Malicious PDF — malware analysis report

Static analysis result for SHA-256 1ca3e4fd5f89f71d…

MALICIOUS

PDF

43.0 KB Created: 2019-04-07 18:03:32 +03:00 Authoring application: PageMaker 7.0 (via Acrobat Distiller 7.0 (Windows))
MD5: ebe2ece51e12b84826877e4baf8b6de5 SHA-1: f01fe4cd73b5488176df0993399315877274a408 SHA-256: 1ca3e4fd5f89f71dcd52b649d21aa79cd5ce3196b2e8d7cc5dd26a1c633088cc
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged this file as malicious. The primary attack pattern involves directing users to a link farm hosted on www.gorillawalker.com, likely for SEO poisoning or to serve additional malicious content. No scripts were extracted, and the document body was unreadable.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/history-macon-county-georgia.pdf
    • http://www.gorillawalker.com/introduction-to-radiologic-technology-6th-edition.pdf
    • http://www.gorillawalker.com/beginning-and-intermediate-algebra-with-connect-plus-math-hosted-by.pdf
    • http://www.gorillawalker.com/vermeer-and-his-milieu.pdf
    • http://www.gorillawalker.com/magnetism-experimenting-with-science.pdf
    • http://www.gorillawalker.com/alfred-ultimate-christmas-instrumental-solos-trombone-book-cd.pdf
    • http://www.gorillawalker.com/rhythmic-compositions-etudes-for-performance-and-sight-reading-intermediate-principal.pdf
    • http://www.gorillawalker.com/animal-theology.pdf
    • http://www.gorillawalker.com/fundamental-social-rights-in-europe-challenges-and-opportunities-social-europe.pdf
    • http://www.gorillawalker.com/summer-skin-care-kindle-edition.pdf
    • http://www.gorillawalker.com/rhyolite-the-true-story-of-a-ghost-town.pdf
    • http://www.gorillawalker.com/the-boardwalk-album-memories-of-the-beach.pdf
    • http://www.gorillawalker.com/hathcock-burke-s-elephant-valley-hamburger-hunt-best-snipers-series.pdf
    • http://www.gorillawalker.com/geraubte-liebe-edition-f.pdf
    • http://www.gorillawalker.com/be-prepared-for-the-ap-calculus-exam.pdf
    • http://www.gorillawalker.com/fundamentals-of-network-security.pdf
    • http://www.gorillawalker.com/will-the-dollars-stretch-teen-parents-living-on-their-own.pdf
    • http://www.gorillawalker.com/a-game-for-all-the-family.pdf
    • http://www.gorillawalker.com/today-is-the-day-shout-praises-kids.pdf
    • http://www.gorillawalker.com/the-santa-monica-farmers-market-cookbook-seasonal-foods-simple-recipes.pdf
    • http://www.gorillawalker.com/how-shall-we-sing-in-a-foreign-land-music-of.pdf
    • http://www.gorillawalker.com/the-hand-book-to-paris-or-traveller-s-guide-to.pdf
    • http://www.gorillawalker.com/the-language-of-trust-selling-ideas-in-a-world-of.pdf
    • http://www.gorillawalker.com/advanced-glycation-end-products-in-nephrology-much-more-than-diabetic.pdf
    • http://www.gorillawalker.com/piping-design-and-engineering.pdf
    • http://www.gorillawalker.com/director-de-proyectos-como-aprobar-el-examen-pmp-sin-morir.pdf
    • http://www.gorillawalker.com/simple-country-furniture-projects-in-1-12-scale.pdf
    • http://www.gorillawalker.com/you-mean-i-m-not-lazy-stupid-or-crazy-the.pdf
    • http://www.gorillawalker.com/superlux-smart-light-art-design-architecture-for-cities.pdf
    • http://www.gorillawalker.com/versace-universe-of-fashion.pdf
    • http://www.gorillawalker.com/the-curious-feminist-searching-for-women-in-a-new-age.pdf
    • http://www.gorillawalker.com/finite-element-analysis.pdf
    • http://www.gorillawalker.com/botvinnik-petrosian-1963-world-chess-championship-match.pdf
    • http://www.gorillawalker.com/in-his-name-the-anglican-experience-in-upper-canada-1791.pdf
    • http://www.gorillawalker.com/stress-and-health-biological-and-psychological-interactions-behavioral-medicine-and.pdf
    • http://www.gorillawalker.com/love-finds-you-in-sisters-oregon.pdf
    • http://www.gorillawalker.com/wasps-pebble-plus-bugs-bugs-bugs.pdf
    • http://www.gorillawalker.com/the-critic-as-artist-oscar-wilde-collection-volume-5.pdf
    • http://www.gorillawalker.com/modern-forestry-ecological-engineering-management-research-chinese-edition.pdf
    • http://www.gorillawalker.com/the-trial-of-the-talmud-paris-1240-mediaeval-sources-in.pdf
    • http://www.gorillawalker.c
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.