Malicious PDF — malware analysis report

Static analysis result for SHA-256 0ff910351099954d…

MALICIOUS

PDF

43.2 KB Created: 2018-11-30 20:24:51 +03:00 Authoring application: QuarkXPress¢â: LaserWriter 8 KH-8.7.1 (via Acrobat Distiller 4.05 for Macintosh)
MD5: 50d8c139871caafbc0dd94a7bd2f064a SHA-1: 197c49fed062f66be20ab6723d84c9c585b7b34e SHA-256: 0ff910351099954dac04da8633e146dc076b595479884d9a1414967b62a0f2f4
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The sample was identified as malicious by an ML classifier and triggered a critical heuristic for a PDF link farm. It contains numerous embedded URLs pointing to PDF files on the domain 'gorillawalker.com'. The document body is heavily obfuscated and unreadable, but the presence of a large number of external links suggests an attempt to manipulate search engine results or redirect users to potentially malicious content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8452

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-spider-s-web-and-zipper-and-his-father.pdf
    • http://www.gorillawalker.com/an-unkindness-of-ravens-a-book-of-collective-nouns.pdf
    • http://www.gorillawalker.com/argentum.pdf
    • http://www.gorillawalker.com/windows-file-system-troubleshooting.pdf
    • http://www.gorillawalker.com/timelock-how-life-got-so-hectic-and-what-you-can.pdf
    • http://www.gorillawalker.com/ready-from-within-septima-clark-and-the-civil-rights-movement.pdf
    • http://www.gorillawalker.com/europe-hostels-travel-guide-2010-europe-hostels-and-travel-guide.pdf
    • http://www.gorillawalker.com/yoga-ayurveda-self-healing-and-self-realization-kindle-edition.pdf
    • http://www.gorillawalker.com/the-fate-of-stars-a-romance.pdf
    • http://www.gorillawalker.com/foxy-and-his-naughty-little-sister.pdf
    • http://www.gorillawalker.com/the-kid-comes-back.pdf
    • http://www.gorillawalker.com/on-sin-and-free-choice-theological-commonplaces-kindle-edition.pdf
    • http://www.gorillawalker.com/speed-blender-recipes-cookbook-delicious-fat-burning-smoothie-recipes-for.pdf
    • http://www.gorillawalker.com/the-fashion-world-of-jean-paul-gaultier-from-the-sidewalk.pdf
    • http://www.gorillawalker.com/no-game-no-life-vol-1.pdf
    • http://www.gorillawalker.com/psyche-of-an-inmate.pdf
    • http://www.gorillawalker.com/harry-levinson-on-the-psychology-of-leadership-harvard-business-review.pdf
    • http://www.gorillawalker.com/international-type-book.pdf
    • http://www.gorillawalker.com/nelson-s-annual-preacher-s-sourcebook-2002-edition.pdf
    • http://www.gorillawalker.com/flood-recovery-innovation-and-response-ii-transactions-on-ecology-and.pdf
    • http://www.gorillawalker.com/the-american-academy-of-orthopaedic-surgeons-instructional-course-lectures-v15.pdf
    • http://www.gorillawalker.com/keyboard-musicianship-piano-for-adults-book-one.pdf
    • http://www.gorillawalker.com/romania-in-pictures-visual-geography-twenty-first-century.pdf
    • http://www.gorillawalker.com/choruses-i.pdf
    • http://www.gorillawalker.com/the-summit-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/mixing-of-rubber.pdf
    • http://www.gorillawalker.com/heart-transplants-great-medical-discoveries.pdf
    • http://www.gorillawalker.com/pegasus-kindle-edition.pdf
    • http://www.gorillawalker.com/101-cool-ways-to-make-money.pdf
    • http://www.gorillawalker.com/just-take-a-bite-easy-effective-answers-to-food-aversions.pdf
    • http://www.gorillawalker.com/building-the-learning-organization-achieving-strategic-advantage-through-a-commitment.pdf
    • http://www.gorillawalker.com/rising-stars-primary-maths-year-4-teacher-s-guide-year.pdf
    • http://www.gorillawalker.com/natural-law-and-positive-law-volume-4-radbruch-collected-works.pdf
    • http://www.gorillawalker.com/ice-mud-and-blood-lessons-from-climates-past-macsci.pdf
    • http://www.gorillawalker.com/a-mother-to-love-love-inspired-large-print.pdf
    • http://www.gorillawalker.com/pediatrics-gastroenterology-hepatology-and-nutrition-volume-1.pdf
    • http://www.gorillawalker.com/this-way-more-better-stories-and-photos-from-asia-s.pdf
    • http://www.gorillawalker.com/celebridad-instantanea-conoce-los-secretos-para-convertirte-en-el-experto.pdf
    • http://www.gorillawalker.com/the-anarchists-second-edition.pdf
    • http://www.gorillawalker.com/technician-test-preparation-ttp-collision-refinish-painting-refinishing-b2-slimline.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.