Malicious PDF — malware analysis report

Static analysis result for SHA-256 021fd01baeb5ea31…

MALICIOUS

PDF

41.8 KB Created: 2019-03-18 01:21:35 +03:00 Authoring application: Adobe InDesign CS5.5 (7.5) (via Adobe PDF Library 9.9)
MD5: efc4bf936c13ccbdf409ff680a467d0d SHA-1: 68149fd3606ebccd6015c476f113b3d94c62fcfc SHA-256: 021fd01baeb5ea31ceec387713402823fda775c659f9adea9dd67a8d35b4b8d2
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded links pointing to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged the document as malicious. The primary purpose appears to be directing users to a vast collection of documents on gorillawalker.com, potentially for SEO spam or to host malicious payloads.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8872

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-dream-lover-a-novel-george-sand.pdf
    • http://www.gorillawalker.com/science-math-checkmate-32-chess-activities-for-inquiry-and-problem.pdf
    • http://www.gorillawalker.com/encyclopedia-of-the-american-revolution-2nd-edition-library-of-military.pdf
    • http://www.gorillawalker.com/phonics-in-proper-perspective-10th-edition.pdf
    • http://www.gorillawalker.com/the-very-hungry-caterpillar-giant-board-book-and-plush-package.pdf
    • http://www.gorillawalker.com/augustine-the-theologian.pdf
    • http://www.gorillawalker.com/where-evil-waits-mann-family.pdf
    • http://www.gorillawalker.com/breaking-of-a-freshman-part-1.pdf
    • http://www.gorillawalker.com/food-for-thought-2007-play-with-your-food.pdf
    • http://www.gorillawalker.com/simplified-design-of-structural-wood-parker-ambrose-series-of-simplified.pdf
    • http://www.gorillawalker.com/her-doctor-s-orders.pdf
    • http://www.gorillawalker.com/toward-the-controllable-quantum-states-mesoscopic-superconductivity-and-spintronics.pdf
    • http://www.gorillawalker.com/measuring-the-roi-of-knowledge-management.pdf
    • http://www.gorillawalker.com/joni-s-submissive-journey-part-2.pdf
    • http://www.gorillawalker.com/marbles-as-historical-artifacts.pdf
    • http://www.gorillawalker.com/d-artiste-matte-painting-3.pdf
    • http://www.gorillawalker.com/capitalism-with-a-human-face.pdf
    • http://www.gorillawalker.com/the-book-of-revelation.pdf
    • http://www.gorillawalker.com/hbr-guide-to-project-management.pdf
    • http://www.gorillawalker.com/preescolar-trazos-serie-b-spanish-edition.pdf
    • http://www.gorillawalker.com/cicero-philippics-i-ii-cambridge-greek-and-latin-classics.pdf
    • http://www.gorillawalker.com/fantastic-four-by-aguirre-saca-mcniven.pdf
    • http://www.gorillawalker.com/stargate-sg-1-the-illustrated-companion-seasons-7-8.pdf
    • http://www.gorillawalker.com/jenny-craig-s-no-diet-required.pdf
    • http://www.gorillawalker.com/resumes-for-the-50-job-hunter-2nd-ed-professional-resumes.pdf
    • http://www.gorillawalker.com/celebration-the-christmas-cat-book-celebration-red-rock-press.pdf
    • http://www.gorillawalker.com/otherworldly-lesbian-erotica-of-paranormal-doppelgangers-and-passionate-mannequins.pdf
    • http://www.gorillawalker.com/geochemistry-groundwater-and-pollution-revised-edition-hbk.pdf
    • http://www.gorillawalker.com/violin-concerto-in-a-major-d-93-full-score-a2156.pdf
    • http://www.gorillawalker.com/questions-and-answers-on-buttermaking.pdf
    • http://www.gorillawalker.com/powers-brown-architecture-neoarchitecture.pdf
    • http://www.gorillawalker.com/anti-cancer-clean-food-box-set-natural-anti-cancer-strategies.pdf
    • http://www.gorillawalker.com/handbook-of-bioethics-and-religion.pdf
    • http://www.gorillawalker.com/illustrated-pieces-patterns-page-a-month-desk-easel-calendar-2016.pdf
    • http://www.gorillawalker.com/the-serpent-pool-a-lake-district-mystery-lake-district-mysteries.pdf
    • http://www.gorillawalker.com/architectural-drafting-and-design-book-only.pdf
    • http://www.gorillawalker.com/gilbert-sullivan-for-singers-tenor-bk-cd-the-vocal-library.pdf
    • http://www.gorillawalker.com/using-medicine-in-science-fiction-the-sf-writer-s-guide.pdf
    • http://www.gorillawalker.com/piano-easy-sheet-music-for-piano-electronic-keyboard-electric-organ.pdf
    • http://www.gorillawalker.com/japanese-culture-cuisine-food-fare-culinary-collection-kindle-edition.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.