Malicious PDF — malware analysis report

Static analysis result for SHA-256 1e080c92bbebd76c…

MALICIOUS

PDF

33.7 KB Created: 2019-12-13 02:22:28 +03:00 Authoring application: FrameMaker 9.0 (via Acrobat Distiller 9.0.0 (Windows))
MD5: e0289f0df0b4207faff0045a5124285c SHA-1: d247790759172706d0068c0913d21b90aa3408d7 SHA-256: 1e080c92bbebd76c945a9da703c869a5ea24f6003792e26b7148d7d0372bcc5d
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 User Execution: Malicious File

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML_NYX_PDF_MALICIOUS classifier also flagged the document with high confidence. The primary attack pattern appears to be a link farm designed to direct users to a large collection of PDFs hosted on www.gorillawalker.com, potentially for SEO manipulation or to serve as a distribution point for other malicious content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8261

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/real-love-the-truth-about-finding-unconditional-love-fulfilling-relationships.pdf
    • http://www.gorillawalker.com/sicilia-carte-regionali.pdf
    • http://www.gorillawalker.com/two-trips-to-gorilla-land-and-the-cataracts-of-the.pdf
    • http://www.gorillawalker.com/choosing-health-a-one-size-doesn-t-fit-all-guide.pdf
    • http://www.gorillawalker.com/the-bitcoin-revolution-an-internet-of-money-kindle-edition.pdf
    • http://www.gorillawalker.com/deposition-preparation-for-all-cases-in-all-jurisdictions-know-your.pdf
    • http://www.gorillawalker.com/living-with-a-black-dog.pdf
    • http://www.gorillawalker.com/once-upon-a-time-in-russia-the-rise-of-the.pdf
    • http://www.gorillawalker.com/puddleduck.pdf
    • http://www.gorillawalker.com/the-discovery-of-slowness.pdf
    • http://www.gorillawalker.com/semicha-aid-workbook-shabbos.pdf
    • http://www.gorillawalker.com/the-bimbo-plaything-cassie-s-bimbo-week-book-1.pdf
    • http://www.gorillawalker.com/a-treasury-of-mountaineering-stories.pdf
    • http://www.gorillawalker.com/it-s-not-what-stocks-you-buy-it-s-when.pdf
    • http://www.gorillawalker.com/love-and-rockets-15.pdf
    • http://www.gorillawalker.com/global-venture-capital-transactions-a-practical-approach-aija-series.pdf
    • http://www.gorillawalker.com/stand-for-children.pdf
    • http://www.gorillawalker.com/world-history-ancient-through-early-modern-times.pdf
    • http://www.gorillawalker.com/the-vital-few-vs-the-trivial-many-invest-with-the.pdf
    • http://www.gorillawalker.com/insurance-development-in-the-arab-world-an-analysis-of-the.pdf
    • http://www.gorillawalker.com/quantum-and-woody-volume-4-quantum-and-woody-must-die.pdf
    • http://www.gorillawalker.com/ai-no-kusabi-vol-3-ai-no-kusabi-the-space.pdf
    • http://www.gorillawalker.com/oats-a-book-of-whimsy.pdf
    • http://www.gorillawalker.com/harboring-concerns-the-problematic-conceptual-reorientation-of-juvenile-prostitution-adjudication.pdf
    • http://www.gorillawalker.com/my-life-my-words-remembering-mahatma-gandhi.pdf
    • http://www.gorillawalker.com/gay-voices-of-the-harlem-renaissance-blacks-in-the-diaspora.pdf
    • http://www.gorillawalker.com/mechanical-estimating-manual-sheet-metal-piping-plumbing.pdf
    • http://www.gorillawalker.com/abdominal-radiology-for-the-small-animal-practitioner-made-easy-series.pdf
    • http://www.gorillawalker.com/ghosts-deconstruction-psychoanalysis-history.pdf
    • http://www.gorillawalker.com/waxcap-mushrooms-of-eastern-north-america.pdf
    • http://www.gorillawalker.com/neuropsychatric-disorders-epilepsy-psychosis-depression-parkinson.pdf
    • http://www.gorillawalker.com/tanks-advance-normandy-to-the-netherlands-1944.pdf
    • http://www.gorillawalker.com/jazzin-about-standards-favorite-jazz-standards-for-piano-keyboard-book.pdf
    • http://www.gorillawalker.com/real-analysis-with-real-applications.pdf
    • http://www.gorillawalker.com/harley-davidson-sportster-70-to-10-haynes-service-repair-manual.pdf
    • http://www.gorillawalker.com/baedeker-s-usa.pdf
    • http://www.gorillawalker.com/a-dictionary-of-marxist-thought.pdf
    • http://www.gorillawalker.com/journey-to-the-east.pdf
    • http://www.gorillawalker.com/the-protestant-ethnic-and-the-spirit-of-capitalism.pdf
    • http://www.gorillawalker.com/strip-method-design-handbook.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.