Malicious PDF — malware analysis report

Static analysis result for SHA-256 ebb4961a013b6ad1…

MALICIOUS

PDF

41.9 KB Created: 2018-11-23 08:00:42 +03:00 Authoring application: - (via ABBYY FineReader 9.0 Sprint)
MD5: 2f41fe05f40ca0c9bd9b3e85c425fd66 SHA-1: ee40206b45040f71a043bdf830ed7eb82c9c9813 SHA-256: ebb4961a013b6ad1a8e9d28df3fbde333046b7592b99b313850cdaf42037930c
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF file was flagged by a critical heuristic for containing a mass external PDF link farm, with 32 links identified. The ML classifier also strongly indicated maliciousness. The embedded URLs point to various PDF documents hosted on gorillawalker.com, suggesting a potential SEO spam or content distribution campaign. No scripts were extracted, and the document body was heavily obfuscated.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/justin-s-annual-the-official-justin-fletcher-annual-2013.pdf
    • http://www.gorillawalker.com/the-light-revolution-health-architecture-and-the-sun.pdf
    • http://www.gorillawalker.com/dungeon-fire-and-sword-the-knights-templar-in-the-crusades.pdf
    • http://www.gorillawalker.com/strange-bedpersons-hqn-romance.pdf
    • http://www.gorillawalker.com/real-hope-for-the-unemployed-17-leading-industry-experts-offer.pdf
    • http://www.gorillawalker.com/suzuki-cello-school-cello-part-vol-6.pdf
    • http://www.gorillawalker.com/the-professoriate-profile-of-a-profession-higher-education-dynamics.pdf
    • http://www.gorillawalker.com/eternal-father-organ-with-bells-acc-sheet-music-satb.pdf
    • http://www.gorillawalker.com/michelin-hungary-hongrie-map-2003.pdf
    • http://www.gorillawalker.com/the-topsy-turvy-kingdom-more-stories-for-your-faith-journey.pdf
    • http://www.gorillawalker.com/berkeley-physics-course-electricity-and-magnetism-v-2.pdf
    • http://www.gorillawalker.com/careers-in-database-design-careers-in-computer-technology.pdf
    • http://www.gorillawalker.com/basketball-basics-quickstudy-sports.pdf
    • http://www.gorillawalker.com/pulling-down-strongholds-learning-how-to-wage-war-against-spiritual.pdf
    • http://www.gorillawalker.com/world-enough-and-time-new-world-trilogy-book-1.pdf
    • http://www.gorillawalker.com/cows-and-their-calves-animal-offspring.pdf
    • http://www.gorillawalker.com/ten-fun-things-to-do-in-boston.pdf
    • http://www.gorillawalker.com/berceuse-from-the-dolly-suite-handbell-sheet-music-handbell-3.pdf
    • http://www.gorillawalker.com/more-unforgettable-legal-stories-unknown-binding.pdf
    • http://www.gorillawalker.com/the-young-communicant.pdf
    • http://www.gorillawalker.com/cria-jungle-heat-book-1.pdf
    • http://www.gorillawalker.com/meet-j-k-rowling-tony-stead-nonfiction-independent-reading-collections.pdf
    • http://www.gorillawalker.com/volleyball-getting-the-edge-conditioning-injuries-and-legal-illicit-drugs.pdf
    • http://www.gorillawalker.com/h-m-s-pinafore-act-i-ballad-sorry-her-lot.pdf
    • http://www.gorillawalker.com/curso-de-tarot-adivinaci.pdf
    • http://www.gorillawalker.com/geistliches-blumeng-rtlein-gro-druck-german-edition.pdf
    • http://www.gorillawalker.com/panic-rules-everything-you-need-to-know-about-the-global.pdf
    • http://www.gorillawalker.com/special-care-in-dentistry-handbook-of-oral-healthcare-1e.pdf
    • http://www.gorillawalker.com/remembering-his-mate-not-so-lone-wolf-4-siren-publishing.pdf
    • http://www.gorillawalker.com/optische-nachrichtentechnik-physikalische-grundlagen-entwicklung-moderne-elemente-und-systeme-german.pdf
    • http://www.gorillawalker.com/supernatural-the-official-companion-season-1.pdf
    • http://www.gorillawalker.com/dvd-video-guide-2004-video-and-dvd-guide.pdf
    • http://www.gorillawalker.com/the-strategy-process-concepts-context-cases-4th-edition.pdf
    • http://www.gorillawalker.com/daughters-of-the-valley-wildflowers-book-3-kindle-edition.pdf
    • http://www.gorillawalker.com/the-story-of-everything-from-the-big-bang-until-now.pdf
    • http://www.gorillawalker.com/working-the-sea-misadventures-ghost-stories-and-life-lessons-from.pdf
    • http://www.gorillawalker.com/diccionario-general-de-la-lengua-espanola-ilustr-spes-spanish-edition.pdf
    • http://www.gorillawalker.com/broken-bones-head-to-toe-health.pdf
    • http://www.gorillawalker.com/never-turn-back-the-life-of-whitewater-pioneers.pdf
    • http://www.gorillawalker.com/the-wallaby-endangered-and-threatened-animals.pdf
    • http://www.gorillawalker.com/eternal-father-organ-with-bells-acc
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.