Malicious PDF — malware analysis report

Static analysis result for SHA-256 0dea17822ee490f2…

MALICIOUS

PDF

46.7 KB Created: 2018-12-15 20:09:33 +03:00 Authoring application: Adobe InDesign CC 2017 (Windows) (via Adobe PDF Library 15.0)
MD5: 7fea55f948102cb5cd74fe18f42e904f SHA-1: 51c00454df777f325f3ed6e08143f0f86b990bec SHA-256: 0dea17822ee490f23527748c1690544eb20920c020dfd4d65e49f9a94a72a790
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.007 JavaScript

The PDF contains a large number of embedded links to external PDF files, primarily hosted on 'gorillawalker.com'. This pattern is indicative of a link farm, often used for SEO manipulation or to distribute a variety of content, potentially including malicious payloads. While no specific script was analyzed for malicious intent, the sheer volume and nature of the links suggest a coordinated effort to direct users to external resources. The ML classifier also flagged this PDF as malicious.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8527

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/how-the-celts-came-to-britain-druids-ancient-skulls-and.pdf
    • http://www.gorillawalker.com/education-at-a-glance-2013-oecd-indicators-education-at-a.pdf
    • http://www.gorillawalker.com/the-arab-table-recipes-and-culinary-traditions.pdf
    • http://www.gorillawalker.com/historia-pintoresca-de-la-franc-masoner-a-y-de-las.pdf
    • http://www.gorillawalker.com/art-and-culture-under-the-sungas.pdf
    • http://www.gorillawalker.com/goandpractice-drum-set-vocabulary-for-the-advanced-performer-volume-3.pdf
    • http://www.gorillawalker.com/tactics-conversations.pdf
    • http://www.gorillawalker.com/fernando-pessoa-and-co-selected-poems.pdf
    • http://www.gorillawalker.com/200-braids-to-loop-knot-weave-twist.pdf
    • http://www.gorillawalker.com/ionian-corfu-to-zakinthos-and-the-adjacent-mainland.pdf
    • http://www.gorillawalker.com/uk-capitals-map-multipack-london-belfast-cardiff-edinburgh.pdf
    • http://www.gorillawalker.com/ode-to-st-cecilia-kalmus-edition.pdf
    • http://www.gorillawalker.com/transition-and-beyond-observations-on-gender-identity.pdf
    • http://www.gorillawalker.com/economic-aspects-of-television-regulation-studies-in-the-regulation-of.pdf
    • http://www.gorillawalker.com/at-home-and-the-mandir-pupil-s-book-welsh-edition.pdf
    • http://www.gorillawalker.com/butlers-household-managers-21st-century-professionals-paperback.pdf
    • http://www.gorillawalker.com/how-to-buy-and-sell-used-cameras.pdf
    • http://www.gorillawalker.com/bidrag-till-k-nnedomen-om-den-sydsvenska-vegetationens-ursprung-och.pdf
    • http://www.gorillawalker.com/information-revolution-the-world-history.pdf
    • http://www.gorillawalker.com/abriendo-paso-temas-y-lecturas-digital-edition-spanish-edition.pdf
    • http://www.gorillawalker.com/human-reliability-analysis-a-systems-engineering-approach-with-nuclear-power.pdf
    • http://www.gorillawalker.com/resting-place-12-worshipful-meditations-for-solo-piano.pdf
    • http://www.gorillawalker.com/personal-identity-complex-or-simple.pdf
    • http://www.gorillawalker.com/how-to-draw-manga-getting-started.pdf
    • http://www.gorillawalker.com/value-based-planning-for-teams-of-agents-in-stochastic-partially.pdf
    • http://www.gorillawalker.com/mixed-boundary-value-problems-chapman-hall-crc-applied-mathematics-nonlinear.pdf
    • http://www.gorillawalker.com/attitudes-of-gratitude-10th-anniversary-ed-how-to-give-and.pdf
    • http://www.gorillawalker.com/gluten-free-diet-a-shopping-guide-kindle-edition.pdf
    • http://www.gorillawalker.com/the-bible-10-scriptures-that-will-change-your-life-forever.pdf
    • http://www.gorillawalker.com/the-best-in-tent-camping-new-jersey-a-guide-for.pdf
    • http://www.gorillawalker.com/sapphic-submission-seduced-ravished.pdf
    • http://www.gorillawalker.com/easy-sushi-rolls-and-miso-soups.pdf
    • http://www.gorillawalker.com/portable-personal-possessions-artifacts-of-the-spanish-colonies-of-florida.pdf
    • http://www.gorillawalker.com/poland-countries-of-the-world.pdf
    • http://www.gorillawalker.com/kaplan-ccrn-certification-for-adult-critical-care-nurses-kaplan-ccrn.pdf
    • http://www.gorillawalker.com/frequency-analysis-of-structures-with-foundation-interaction-massachusetts-institute-of.pdf
    • http://www.gorillawalker.com/small-town-evil-2-kindle-edition.pdf
    • http://www.gorillawalker.com/raking-the-ashes-genealogical-strategies-for-pre-1906-san-francisco.pdf
    • http://www.gorillawalker.com/a-brief-statement-of-facts-an-examination-of-and-reply.pdf
    • http://www.gorillawalker.com/short-nature-walks-on-long-island-short-nature-walks-series.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
stream_000_off00000209.js
acb5314b5fc8fb4f369d9dee90b0682002376a299c1efbb33c1c3953a8d6274c		 decompressed-pdf-stream PDF FlateDecoded stream at offset 0x209 13788 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.