Malicious PDF — malware analysis report

Static analysis result for SHA-256 1de670c57d5c71b2…

MALICIOUS

PDF

44.1 KB Created: 2018-11-15 19:34:37 +03:00 Authoring application: Acrobat PDFMaker 7.0 for Publisher (via Acrobat Distiller 7.0 (Windows))
MD5: 4cbdd8ee9bd999dbd3298941ff858f5e SHA-1: 4f6fe48934b338f368dd1becde1b23923683ca00 SHA-256: 1de670c57d5c71b2f416edbf08cb5e8e04f3bdf08ad92f56a7b586528d052129
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of external links, as indicated by the PDF_SEO_LINK_FARM heuristic. These links predominantly point to the 'gorillawalker.com' domain, suggesting a coordinated effort to manipulate search engine results or to distribute content through a link farm. The ML_NYX_PDF_MALICIOUS classifier also flagged the document with high confidence. No scripts were extracted, and the document body was heavily obfuscated, making it difficult to determine a more specific attack pattern beyond link distribution.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8859

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/archaeology-of-an-andean-pacarina-bar-international.pdf
    • http://www.gorillawalker.com/underwriting-commercial-liability-1st-ed-review-an-article-from-journal.pdf
    • http://www.gorillawalker.com/card-tricks.pdf
    • http://www.gorillawalker.com/el-m-todo-acn-una-manera-saludable-de-adelgazar-spanish.pdf
    • http://www.gorillawalker.com/narcotic-drugs-estimated-world-requirements-for-1990-statistics-for-1988.pdf
    • http://www.gorillawalker.com/dance-in-the-distance-there-s-alway-s-tomorrow-free.pdf
    • http://www.gorillawalker.com/religion-in-modern-islamic-discourse-columbia-hurst.pdf
    • http://www.gorillawalker.com/the-measure-of-my-days.pdf
    • http://www.gorillawalker.com/throwim-way-leg-adventures-in-the-jungles-of-new-guinea.pdf
    • http://www.gorillawalker.com/shipwright.pdf
    • http://www.gorillawalker.com/south-yorkshire-pits.pdf
    • http://www.gorillawalker.com/moab-east-mountain-bike-trails-topo-map.pdf
    • http://www.gorillawalker.com/construction-of-water-works-and-sewerage-systems-for-the-cities.pdf
    • http://www.gorillawalker.com/teresa-drame-en-trois-actes-french-edition.pdf
    • http://www.gorillawalker.com/save-our-coral-reefs.pdf
    • http://www.gorillawalker.com/the-eradication-of-smallpox-edward-jenner-and-the-first-and.pdf
    • http://www.gorillawalker.com/structure-and-interpretation-of-classical-mechanics.pdf
    • http://www.gorillawalker.com/a-stranger-s-neighborhood-emerging-writers-in-creative-nonfiction.pdf
    • http://www.gorillawalker.com/zweisprachiges-buch-deutsch-franz.pdf
    • http://www.gorillawalker.com/daily-in-his-presence-a-classic-devotional-from-one-of.pdf
    • http://www.gorillawalker.com/beyond-perturbation-introduction-to-the-homotopy-analysis-method-modern-mechanics.pdf
    • http://www.gorillawalker.com/e-bass-solo-e-bass-f-r-anf-nger-mit.pdf
    • http://www.gorillawalker.com/superlife-the-5-forces-that-will-make-you-healthy-fit.pdf
    • http://www.gorillawalker.com/linking-quality-to-profits-quality-based-cost-management.pdf
    • http://www.gorillawalker.com/special-edition-of-mosby-s-essentials-for-nursing-assistants.pdf
    • http://www.gorillawalker.com/online-investigations-snapchat-volume-3.pdf
    • http://www.gorillawalker.com/king-of-thorns-the-broken-empire-book-2-kindle-edition.pdf
    • http://www.gorillawalker.com/new-york-city-step-by-step.pdf
    • http://www.gorillawalker.com/the-condition-of-the-working-class-in-england-in-1844.pdf
    • http://www.gorillawalker.com/theory-and-decision-volume-3-no-1-october-1972-social.pdf
    • http://www.gorillawalker.com/the-book-of-books-500-years-of-graphic-innovation.pdf
    • http://www.gorillawalker.com/the-mormon-tabernacle-enquirer.pdf
    • http://www.gorillawalker.com/travel-and-leisure-march-2008-issue.pdf
    • http://www.gorillawalker.com/high-society-the-history-of-america-s-upper-class.pdf
    • http://www.gorillawalker.com/pharmacotherapeutics-for-advanced-nursing-practice.pdf
    • http://www.gorillawalker.com/anthropology-the-exploration-of-human-diversity.pdf
    • http://www.gorillawalker.com/crowdfunding-italian-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/200-problemas-de-determinacion-estructural-de-compuestos-organicos-spanish-edition.pdf
    • http://www.gorillawalker.com/los-50-s-in-fotograph-a-in-pictures-spanish-edition.pdf
    • http://www.gorillawalker.com/the-book-of-questions-spanish-and-english-edition.pdf
    • http://www.gorillawalker.com/dance-in
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.