pdf
    • http://www.gorillawalker.com/complete-international-law-text-cases-and-materials.pdf
    • http://www.gorillawalker.com/move.pdf
    • http://www.gorillawalker.com/the-arts-in-latin-america-1492-1820-philadelphia-museum-of.pdf
    • http://www.gorillawalker.com/dawn-and-dusk-a-recorder-song-book-book-1.pdf
    • http://www.gorillawalker.com/winter-sports-2014-media-illustration.pdf
    • http://www.gorillawalker.com/miscellanea-cartographica-contributions-to-the-history-of-cartography-hes-studies.pdf
    • http://www.gorillawalker.com/little-bear-s-friend-hebrew-i-know-how-to-read.pdf
    • http://www.gorillawalker.com/the-college-journey-from-
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.