Malicious PDF — malware analysis report

Static analysis result for SHA-256 f9ce6ab27a57566f…

MALICIOUS

PDF

47.4 KB Created: 2018-11-26 20:03:20 +03:00 Authoring application: dvipsk 5.58f Copyright 1986, 1994 Radical Eye Software (via Acrobat Distiller 3.0 f r Macintosh)
MD5: 99d227e3de98b4cc8dfae813b95e517e SHA-1: 818635634c7863406fc60a8ca69e7e3c529f0370 SHA-256: f9ce6ab27a57566fa6516e93f8adbb800cdbb5a2474314cd7c1f7bade10d056c
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF contains a large number of external links to other PDF files hosted on the domain www.gorillawalker.com. This behavior is indicative of a link farm, often used for SEO manipulation or to distribute a variety of malicious documents. No scripts were extracted, and the document body was not readable, limiting the ability to determine a more specific attack pattern or family. The ML classifier also flagged this PDF as malicious.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8550

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/profiles-of-drug-substances-excipients-and-related-methodology-volume-30.pdf
    • http://www.gorillawalker.com/na-zdorovie.pdf
    • http://www.gorillawalker.com/island-of-shame-the-secret-history-of-the-u-s.pdf
    • http://www.gorillawalker.com/the-madam-the-soiled-dove-series-book-5.pdf
    • http://www.gorillawalker.com/enslaved-by-the-tentacle-god.pdf
    • http://www.gorillawalker.com/do-you-really-want-to-meet-a-crocodile.pdf
    • http://www.gorillawalker.com/core-engineering-concepts-for-students-and-professionals.pdf
    • http://www.gorillawalker.com/kung-fu-san-soo-basics-an-introduction-to-chinese-self.pdf
    • http://www.gorillawalker.com/responsible-librarianship-library-policies-for-unreliable-systems.pdf
    • http://www.gorillawalker.com/canada-u-s-free-trade-agreement-implications-opportunities-and-challenges.pdf
    • http://www.gorillawalker.com/vous-tes-fous-d-avaler-a-un-industriel-de-l.pdf
    • http://www.gorillawalker.com/alex-me-how-a-scientist-and-a-parrot-uncovered-a.pdf
    • http://www.gorillawalker.com/novenario-de-difuntos-spanish-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/rigby-on-our-way-to-english-bookroom-package-grade-3.pdf
    • http://www.gorillawalker.com/managerial-economics-business-strategy.pdf
    • http://www.gorillawalker.com/the-catholic-book-of-character-and-success.pdf
    • http://www.gorillawalker.com/totality-and-infinity-at-50.pdf
    • http://www.gorillawalker.com/fashion-design-workshop-drawing-book-kit-includes-everything-you-need.pdf
    • http://www.gorillawalker.com/the-wiersbe-bible-study-series-hebrews-live-by-faith-not.pdf
    • http://www.gorillawalker.com/a-primer-on-sustainable-building.pdf
    • http://www.gorillawalker.com/reconstruction-america-s-unfinished-revolution-1863-1877-new-american-nation.pdf
    • http://www.gorillawalker.com/quiet-new-york.pdf
    • http://www.gorillawalker.com/prosopopeyas-de-eros-cuentos-spanish-edition.pdf
    • http://www.gorillawalker.com/nasal-physiology-and-pathophysiology-of-nasal-disorders.pdf
    • http://www.gorillawalker.com/grandi-capolavori-per-tromba-pezzi-facili-di-bach-beethoven-brahms.pdf
    • http://www.gorillawalker.com/amante-desatado-la-hermandad-de-la-daga-negra-5-spanish.pdf
    • http://www.gorillawalker.com/great-book-of-britains-100-years-of-britains-toy-soldiers.pdf
    • http://www.gorillawalker.com/a-field-manual-of-acoustic-phonetics.pdf
    • http://www.gorillawalker.com/all-we-are-saying-the-last-major-interview-with-john.pdf
    • http://www.gorillawalker.com/ebony-obsession-interracial-romance-erotica-deon-macqueen-esquire-book-4.pdf
    • http://www.gorillawalker.com/the-return-heritage-of-horror-series-kindle-edition.pdf
    • http://www.gorillawalker.com/the-pan-american-games-los-juegos-panamericanos-a-statistical-history.pdf
    • http://www.gorillawalker.com/dentro-de-la-mente-sexual-del-hombre-aries-spanish-edition.pdf
    • http://www.gorillawalker.com/quality-assurance-in-the-offshore-oil-and-gas-industry-petroleum.pdf
    • http://www.gorillawalker.com/goldfrank-s-toxicologic-emergencies.pdf
    • http://www.gorillawalker.com/trumpet-concerto-in-e-flat.pdf
    • http://www.gorillawalker.com/an-expert-s-smart-strategy-guide-to-winning-at-craps.pdf
    • http://www.gorillawalker.com/l-enfant-prodigue-recit-et-air-de-lia-for-theatre.pdf
    • http://www.gorillawalker.com/incredible-hulk-1962-1999-399.pdf
    • http://www.gorillawalker.com/irish-folk-trad-blues-a-secret-history.pdf
    • http://www.gorillawalker.com/d
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.