Malicious PDF — malware analysis report

Static analysis result for SHA-256 1e055e06e2719a52…

MALICIOUS

PDF

43.2 KB Created: 2018-12-28 08:09:13 +03:00 Authoring application: Adobe InDesign CS6 (Macintosh) (via 3-Heights(TM) PDF Optimization Shell 4.6.23.0 (http://www.pdf-tools.com))
MD5: d1209dd7c1f211a8052569ee8db55edc SHA-1: 1fd308480f4afab2e96b21b0000df81f982690d4 SHA-256: 1e055e06e2719a529e751c39ac7c3133fdf3329577a7366280236d899f0d2661
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 User Execution: Malicious File

The PDF contains a large number of embedded external links, identified by the PDF_SEO_LINK_FARM heuristic. These links point to various PDF documents on the domain www.gorillawalker.com. The ML_NYX_PDF_MALICIOUS heuristic also flagged the document. The primary attack pattern appears to be SEO manipulation or a link farm designed to distribute or redirect to other malicious content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8452

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/cosmopolitan-mediation-conflict-resolution-and-the-oslo-accords-new-approaches.pdf
    • http://www.gorillawalker.com/the-communist-experience-in-the-twentieth-century-a-global-history.pdf
    • http://www.gorillawalker.com/control-high-blood-pressure.pdf
    • http://www.gorillawalker.com/stereoselective-heterocyclic-synthesis-iii-topics-in-current-chemistry.pdf
    • http://www.gorillawalker.com/build-your-own-pc-do-it-yourself-for-dummies.pdf
    • http://www.gorillawalker.com/funny-read-aloud-plays-with-leveled-parts-12-reproducible-high.pdf
    • http://www.gorillawalker.com/the-southern-frontiers-1607-1860-the-agricultural-evolution-of-the.pdf
    • http://www.gorillawalker.com/instructor-s-manual-test-bank-for-public-relations-strategies-and.pdf
    • http://www.gorillawalker.com/easter-crafts-craftbooks.pdf
    • http://www.gorillawalker.com/written-in-stone-a-geological-and-natural-history-of-the.pdf
    • http://www.gorillawalker.com/leaders-and-loyalty.pdf
    • http://www.gorillawalker.com/preaching-through-the-year-of-mark-sermons-that-work.pdf
    • http://www.gorillawalker.com/the-ancient-history-of-the-eqyptians-carthaginians-assyrians-babylonians-medes.pdf
    • http://www.gorillawalker.com/sherris-medical-microbiology-5th-fifth-edition-byryan.pdf
    • http://www.gorillawalker.com/basketball-in-the-pac-10-conference-inside-men-s-college.pdf
    • http://www.gorillawalker.com/campaigns-and-elections-players-and-processes.pdf
    • http://www.gorillawalker.com/2013-washington-state-adult-sentencing-guidelines-manual.pdf
    • http://www.gorillawalker.com/architecture-of-the-sun-los-angeles-modernism-1900-1970.pdf
    • http://www.gorillawalker.com/empty-arms-coping-with-miscarriage-stillbirth-and-infant-death.pdf
    • http://www.gorillawalker.com/a-new-dawn-kindle-edition.pdf
    • http://www.gorillawalker.com/costa-rica-panama-2015-reise-0840.pdf
    • http://www.gorillawalker.com/magia-con-angeles-spanish-edition.pdf
    • http://www.gorillawalker.com/design-and-construction-of-levees-engineering-and-design.pdf
    • http://www.gorillawalker.com/sales-and-distribution-management-text-and-cases.pdf
    • http://www.gorillawalker.com/liebesl.pdf
    • http://www.gorillawalker.com/soledad-a-novel.pdf
    • http://www.gorillawalker.com/over-the-top-how-the-internet-is-slowly-but-surely.pdf
    • http://www.gorillawalker.com/a-regency-christmas-eve-signet-regency-romance.pdf
    • http://www.gorillawalker.com/a-dictionary-of-the-bible-dealing-with-its-language-literature.pdf
    • http://www.gorillawalker.com/riemannian-geometry-and-geometric-analysis-universitext.pdf
    • http://www.gorillawalker.com/the-everything-family-christmas-book-stories-songs-recipes-crafts-traditions.pdf
    • http://www.gorillawalker.com/shadow-son-of-phantom-shadow-son-of-phantom-hoof-beats.pdf
    • http://www.gorillawalker.com/sometimes-i-feel.pdf
    • http://www.gorillawalker.com/the-dreame-weep-you-no-more-sad-fountains-from-sense.pdf
    • http://www.gorillawalker.com/abcs-of-building-model-railroad-cars.pdf
    • http://www.gorillawalker.com/ludovico-einaudi-una-mattina.pdf
    • http://www.gorillawalker.com/corse-aa-road-map-france.pdf
    • http://www.gorillawalker.com/claim-bonds-book-2-kindle-edition.pdf
    • http://www.gorillawalker.com/beginning-visual-c-components.pdf
    • http://www.gorillawalker.com/ch-ang-hon-taekwon-do-hae-sul-real-applications-to.pdf
    • http://www.gorillawalker.com/the-southern-frontiers-1607-1860-the-agricult
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://www.pdf-tools.com
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    +1 more URL(s)

Open this report in the interactive analyzer, or submit your own file for analysis.