Malicious PDF — malware analysis report

Static analysis result for SHA-256 0fd3dc469086633b…

MALICIOUS

PDF

35.2 KB Created: 2019-05-24 00:42:09 +03:00 Authoring application: FrameMaker 7.0 (via Acrobat Distiller 5.0.5 (Windows); modified using iText® 5.5.4 ©2000-2014 iText Group NV (AGPL-version))
MD5: 3d39e25bfe9c737f895a0baaf14d3efb SHA-1: 9a4c86ded2984a476a53c81714639253bff4eaf4 SHA-256: 0fd3dc469086633b6992541bd5d77d5442c17572ee6c1f6c0e273f38832bcfb4
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a heuristic firing indicating a link farm of 32 external PDF files. The majority of the embedded URLs point to PDFs hosted on www.gorillawalker.com, suggesting a coordinated effort to direct users to a large number of resources. The ML classifier also flagged this PDF as malicious.

Machine Learning

  • Nyx PDF Classifier malicious score 0.5172

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/for-all-living-beings.pdf
    • http://www.gorillawalker.com/the-new-normal.pdf
    • http://www.gorillawalker.com/indigenous-peoples-and-issues-of-survival-and-development-of-small.pdf
    • http://www.gorillawalker.com/my-father-richmond-e-harrison-and-how-his-life-was.pdf
    • http://www.gorillawalker.com/the-confident-speaker-beat-your-nerves-and-communicate-at-your.pdf
    • http://www.gorillawalker.com/creeping-failure-how-we-broke-the-internet-and-what-we.pdf
    • http://www.gorillawalker.com/an-introduction-to-theology-in-global-perspective-theology-in-global.pdf
    • http://www.gorillawalker.com/english-amharic-dictionary.pdf
    • http://www.gorillawalker.com/apostolic-authority-why-authority-is-missing-in-the-church.pdf
    • http://www.gorillawalker.com/die-hexenk.pdf
    • http://www.gorillawalker.com/the-seven-voyages-of-sinbad-the-sailor.pdf
    • http://www.gorillawalker.com/the-book-of-mormon-timeline-6-ft-wall-chart.pdf
    • http://www.gorillawalker.com/lonely-planet-botswana-namibia-travel-guide-kindle-edition.pdf
    • http://www.gorillawalker.com/mediacion-estrategica-prevencion-admon-y-resoluc-de-conflictos-spanish-edition.pdf
    • http://www.gorillawalker.com/deciphering-capital.pdf
    • http://www.gorillawalker.com/imap-florence-with-compass.pdf
    • http://www.gorillawalker.com/no-balm-in-gilead.pdf
    • http://www.gorillawalker.com/la-cocina-internacional-de-marichu-the-international-cuisine-of-marichu.pdf
    • http://www.gorillawalker.com/messianic-judaism-its-history-theology-and-polity-texts-and-studies.pdf
    • http://www.gorillawalker.com/roof-cooling-techniques-a-design-handbook.pdf
    • http://www.gorillawalker.com/corona-sdk-mobile-game-development-beginner-s-guide.pdf
    • http://www.gorillawalker.com/from-hurt-to-healed.pdf
    • http://www.gorillawalker.com/how-to-lose-all-your-friends-picture-puffins.pdf
    • http://www.gorillawalker.com/the-industrial-revolution-for-kids-the-people-and-technology-that.pdf
    • http://www.gorillawalker.com/things-we-want-acting-edition.pdf
    • http://www.gorillawalker.com/divided-cyprus-modernity-history-and-an-island-in-conflict-new.pdf
    • http://www.gorillawalker.com/sacraments-as-god-s-self-giving-sacramental-practice-and-faith.pdf
    • http://www.gorillawalker.com/international-agency-distribution-and-licensing-agreements-written-and-edited-by.pdf
    • http://www.gorillawalker.com/the-modern-book-of-massage-five-minute-vacations-and-sensuous.pdf
    • http://www.gorillawalker.com/sanditon-and-other-stories-everyman-s-library.pdf
    • http://www.gorillawalker.com/crystal-gardens-ladies-of-lantern-street-series.pdf
    • http://www.gorillawalker.com/elephants-story-charlie-and-the-circus.pdf
    • http://www.gorillawalker.com/tilda-s-christmas-ideas.pdf
    • http://www.gorillawalker.com/all-about-options-3e-the-easy-way-to-get-started.pdf
    • http://www.gorillawalker.com/fifty-famous-fairy-tales.pdf
    • http://www.gorillawalker.com/the-united-methodist-hymnal-music-supplement-ii-forest-green-full.pdf
    • http://www.gorillawalker.com/september-dawn.pdf
    • http://www.gorillawalker.com/knitwear-in-fashion.pdf
    • http://www.gorillawalker.com/folksong-piano-recital-americana-ballads-blues-spirituals-dances-songs-of.pdf
    • http://www.gorillawalker.com/exploring-animal-behavior-5th-fifth-edition.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.