Malicious PDF — malware analysis report

Static analysis result for SHA-256 f34afa71b5508548…

MALICIOUS

PDF

43.4 KB Created: 2018-12-07 18:27:35 +03:00 Authoring application: Arbortext Publishing Engine (via PDFlib+PDI 8.0.2p1 (Win32))
MD5: c78419f20ec3f1bd205e53186140e179 SHA-1: 472e26d6c8b913b967d8fe8c9305cd9a70057f9c SHA-256: f34afa71b55085480266aece91b9b1dd6af112ce979d6dfc67ffdda8031a28e5
72 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell

The PDF contains embedded URLs pointing to external documents, and a heuristic indicates visible command execution instructions. The ML classifier also flagged the PDF as malicious. The primary attack pattern involves tricking the user into downloading a malicious file from the provided URL, likely leading to further compromise.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8452

Heuristics 3

  • Visible LOLBin command execution instruction high SE_LOLBIN_RUN_COMMAND
    Document contains instructions or visible command text involving Windows script/execution tools such as PowerShell, mshta, cmd, rundll32, or regsvr32
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/amputee-sports-for-victims-of-terrorism-volume-31-nato-science.pdf
    • http://www.gorillawalker.com/mail-order-bride-cowboy-love-a-western-historical-romance-short.pdf
    • http://www.gorillawalker.com/chesapeake-bay-waters-four-centuries-of-controversy-concern-and-legislation.pdf
    • http://www.gorillawalker.com/diagramas-electricos-de-aire-acondicionado-spanish-edition.pdf
    • http://www.gorillawalker.com/the-festal-letters-of-athanasius-discovered-in-an-ancient-syriac.pdf
    • http://www.gorillawalker.com/la-sonnambula-vocal-score-a4588.pdf
    • http://www.gorillawalker.com/imray-chart-g15-southern-peloponnisos.pdf
    • http://www.gorillawalker.com/pippi-goes-aboard-astrid-lindgren.pdf
    • http://www.gorillawalker.com/kyoto-woodcuts.pdf
    • http://www.gorillawalker.com/world-according-to-curly-girl-2016-engagement-calendar.pdf
    • http://www.gorillawalker.com/the-steel-box-a-western-duo.pdf
    • http://www.gorillawalker.com/with-love-mary-sue-das-ph-nomen-fanfiction-german-edition.pdf
    • http://www.gorillawalker.com/hidden-places-of-dorset-hampshire-and-the-isle-of-wight.pdf
    • http://www.gorillawalker.com/horses-coloring-book-dover-spark.pdf
    • http://www.gorillawalker.com/a-cbt-practitioner-s-guide-to-act-how-to-bridge.pdf
    • http://www.gorillawalker.com/the-future-of-the-prepared-meals-market-in-italy-to.pdf
    • http://www.gorillawalker.com/andorra-3-en-1-gu-a-direcciones-mapa-3-in.pdf
    • http://www.gorillawalker.com/in-the-bear-s-house-kindle-edition.pdf
    • http://www.gorillawalker.com/does-peacekeeping-work-shaping-belligerents-choices-after-civil-war.pdf
    • http://www.gorillawalker.com/eon-kindle-edition.pdf
    • http://www.gorillawalker.com/vademecum-di-emergenza-urgenza-italian-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/leo-tolstoy-s-20-greatest-short-stories-annotated.pdf
    • http://www.gorillawalker.com/secular-monasticism-a-journey.pdf
    • http://www.gorillawalker.com/williams-sonoma-savoring-tuscany.pdf
    • http://www.gorillawalker.com/the-blue-planet-hardcover.pdf
    • http://www.gorillawalker.com/nuevos-episodios-nacionales-spanish-edition.pdf
    • http://www.gorillawalker.com/the-art-of-stillness-adventures-in-going-nowhere-unabridged-audible.pdf
    • http://www.gorillawalker.com/slave-for-my-boss-the-billionaire-s-au-pair-2.pdf
    • http://www.gorillawalker.com/de-la-independencia-anticolonial-a-la-dominaci-n-imperialista-visi.pdf
    • http://www.gorillawalker.com/15-winning-cardplay-techniques.pdf
    • http://www.gorillawalker.com/birnbaums-global-guide-to-material-sourcing.pdf
    • http://www.gorillawalker.com/take-me-home-a-novel.pdf
    • http://www.gorillawalker.com/the-judean-desert-monasteries-in-the-byzantine-period.pdf
    • http://www.gorillawalker.com/locke-and-leibniz-on-substance-routledge-studies-in-seventeenth-century.pdf
    • http://www.gorillawalker.com/northern-california-atlas-gazetteer.pdf
    • http://www.gorillawalker.com/powerful-profits-from-slots.pdf
    • http://www.gorillawalker.com/organization-contemporary-principles-and-practice.pdf
    • http://www.gorillawalker.com/scales-guitar-reference-guides.pdf
    • http://www.gorillawalker.com/the-use-of-force-military-power-and-international-politics.pdf
    • http://www.gorillawalker.com/romance-and-sex-in-adolescence-and-emerging-adulthood-risks-and.pdf
    • http://www.gorillawalker.com/pippi-goes-aboard-astrid-lindgren
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.