Malicious PDF — malware analysis report

Static analysis result for SHA-256 d9d8f23a411e6976…

MALICIOUS

PDF

43.1 KB Created: 2018-12-28 08:09:10 +03:00 Authoring application: - (via Acrobat Distiller 5.0.1 for Macintosh)
MD5: b5eb28b57b9c74907ef5f35df67791c2 SHA-1: a32ddceaaa1d506a745b2d4f6bb588b27d52c28f SHA-256: d9d8f23a411e6976d81e6d6ada1543c97804b65323f75770e6660acd10290c44
72 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell

The ML classifier and the presence of embedded URLs strongly indicate malicious intent. The heuristic SE_LOLBIN_RUN_COMMAND suggests that the document may contain instructions to execute commands, likely to download and display the linked content. The document body itself is heavily obfuscated, preventing a deeper analysis of its specific payload or delivery mechanism.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 3

  • Visible LOLBin command execution instruction high SE_LOLBIN_RUN_COMMAND
    Document contains instructions or visible command text involving Windows script/execution tools such as PowerShell, mshta, cmd, rundll32, or regsvr32
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/evidence-based-dentistry-for-the-dental-hygienist.pdf
    • http://www.gorillawalker.com/what-season-is-it-rosen-common-core-readers.pdf
    • http://www.gorillawalker.com/new-zealand-95-the-complete-guide-with-the-best-outdoor.pdf
    • http://www.gorillawalker.com/safety-and-health-for-engineers-industrial-health-safety.pdf
    • http://www.gorillawalker.com/glyphs-moab-writers-poets-project-regional-anthology.pdf
    • http://www.gorillawalker.com/sudden-selector-s-guide-to-communication-studies-resources-alcts-cmds.pdf
    • http://www.gorillawalker.com/rejoicing-all-the-bible-teaches-about-kindle-edition.pdf
    • http://www.gorillawalker.com/auxiliary-verbs-in-english-primary-verbs-english-in-pictures-by.pdf
    • http://www.gorillawalker.com/monogatari-bundan-jinkokki-japanese-edition.pdf
    • http://www.gorillawalker.com/trillion-dollar-300-large-print-word-search-puzzles-book-2.pdf
    • http://www.gorillawalker.com/holt-geometry-student-edition-cd-rom-set-of-25-2004.pdf
    • http://www.gorillawalker.com/criticism-and-the-growth-of-knowledge-proceedings-of-the-colloquium.pdf
    • http://www.gorillawalker.com/townsend-harris-first-american-envoy-in-japan-primary-source-edition.pdf
    • http://www.gorillawalker.com/7-myths-about-women-and-work.pdf
    • http://www.gorillawalker.com/studia-patristica-vol-xxxv-ascetica-gnostica-liturgica-orientalia.pdf
    • http://www.gorillawalker.com/operation-passage-to-freedom-the-united-states-navy-in-vietnam.pdf
    • http://www.gorillawalker.com/russia-joint-venture-construction-plans-for-proposed-330-000-metric.pdf
    • http://www.gorillawalker.com/sounds-of-terror-quickreads-quickreads-series-3.pdf
    • http://www.gorillawalker.com/boy-blue-and-his-friends.pdf
    • http://www.gorillawalker.com/the-wilde-century-oscar-wilde-effeminacy-and-the-queer-moment.pdf
    • http://www.gorillawalker.com/professional-cd-rom-series-five-disk-set.pdf
    • http://www.gorillawalker.com/history-of-knowledge-past-present-and-future.pdf
    • http://www.gorillawalker.com/crossing-the-colorado-rockies-1864-american-sisters.pdf
    • http://www.gorillawalker.com/40-day-journey-to-purity-guys.pdf
    • http://www.gorillawalker.com/patient-sedation-without-medication-rapid-rapport-and-quick-hypnotic-techniques.pdf
    • http://www.gorillawalker.com/the-conception-of-god-a-philosophical-discussion-concerning-the-nature.pdf
    • http://www.gorillawalker.com/a-sense-of-order-and-other-stories.pdf
    • http://www.gorillawalker.com/joe-sacco-the-library-of-graphic-novelists.pdf
    • http://www.gorillawalker.com/bible-easter-puzzles.pdf
    • http://www.gorillawalker.com/popular-science-august-2009.pdf
    • http://www.gorillawalker.com/drums-in-the-hills.pdf
    • http://www.gorillawalker.com/water-and-dreams-an-essay-on-the-imagination-of-matter.pdf
    • http://www.gorillawalker.com/john-the-valiant-hesperus-classics-hungarian-edition.pdf
    • http://www.gorillawalker.com/first-little-readers-parent-pack-guided-reading-level-b-25.pdf
    • http://www.gorillawalker.com/norwich-s-maps-of-africa-an-illustrated-and-annotated-carto.pdf
    • http://www.gorillawalker.com/legends-idunna-s-enchanted-apples-part-1-of-3-premium.pdf
    • http://www.gorillawalker.com/anointed-life.pdf
    • http://www.gorillawalker.com/4-wheel-freedom-the-art-of-off-road-driving.pdf
    • http://www.gorillawalker.com/learning-legal-research-a-how-to-manual.pdf
    • http://www.gorillawalker.com/the-stammering-handbook-a-definitive-guide-to-coping-with-a.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.