Malicious PDF — malware analysis report

Static analysis result for SHA-256 d0419f304caaf070…

MALICIOUS

PDF

46.0 KB Created: 2018-11-14 08:40:59 +03:00 Authoring application: Writer (via OpenOffice.org 2.4)
MD5: 1ca8cfba1d5c8b8333bf35a415040c2e SHA-1: 3bd0e0ff48a70d9c4f99bca37f337c377a441403 SHA-256: d0419f304caaf07043fae0e54e1d2302b7bc3be44275118278df671d2ed55cb5
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF contains a significant number of embedded links to external PDF files hosted on www.gorillawalker.com. This behavior is indicative of a link farm, potentially used for SEO manipulation or to distribute malicious content. The ML classifier also flagged this PDF as malicious with a high probability. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8439

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/overcoming-confusion-combatting-spiritual-strongholds-series.pdf
    • http://www.gorillawalker.com/southern-germany-and-austria-including-hungary-dalmatia-and-bosnia-handbook.pdf
    • http://www.gorillawalker.com/critical-issues-in-child-sexual-abuse-historical-legal-and-psychological.pdf
    • http://www.gorillawalker.com/concrete-under-severe-conditions-v1-environment-and-loading.pdf
    • http://www.gorillawalker.com/true-meditation-discover-the-freedom-of-pure-awareness.pdf
    • http://www.gorillawalker.com/this-is-npr-the-first-forty-years.pdf
    • http://www.gorillawalker.com/awakening-montana-wolves-book-2-montana-wolves-series.pdf
    • http://www.gorillawalker.com/the-bloodstained-throne-struggles-for-power-in-nepal-1775-1914.pdf
    • http://www.gorillawalker.com/siberian-forest-cats-as-pets-siberian-cats-and-kittens-complete.pdf
    • http://www.gorillawalker.com/passive-macromodeling-wiley-series-in-microwave-and-optical-engineering.pdf
    • http://www.gorillawalker.com/the-rough-guide-to-turkey-6-rough-guide-travel-guides.pdf
    • http://www.gorillawalker.com/journal-of-general-virology-volume-76-pp-1541-2413-july.pdf
    • http://www.gorillawalker.com/guilty-parties-crime-writers-association-anthology.pdf
    • http://www.gorillawalker.com/plowed-and-planted-by-the-futa-pirate-kindle-edition.pdf
    • http://www.gorillawalker.com/information-systems-concepts-for-management.pdf
    • http://www.gorillawalker.com/contemporary-s-real-numbers-developing-thinking-skills-in-math-estimation.pdf
    • http://www.gorillawalker.com/history-of-the-french-frigate-1650-1850-collection-archeologie-navale.pdf
    • http://www.gorillawalker.com/elementary-and-intermediate-algebra-special-edition-series-for-university-of.pdf
    • http://www.gorillawalker.com/on-the-condition-of-labor-and-the-social-question-one.pdf
    • http://www.gorillawalker.com/personal-mythology-using-ritual-dreams-and-imagination-to-discover-your.pdf
    • http://www.gorillawalker.com/the-sultan-s-harem-the-battered-lamp-32-genie-harem.pdf
    • http://www.gorillawalker.com/he-wins-she-wins-workbook-practicing-the-art-of-marital.pdf
    • http://www.gorillawalker.com/before-there-was-mozart-the-story-of-joseph-boulogne-chevalier.pdf
    • http://www.gorillawalker.com/shadowrun-seattle-box-set.pdf
    • http://www.gorillawalker.com/in-principle-in-practice-museums-as-learning-institutions-learning-innovations.pdf
    • http://www.gorillawalker.com/handel-with-disk-midi-piano-library.pdf
    • http://www.gorillawalker.com/psilocybin-mushroom-legal-defenses.pdf
    • http://www.gorillawalker.com/joseph-of-nazareth.pdf
    • http://www.gorillawalker.com/why-marriage-matters-reasons-to-believe-in-marriage-in-postmodern.pdf
    • http://www.gorillawalker.com/vax-vms-internals-and-data-structures-version-5-2.pdf
    • http://www.gorillawalker.com/logia-the-third-sacrament-holy-trinity-2011-kindle-edition.pdf
    • http://www.gorillawalker.com/seven-sunsets.pdf
    • http://www.gorillawalker.com/employee-lifestyle-and-off-duty-conduct.pdf
    • http://www.gorillawalker.com/institutional-change-and-political-continuity-in-post-soviet-central-asia.pdf
    • http://www.gorillawalker.com/complete-dictionary-and-thesaurus.pdf
    • http://www.gorillawalker.com/pediatrics-pretest-self-assessment-and-review-thirteenth-edition.pdf
    • http://www.gorillawalker.com/demographic-vistas-television-in-american-culture.pdf
    • http://www.gorillawalker.com/mineralogical-record-new-mexico-special-issue-magazine-january-february-1989.pdf
    • http://www.gorillawalker.com/mortis-vampire-series-omnibus-one-kindle-edition.pdf
    • http://www.gorillawalker.com/standard-catalog-of-world-coins-1801-1900-standard-catalog-of.pdf
    • http://www.gorillawalker.com/concrete-under-severe-conditions-v1-environment-and-loading
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.