Malicious PDF — malware analysis report

Static analysis result for SHA-256 d10ccd00fcf9fb50…

MALICIOUS

PDF

46.0 KB Created: 2018-12-15 08:53:53 +03:00 Authoring application: TeX (via pdfTeX-1.40.16)
MD5: 133b525da76d79dc01e2af5667cd7c08 SHA-1: a594d6d6a7884dd018dc993a2a45874381633f11 SHA-256: d10ccd00fcf9fb507418d6b9266657b0c0e962a52ace0f060997c27a94c3f2de
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF was flagged by a machine learning classifier and contains a large number of embedded URLs pointing to external PDF files on the domain www.gorillawalker.com. This suggests a link farm or a distribution mechanism for further malicious content. The document body was heavily obfuscated and unreadable, preventing a more detailed analysis of its specific lure.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8600

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-argumentative-turn-in-policy-analysis-and-planning.pdf
    • http://www.gorillawalker.com/for-the-dead-a-poke-rafferty-novel.pdf
    • http://www.gorillawalker.com/pizza-memoirs-kindle-edition.pdf
    • http://www.gorillawalker.com/marmalade-jet-and-the-finnies-gazelle-books.pdf
    • http://www.gorillawalker.com/strive-for-a-5-preparing-for-the-ap-macroeconomics-examination.pdf
    • http://www.gorillawalker.com/nuevo-manantial-de-cuentos-infantiles-spanish-edition.pdf
    • http://www.gorillawalker.com/sanfords-guide-to-peters-and-reed-the-zane-pottery-company.pdf
    • http://www.gorillawalker.com/the-diet-hater-s-diet-book-gram-counter-plus-a.pdf
    • http://www.gorillawalker.com/manuel-pratique-d-anesth-sie-french-edition.pdf
    • http://www.gorillawalker.com/wilderness-survival-for-dummies.pdf
    • http://www.gorillawalker.com/ati-custom-admin-clin-mod-blue.pdf
    • http://www.gorillawalker.com/basic-computer-application-in-the-21st-century-secondary-vocational-education.pdf
    • http://www.gorillawalker.com/adventures-in-group-theory-rubik-s-cube-merlin-s-machine.pdf
    • http://www.gorillawalker.com/panama-in-pictures-graphic-views-of-the-great-new-waterway.pdf
    • http://www.gorillawalker.com/365-bible-verses-a-year-page-a-day-calendar-2009.pdf
    • http://www.gorillawalker.com/the-savior-s-symbols-seven-affirmations-from-the-life-of.pdf
    • http://www.gorillawalker.com/mccall-s-cooking-school-recipe-card-soups-23-french-onion.pdf
    • http://www.gorillawalker.com/boston-by-locals-a-boston-travel-guide-written-by-a.pdf
    • http://www.gorillawalker.com/der-rosenkavalier-opera-op-59-act-iii-trio-hab-s.pdf
    • http://www.gorillawalker.com/introduction-to-offshore-engineering-offshore-engineering-handbook.pdf
    • http://www.gorillawalker.com/100-erotic-ebooks-a-super-collection-of-erotic-ebooks-for.pdf
    • http://www.gorillawalker.com/the-atkoi-war-volume-2-slave-girl-of-ziandakush-kindle.pdf
    • http://www.gorillawalker.com/managing-and-using-mysql-2nd-edition.pdf
    • http://www.gorillawalker.com/a-da-act-iii-duetto-pur-ti-riveggo-fuggiam-gli.pdf
    • http://www.gorillawalker.com/china-communications-transmitting-equipment-mfg-industry-profile-cic4011-download-pdf.pdf
    • http://www.gorillawalker.com/lutherans-and-the-longest-war-adrift-on-a-sea-of.pdf
    • http://www.gorillawalker.com/mindful-coaching-how-mindfulness-can-transform-coaching-practice.pdf
    • http://www.gorillawalker.com/cuentos-de-soldados-tales-of-soldiers-spanish-edition.pdf
    • http://www.gorillawalker.com/a-history-of-japan-1334-1615.pdf
    • http://www.gorillawalker.com/the-companion-bible-the-book-of-song-of-solomon-kindle.pdf
    • http://www.gorillawalker.com/holt-mcdougal-larson-geometry-student-edition-one-stop-cd-set.pdf
    • http://www.gorillawalker.com/level-3-diploma-in-plumbing-studies-candidate-handbook-electrical-installations.pdf
    • http://www.gorillawalker.com/memory-power-up-101-ways-to-instant-recall.pdf
    • http://www.gorillawalker.com/travels-in-greece-and-france-and-the-durrell-school-of.pdf
    • http://www.gorillawalker.com/behavioral-assessment-in-schools-second-edition-theory-research-and-clinical.pdf
    • http://www.gorillawalker.com/jesus-calling-devotional-journal.pdf
    • http://www.gorillawalker.com/metallocenes-an-introduction-to-sandwich-complexes.pdf
    • http://www.gorillawalker.com/paseos-con-robert-walser-walking-with-robert-walser-libros-del.pdf
    • http://www.gorillawalker.com/south-western-federal-taxation-internal-revenue-code-of-1986-and.pdf
    • http://www.gorillawalker.com/symphony-no-1-op-13-full-score-a5182.pdf
    • http://www.gorillawalker.com/strive-for-a-5-preparing-for-the-ap-macroeconomics-examination.p
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
stream_000_off00000209.bin
205e31f3faec462485a985089f4b8214705e34adda0846cd0b3a89af94ad2fec		 decompressed-pdf-stream PDF FlateDecoded stream at offset 0x209 14498 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.