Malicious PDF — malware analysis report

Static analysis result for SHA-256 fc77f48a9cf02952…

MALICIOUS

PDF

45.9 KB Created: 2018-12-14 21:14:24 +03:00 Authoring application: Adobe InDesign CS6 (Windows) (via Adobe PDF Library 10.0.1)
MD5: db97f624cb6eaf2e047955cf7c2df3af SHA-1: 49bc07fe68d6b73020b49f7bb5b713dfd38cca7f SHA-256: fc77f48a9cf02952fb59577a8fcec233c2f4e13cdd29593832d61945ebb44475
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF contains a large number of embedded external links, identified by the PDF_SEO_LINK_FARM heuristic. These links point to various PDF files hosted on www.gorillawalker.com. The ML_NYX_PDF_MALICIOUS heuristic also flagged the document. The primary attack pattern appears to be a link farm designed to manipulate search engine results or distribute malicious content via numerous PDF links.

Machine Learning

  • Nyx PDF Classifier malicious score 0.7914

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/small-scale-grain-raising-an-organic-guide-to-growing-processing.pdf
    • http://www.gorillawalker.com/the-accurate-rifle.pdf
    • http://www.gorillawalker.com/garou-black-widow.pdf
    • http://www.gorillawalker.com/color-design-transforming-interior-space.pdf
    • http://www.gorillawalker.com/philosophy-in-the-middle-ages-the-christian-islamic-and-jewish.pdf
    • http://www.gorillawalker.com/ancient-trees-trees-that-live-for-a-thousand-years.pdf
    • http://www.gorillawalker.com/adobe-premiere-elements-pour-les-nuls-french-edition.pdf
    • http://www.gorillawalker.com/all-our-yesterdays-cross-stitch-collection-33-charming-designs-from.pdf
    • http://www.gorillawalker.com/atlas-of-tanganyika-third-edition-with-transparent-population-overlay-now.pdf
    • http://www.gorillawalker.com/chocolate-step-by-step-practical-recipes.pdf
    • http://www.gorillawalker.com/the-official-scrabble-players-dictionary-third-edition.pdf
    • http://www.gorillawalker.com/hegemony-or-survival-america-s-quest-for-global-dominance-unabridged.pdf
    • http://www.gorillawalker.com/german-twin-engine-bombers-of-world-war-ii.pdf
    • http://www.gorillawalker.com/webster-s-wine-price-guide-the-complete-wine-buyer-s.pdf
    • http://www.gorillawalker.com/the-lancet-london-a-journal-of-british-and-foreign-medicine.pdf
    • http://www.gorillawalker.com/tough-minded-management-a-guide-for-managers-who-are-too.pdf
    • http://www.gorillawalker.com/yogurt-parfait-ricette-italian-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/divorce-legal-procedures-and-financial-facts.pdf
    • http://www.gorillawalker.com/se-venden-gorras-caps-for-sale.pdf
    • http://www.gorillawalker.com/communio-sanctorum-the-church-as-the-communion-saints-unitas-books.pdf
    • http://www.gorillawalker.com/power-play-mack-bedford.pdf
    • http://www.gorillawalker.com/larry-johnson-trd-pb-millbrook-sports-world.pdf
    • http://www.gorillawalker.com/innovative-telemarketing-and-consumer-fraud-in-oregon-and-the-northwest.pdf
    • http://www.gorillawalker.com/c-reactive-protein-everthing-you-need-to-know-about-it.pdf
    • http://www.gorillawalker.com/discovering-fiction-level-1-student-s-book-a-reader-of.pdf
    • http://www.gorillawalker.com/the-classic-ten-the-true-story-of-the-little-black.pdf
    • http://www.gorillawalker.com/engineering-flow-and-heat-exchange.pdf
    • http://www.gorillawalker.com/practical-scientific-computing-woodhead-publishing-in-mathematics.pdf
    • http://www.gorillawalker.com/twenty-boy-summer.pdf
    • http://www.gorillawalker.com/the-best-recorder-method-yet-book-1-c-soprano-or.pdf
    • http://www.gorillawalker.com/joyce-and-wagner-a-study-of-influence.pdf
    • http://www.gorillawalker.com/great-hikes-in-the-poconos-and-northeast-pennsylvania.pdf
    • http://www.gorillawalker.com/tachdjian-s-pediatric-orthopaedics-from-the-texas-scottish-rite-hospital.pdf
    • http://www.gorillawalker.com/kels-the-kohlman-evaluation-of-living-skills.pdf
    • http://www.gorillawalker.com/conceptual-modeling-for-discrete-event-simulation.pdf
    • http://www.gorillawalker.com/scotty-s-pictorial-motorcycle-toy-price-guide-from-the-1920.pdf
    • http://www.gorillawalker.com/chomsky-language-mind-and-politics.pdf
    • http://www.gorillawalker.com/gurps-deadlands-varmints.pdf
    • http://www.gorillawalker.com/introduction-to-cardiac-arrhythmia-interpretation-kit.pdf
    • http://www.gorillawalker.com/superconducting-materials-advances-in-technology-and-applications.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.