Malicious PDF — malware analysis report

Static analysis result for SHA-256 0d8579c8d6969ddd…

MALICIOUS

PDF

43.5 KB Created: 2018-12-15 20:05:15 +03:00 Authoring application: Adobe InDesign CC 2017 (Windows) (via Adobe PDF Library 15.0)
MD5: 2db015d0666fb713a3d4d0c264124ba2 SHA-1: 9d89d807eb666d0a5f25afc067575b86c76e71c2 SHA-256: 0d8579c8d6969ddd62ebf1aaa535bec9a6a413d4def60eabccf0a5808159842b
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded links pointing to external PDF files on the domain 'gorillawalker.com'. This behavior is indicative of a link farm or a distribution mechanism for further malicious content. The ML classifier also flagged this PDF as malicious with a high probability.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8859

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/oddball-indiana-a-guide-to-some-really-strange-places-oddball.pdf
    • http://www.gorillawalker.com/jamaica-world-bibliographical-series.pdf
    • http://www.gorillawalker.com/teaching-high-school-science-through-inquiry-and-argumentation.pdf
    • http://www.gorillawalker.com/growing-vegetables-garden-squad.pdf
    • http://www.gorillawalker.com/the-naked-truth-about-self-publishing.pdf
    • http://www.gorillawalker.com/the-legal-and-moral-aspects-of-international-trade-freedom-and.pdf
    • http://www.gorillawalker.com/marina-baker-s-teenage-survival-guide-everything-you-need-to.pdf
    • http://www.gorillawalker.com/heart-failure-a-case-based-approach.pdf
    • http://www.gorillawalker.com/first-second-chronicles-everyman-s-bible-commentary-everyman-s-bible.pdf
    • http://www.gorillawalker.com/clinical-pharmacology-made-ridiculously-simple-clinical-pharmacology-made-ridiculously-simple.pdf
    • http://www.gorillawalker.com/mud-and-water-a-collection-of-talks-by-the-zen.pdf
    • http://www.gorillawalker.com/building-a-popular-science-library-collection-for-high-school-to.pdf
    • http://www.gorillawalker.com/buying-selling-a-business-how-you-can-win-in-the.pdf
    • http://www.gorillawalker.com/physics-simulation-and-treatment-planning.pdf
    • http://www.gorillawalker.com/the-first-day-of-school-for-randy-willie-bumble-bee.pdf
    • http://www.gorillawalker.com/america-s-membership-libraries.pdf
    • http://www.gorillawalker.com/the-big-green-tent-a-novel.pdf
    • http://www.gorillawalker.com/soccer-sticker-book.pdf
    • http://www.gorillawalker.com/the-macra-terror-doctor-who.pdf
    • http://www.gorillawalker.com/outsourcing-la-opci.pdf
    • http://www.gorillawalker.com/suzuki-recorder-school-alto-recorder-part.pdf
    • http://www.gorillawalker.com/the-power-of-pentecost.pdf
    • http://www.gorillawalker.com/essential-skiing-a-bible-for-all-skiers.pdf
    • http://www.gorillawalker.com/square-dance-choreography.pdf
    • http://www.gorillawalker.com/jean-prouv-maison-d-montable-6x6-demountable-house.pdf
    • http://www.gorillawalker.com/the-confederacy-s-fighting-chaplain-father-john-b-bannon.pdf
    • http://www.gorillawalker.com/defining-engagement-japan-and-global-contexts-1640-1868-harvard-east.pdf
    • http://www.gorillawalker.com/prairie-fire-a-town-called-hope-book-2.pdf
    • http://www.gorillawalker.com/the-first-20-minutes-surprising-science-reveals-how-we-can.pdf
    • http://www.gorillawalker.com/eureka-a-prose-poem.pdf
    • http://www.gorillawalker.com/harmony-and-ear-training-at-the-keyboard.pdf
    • http://www.gorillawalker.com/the-doorbell-rang.pdf
    • http://www.gorillawalker.com/ideals-of-feminine-beauty-philosophical-social-and-cultural-dimensions-contributions.pdf
    • http://www.gorillawalker.com/the-best-of-america-s-test-kitchen-2011-the-year.pdf
    • http://www.gorillawalker.com/i-ve-got-a-bug-on-my-tongue.pdf
    • http://www.gorillawalker.com/sexual-abuse-shonda-and-concealment-in-orthodox-jewish-communities.pdf
    • http://www.gorillawalker.com/interns-the-interview-whitford-s-interns-book-1.pdf
    • http://www.gorillawalker.com/french-opera-a-short-history.pdf
    • http://www.gorillawalker.com/popol-vuh.pdf
    • http://www.gorillawalker.com/grow-your-food-for-free-well-almost-great-money-saving.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.