Malicious PDF — malware analysis report

Static analysis result for SHA-256 fc00e6d257ffe93c…

MALICIOUS

PDF

44.8 KB Created: 2018-11-30 20:56:41 +03:00 Authoring application: Adobe InDesign CS5.5 (7.5) (via Adobe PDF Library 9.9)
MD5: 68a3d1aba4b9af2ccffac2258a250f89 SHA-1: 797718797146cc57368fcffffc9188d38c5dac5a SHA-256: fc00e6d257ffe93ccf46af0f0d5bea5a21cce8ee0cb7c55e75d64cccba779fb1
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF file contains a heuristic firing for a large number of embedded external links, specifically pointing to PDF files on 'gorillawalker.com'. This suggests a link farm or SEO manipulation tactic. The ML classifier also flagged the PDF as malicious. While no scripts were extracted, the sheer volume of links and the ML score indicate a high likelihood of malicious intent, possibly to distribute further malware or engage in phishing. The attack pattern is likely a lure to a malicious website or resource.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8812

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/affirmations-reprogram-your-subconscious-with-neuro-linguistic-programming.pdf
    • http://www.gorillawalker.com/the-fast-diet-magic-book-the-cheat-s-guide-to.pdf
    • http://www.gorillawalker.com/dark-wings.pdf
    • http://www.gorillawalker.com/medicine-malpractice-and-misapprehensions-biomedical-law-and-ethics-library.pdf
    • http://www.gorillawalker.com/jesus-christ-for-today-s-world.pdf
    • http://www.gorillawalker.com/financing-technology-s-frontier-decision-making-models-for-investors-and.pdf
    • http://www.gorillawalker.com/cisco-learning-labs-for-ccnp-switch-v2-0-50-hour.pdf
    • http://www.gorillawalker.com/stay-positive.pdf
    • http://www.gorillawalker.com/horror-science-fiction-and-fantasy-movie-posters-horror-sci-fi.pdf
    • http://www.gorillawalker.com/a-fortunate-man-the-story-of-a-country-doctor-by.pdf
    • http://www.gorillawalker.com/life-magazine-november-6-1964-cover-goldfinger-victim-shirley-eaton.pdf
    • http://www.gorillawalker.com/healing-herbal-wines-vinegars-syrups-storey-country-wisdom-bulletin-a.pdf
    • http://www.gorillawalker.com/taking-note-a-year-at-home-with-strangers.pdf
    • http://www.gorillawalker.com/mary-mother-and-warrior-the-virgin-in-spain-and-the.pdf
    • http://www.gorillawalker.com/psychology-religion-and-spirituality.pdf
    • http://www.gorillawalker.com/james-mcnair-s-pie-cookbook.pdf
    • http://www.gorillawalker.com/the-lord-s-son.pdf
    • http://www.gorillawalker.com/being-born.pdf
    • http://www.gorillawalker.com/the-drummer-boy-of-vicksburg.pdf
    • http://www.gorillawalker.com/mending-the-web-of-life-chinese-medicine-species-conservation.pdf
    • http://www.gorillawalker.com/tasslehoff-s-map-pouch-the-age-of-mortals.pdf
    • http://www.gorillawalker.com/first-philosophy-phenomenology-and-ethics-proceedings-of-the-levinas-memorial.pdf
    • http://www.gorillawalker.com/complete-blues-guitar-method-beginning-blues-guitar-book-enhanced-cd.pdf
    • http://www.gorillawalker.com/readers-and-writers-in-primary-grades-a-balanced-and-integrated.pdf
    • http://www.gorillawalker.com/the-albertine-workout-new-directions-poetry-pamphlet.pdf
    • http://www.gorillawalker.com/continental-shelf.pdf
    • http://www.gorillawalker.com/the-business-side-of-medicine-what-medical-schools-don-t.pdf
    • http://www.gorillawalker.com/hidden-cities-travels-to-the-secret-corners-of-the-world.pdf
    • http://www.gorillawalker.com/metal-enhanced-fluorescence.pdf
    • http://www.gorillawalker.com/adolescent-identity-evolutionary-cultural-and-developmental-perspectives.pdf
    • http://www.gorillawalker.com/a-companion-to-food-in-the-ancient-world-blackwell-companions.pdf
    • http://www.gorillawalker.com/lucy-stone-speaking-out-for-equality.pdf
    • http://www.gorillawalker.com/my-best-friend-s-boyfriend.pdf
    • http://www.gorillawalker.com/listen-with-the-ear-of-the-heart-an-autobiography.pdf
    • http://www.gorillawalker.com/the-thermodynamics-of-the-steady-state-methuen-s-monographs-on.pdf
    • http://www.gorillawalker.com/watashunomita-kankoku-jidaigeki-japanese-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/the-1040-handbook-a-guide-to-income-and-asset-discovery.pdf
    • http://www.gorillawalker.com/danebury-batsford-studies-in-archaeology.pdf
    • http://www.gorillawalker.com/biostatistics-an-introductory-text.pdf
    • http://www.gorillawalker.com/memory-and-other-great-songs-from-the-biggest-musicals-for.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.