Malicious PDF — malware analysis report

Static analysis result for SHA-256 d4b03a22f457024b…

MALICIOUS

PDF

41.5 KB Created: 2018-12-14 20:12:47 +03:00 Authoring application: Microsoft Word: AdobePS 8.7.3 (301) (via Acrobat Distiller 5.0.5 for Macintosh)
MD5: 3a31eaaf2fb4b23216390887b45532fa SHA-1: 85df1ac3badfb16d08d84091483aaf7cfe51bd0c SHA-256: d4b03a22f457024b75c92bdf995303e69ac4f86a5ce4f527b3dd3780a5541b7f
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1059.001 PowerShell

The PDF file was flagged by a machine learning classifier as malicious and contains a large number of embedded links to external PDF files hosted on 'gorillawalker.com'. This heuristic, PDF_SEO_LINK_FARM, indicates a likely attempt to manipulate search engine results or serve as a distribution point for further malicious content. No scripts were extracted from this sample, and the document body was heavily obfuscated, limiting further analysis of the specific lure.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/emergency-war-surgery-third-edition.pdf
    • http://www.gorillawalker.com/escrito-por-los-otros-ensayos-sobre-los-libros-de-luis.pdf
    • http://www.gorillawalker.com/a-golfer-s-education.pdf
    • http://www.gorillawalker.com/essential-guide-to-acute-care.pdf
    • http://www.gorillawalker.com/hope-is-certain-the-story-of-a-teenager-with-crohn.pdf
    • http://www.gorillawalker.com/intense-electron-and-ion-beams-particle-acceleration-and-detection.pdf
    • http://www.gorillawalker.com/philosophy-and-homosexuality.pdf
    • http://www.gorillawalker.com/the-people-trade-pacific-island-laborers-and-new-caledonia-1865.pdf
    • http://www.gorillawalker.com/out-of-africa-and-shadows-on-the-grass-edition-unknown.pdf
    • http://www.gorillawalker.com/billboard-bandits-outlaw-artists-in-the-sky.pdf
    • http://www.gorillawalker.com/sonata-piano-e-forte-score-parts-eighth-note-publications.pdf
    • http://www.gorillawalker.com/tragedy-and-hope-101-the-illusion-of-justice-freedom-and.pdf
    • http://www.gorillawalker.com/the-adventures-of-peanut-the-sugar-glider.pdf
    • http://www.gorillawalker.com/heal-your-liver-detoxify-and-repair-your-liver-with-the.pdf
    • http://www.gorillawalker.com/iso-9001-2000-quality-registration-step-by-step.pdf
    • http://www.gorillawalker.com/advanced-hypnotherapy-scripts-collection-quit-smoking-scripts-a-collection-of.pdf
    • http://www.gorillawalker.com/die-entschl-sselung-der-wirklichkeit-ist-das-universum-ein-programm.pdf
    • http://www.gorillawalker.com/medida-de-un-hombre-la-los-veinte-atributos-de-un.pdf
    • http://www.gorillawalker.com/time-of-my-life.pdf
    • http://www.gorillawalker.com/discover-your-true-north.pdf
    • http://www.gorillawalker.com/vocal-aerobics-a-complete-fitness-program-for-your-voice.pdf
    • http://www.gorillawalker.com/karl-marx-el-18-brumario-revolucion-y-contrarrevolucion-y-critica.pdf
    • http://www.gorillawalker.com/a-most-unsuitable-earl-marriage-by-scandal-book-2.pdf
    • http://www.gorillawalker.com/reason-in-law.pdf
    • http://www.gorillawalker.com/martin-shapiro-s-2039.pdf
    • http://www.gorillawalker.com/linguistics-and-poetics-of-latvian-folksongs-mcgill-queen-s-studies.pdf
    • http://www.gorillawalker.com/odyssey-cliffsnotes-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/scandal-takes-a-holiday-a-marcus-didius-falco-mystery-novel.pdf
    • http://www.gorillawalker.com/the-bamboo-princess-and-the-music-hands-man-based-on.pdf
    • http://www.gorillawalker.com/songs-of-the-jews-of-calcutta.pdf
    • http://www.gorillawalker.com/mental-health-module-23.pdf
    • http://www.gorillawalker.com/concerto-for-2-violins-in-b-flat-major-rv-524.pdf
    • http://www.gorillawalker.com/jazz-guitar-workshop-walking-bass-lines-the-blues-in-12.pdf
    • http://www.gorillawalker.com/computational-studies-of-new-materials-ii-from-ultrafast-processes-and.pdf
    • http://www.gorillawalker.com/let-her-speak-transcript-of-texas-sate-senator-wendy-davis.pdf
    • http://www.gorillawalker.com/my-father-s-boat.pdf
    • http://www.gorillawalker.com/john-woolman-and-the-20th-century-pendle-hill-pamphlets-book.pdf
    • http://www.gorillawalker.com/collins-london-pocket-atlas.pdf
    • http://www.gorillawalker.com/let-s-go-london-oxford-cambridge-the-student-travel-guide.pdf
    • http://www.gorillawalker.com/andean-express-kindle-edition.pdf
    • http://www.gorillawalker.com/o
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.