Malicious PDF — malware analysis report

Static analysis result for SHA-256 08e98de705aaf9f2…

MALICIOUS

PDF

43.3 KB Created: 2018-12-15 20:07:35 +03:00 Authoring application: AutoCAD 2010 2010 (18.0s (LMS Tech)) (via pdfplot10.hdi 10.0.55.0)
MD5: 0dd766c0fce3abc765c4d902989a9acc SHA-1: 2cae79a404783d9a007e95b7a7a26dd618b50b5c SHA-256: 08e98de705aaf9f2cefd62e47e5258bb08378311bc7fe2f669a186ef0af8db9b
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged the document as malicious. The primary goal appears to be directing users to a large collection of documents hosted on www.gorillawalker.com, potentially for SEO poisoning or to serve as a distribution point for further malicious content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9016

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/glass-goddesses-concrete-walls.pdf
    • http://www.gorillawalker.com/reading-shakespeare-s-poems-in-early-modern-england-early-modern.pdf
    • http://www.gorillawalker.com/understanding-the-flowering-plants-a-practical-guide-for-botanical-illustrators.pdf
    • http://www.gorillawalker.com/space-weapons-deterrence-or-delusion.pdf
    • http://www.gorillawalker.com/la-cruz-de-la-moneda-extremos-de-una-moneda-n.pdf
    • http://www.gorillawalker.com/taiwan-insight-guide-insight-guide-taiwan.pdf
    • http://www.gorillawalker.com/the-music-tree-english-edition-activities-book-frances-clark-library.pdf
    • http://www.gorillawalker.com/management-of-the-difficult-and-failed-airway-second-edition.pdf
    • http://www.gorillawalker.com/trade-the-congressional-effect-how-to-profit-from-congress-s.pdf
    • http://www.gorillawalker.com/the-history-and-sedimentology-of-ancient-reef-systems-topics-in.pdf
    • http://www.gorillawalker.com/letting-go-of-lisa-lurlene-mcdaniel-mass-market.pdf
    • http://www.gorillawalker.com/alcamo-s-laboratory-fundamentals-of-microbiology.pdf
    • http://www.gorillawalker.com/south-dakota-america-the-beautiful-third-series.pdf
    • http://www.gorillawalker.com/experiences-in-african-customary-law-melville-j-herskovits-memorial-lecture.pdf
    • http://www.gorillawalker.com/saber-fencing-for-kids.pdf
    • http://www.gorillawalker.com/barbados-records-marriages-1643-1800.pdf
    • http://www.gorillawalker.com/speeches-and-letters-of-abraham-lincoln.pdf
    • http://www.gorillawalker.com/fetifaind18itinoseasuka-anatanofetigakixtutomitukaru-feti-find-isorokufeticurabu-japanese-edition.pdf
    • http://www.gorillawalker.com/menopause-it-s-a-joke-funny-stories-from-the-wrong.pdf
    • http://www.gorillawalker.com/i-must-tell-jesus.pdf
    • http://www.gorillawalker.com/nagasaki-life-after-nuclear-war.pdf
    • http://www.gorillawalker.com/connecting-mathematical-ideas-middle-school-video-cases-to-support-teaching.pdf
    • http://www.gorillawalker.com/the-key-facts-on-obesity-everything-you-need-to-know.pdf
    • http://www.gorillawalker.com/a-companion-to-the-twentieth-century-spanish-novel-monograf-as.pdf
    • http://www.gorillawalker.com/the-ilia-stone-book-one-kindle-edition.pdf
    • http://www.gorillawalker.com/cassie-s-river-living-cassie-s-space-book-4.pdf
    • http://www.gorillawalker.com/usmc-boot-camp-preparation-guide-kindle-edition.pdf
    • http://www.gorillawalker.com/the-sigma-protocol.pdf
    • http://www.gorillawalker.com/john-w-schaum-piano-course-a-the-red-book-leading.pdf
    • http://www.gorillawalker.com/hispanic-ministry-in-the-21st-century-hispania-series.pdf
    • http://www.gorillawalker.com/brooklyn-brew-shop-s-beer-making-book-52-seasonal-recipes.pdf
    • http://www.gorillawalker.com/hitch-22-a-memoir-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/bit-by-bit-a-guide-to-equine-bits.pdf
    • http://www.gorillawalker.com/bokutachi-no-kanzen-jisatsu-manyuaru-our-opinions-about-the-complete.pdf
    • http://www.gorillawalker.com/caring-and-gender-gender-lens-series.pdf
    • http://www.gorillawalker.com/learn-to-play-drums-with-metallica-book-cd-by-various.pdf
    • http://www.gorillawalker.com/ubiquity-technologies-for-better-health-in-aging-societies-studies-in.pdf
    • http://www.gorillawalker.com/frommer-s-easyguide-to-new-york-city-2015-easy-guides.pdf
    • http://www.gorillawalker.com/parliamentary-practice-erskine-may-sir-thomas.pdf
    • http://www.gorillawalker.com/6-bark-pack-taboo-the-pack-series-kindle-edition.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.