Malicious PDF — malware analysis report

Static analysis result for SHA-256 1b5b28313c2ec783…

MALICIOUS

PDF

44.1 KB Created: 2018-11-30 20:34:06 +03:00 Authoring application: Adobe PageMaker 7.0 (via Acrobat Distiller 5.0.5 (Windows))
MD5: f9c3790aa84158f95a0076fa47e280fe SHA-1: 3b43a8e05d8fb916599e936be20beef88a269244 SHA-256: 1b5b28313c2ec7835905d80ac517b94ce92ab623ac94d8c9bbb8db67fe69f3de
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF file contains a large number of embedded links pointing to external PDF documents on the domain 'gorillawalker.com'. This heuristic, combined with the ML classifier's high confidence, suggests a link-farming or redirection tactic. The document body is heavily obfuscated and does not provide clear textual lures, but the sheer volume of links indicates a malicious intent to drive traffic to potentially harmful content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8439

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/take-a-giant-step-a-pop-up-book-a-pop.pdf
    • http://www.gorillawalker.com/feeding-and-nutrition-for-the-child-with-special-needs-handouts.pdf
    • http://www.gorillawalker.com/autoimmune-recipes-20-delicious-healthy-green-smoothie-recipes-for-the.pdf
    • http://www.gorillawalker.com/marshmallow-cream-and-hard-big-pieces-of-chocoate.pdf
    • http://www.gorillawalker.com/encyclopaedia-of-cyber-laws-and-crimes.pdf
    • http://www.gorillawalker.com/genetics-21st-century-debates.pdf
    • http://www.gorillawalker.com/shout-the-beatles-in-their-generation.pdf
    • http://www.gorillawalker.com/a-melancholy-affair-at-the-weldon-railroad-the-vermont-brigade.pdf
    • http://www.gorillawalker.com/create-rectangular-coordinates-surveying-mathematics-made-simple-book-2-kindle.pdf
    • http://www.gorillawalker.com/time-untime-dark-hunter-novels.pdf
    • http://www.gorillawalker.com/miss-peregrine-s-home-for-peculiar-children-the-graphic-novel.pdf
    • http://www.gorillawalker.com/fundamentals-of-building-a-bamboo-fly-rod.pdf
    • http://www.gorillawalker.com/nutrition-and-bariatric-surgery.pdf
    • http://www.gorillawalker.com/manual-of-accounting-financial-instruments-2012.pdf
    • http://www.gorillawalker.com/the-architecture-of-arroyo-hondo-pueblo-new-mexico-arroyo-hondo.pdf
    • http://www.gorillawalker.com/as-it-is-in-heaven-how-eternity-brings-focus-to.pdf
    • http://www.gorillawalker.com/return-to-love-reflections-on-the-principles-of-a-course.pdf
    • http://www.gorillawalker.com/isokinetic-exercise-and-assessment.pdf
    • http://www.gorillawalker.com/beyond-the-bridge-a-dermot-sparhawk-thriller-dermot-sparhawk-series.pdf
    • http://www.gorillawalker.com/f4u-corsair-in-action-aircraft-no-29.pdf
    • http://www.gorillawalker.com/brandwashed-tricks-companies-use-to-manipulate-our-minds-and-persuade.pdf
    • http://www.gorillawalker.com/guiding-the-surgeon-s-hand-the-history-of-american-surgical.pdf
    • http://www.gorillawalker.com/world-war-moo-an-apocalypse-cow-novel.pdf
    • http://www.gorillawalker.com/indian-tales.pdf
    • http://www.gorillawalker.com/diversity-and-equity-in-science-education-research-policy-and-practice.pdf
    • http://www.gorillawalker.com/pastoral-and-monumental-dams-postcards-and-the-american-landscape.pdf
    • http://www.gorillawalker.com/ex-isle-a-novel.pdf
    • http://www.gorillawalker.com/eyes-of-fire-encounter-with-a-borderlands-jaguar.pdf
    • http://www.gorillawalker.com/an-introduction-to-computational-geometry-for-curves-and-surfaces-oxford.pdf
    • http://www.gorillawalker.com/l-uniformes-des-sapeurs-pompiers-de-1700-a-nos-jours.pdf
    • http://www.gorillawalker.com/the-discerning-mercenary-s-guide-to-the-100-years-war.pdf
    • http://www.gorillawalker.com/large-print-word-search-puzzles-3.pdf
    • http://www.gorillawalker.com/illinois-by-the-backroads-the-northern-region.pdf
    • http://www.gorillawalker.com/san-francisco-the-bay-area-romantic-weekends-romantic-weekends-series.pdf
    • http://www.gorillawalker.com/museumsf-hrer-berlin-2015-german-edition.pdf
    • http://www.gorillawalker.com/functional-method-dictation-gregg-shorthand.pdf
    • http://www.gorillawalker.com/boston-and-vicinity-aaa-road-map.pdf
    • http://www.gorillawalker.com/the-greatest-trade-ever-the-behind-the-scenes-story-of.pdf
    • http://www.gorillawalker.com/the-prince-of-hsipaw-a-true-story-of-burma.pdf
    • http://www.gorillawalker.com/the-river-of-golden-sand-being-the-narrative-of-a.pdf
    • http://www.gorillawalker.com/a-melancholy
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.