Malicious PDF — malware analysis report

Static analysis result for SHA-256 2283d52a0e729541…

MALICIOUS

PDF

44.5 KB Created: 2018-11-14 11:21:25 +03:00 Authoring application: QuarkXPressª: LaserWriter 8 8.5.1 (via Acrobat Distiller 3.01 for Power Macintosh)
MD5: dbcc53cab0c3fe8269624e645011fb46 SHA-1: 6c4d359051849fd4fedc7d3fba388dc5313cafb3 SHA-256: 2283d52a0e7295417871da83c4ebebdf0b2c0ab4e480ceb40dcfcd206d7f2fbd
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF was flagged by a machine learning classifier and contains a large number of embedded external links, indicating a potential link farm or a distribution point for malicious content. The primary heuristic indicates a "PDF_SEO_LINK_FARM" with 32 external links, predominantly hosted on www.gorillawalker.com. While no scripts were extracted, the sheer volume of links suggests a malicious intent, possibly to direct users to phishing sites or download further malware.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9171

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/3-a-m-musings-of-love-lost-love-found.pdf
    • http://www.gorillawalker.com/sedona-travel-the-enchantment-of-the-red-rocks-coffee-table.pdf
    • http://www.gorillawalker.com/dialogos-con-la-danza-dance-dialogues-vivencias-y-personajes-spanish.pdf
    • http://www.gorillawalker.com/luxe-sydney-7th-edition-luxe-city-guides.pdf
    • http://www.gorillawalker.com/dr-holoman-s-handy-guide-to-concert-going-a-short.pdf
    • http://www.gorillawalker.com/thermodynamics-of-chaotic-systems-an-introduction-cambridge-nonlinear-science-series.pdf
    • http://www.gorillawalker.com/heading-for-heaven.pdf
    • http://www.gorillawalker.com/basic-blues-guitar-method-bk-2-book-enhanced-cd.pdf
    • http://www.gorillawalker.com/the-ascent-of-rum-doodle-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/new-state-spaces-urban-governance-and-the-rescaling-of-statehood.pdf
    • http://www.gorillawalker.com/algebra-a-complete-introduction-a-teach-yourself-guide-teach-yourself.pdf
    • http://www.gorillawalker.com/ssat-isee-test-prep-essential-vocabulary-review-flashcards-ssat-isee.pdf
    • http://www.gorillawalker.com/learn-to-draw-like-the-masters-dragons.pdf
    • http://www.gorillawalker.com/rna-mapping-methods-and-protocols-methods-in-molecular-biology.pdf
    • http://www.gorillawalker.com/fodor-s-japan-full-color-travel-guide-paperback-common.pdf
    • http://www.gorillawalker.com/nursing-the-finest-art-an-illustrated-history.pdf
    • http://www.gorillawalker.com/smoothies-the-original-smoothie-book-vol-1.pdf
    • http://www.gorillawalker.com/grizzly-almanac-a-fully-illustrated-natural-and-cultural-history-of.pdf
    • http://www.gorillawalker.com/an-introduction-to-radiation-protection-science-paperbacks.pdf
    • http://www.gorillawalker.com/banned-in-britain-beating-the-liberal-blacklist.pdf
    • http://www.gorillawalker.com/your-travel-guide-to-ancient-greece-passport-to-history.pdf
    • http://www.gorillawalker.com/the-saint-plays-with-fire-the-saint-series.pdf
    • http://www.gorillawalker.com/journey-to-home.pdf
    • http://www.gorillawalker.com/sometimes-infinity-only-lasts-147-pages-a-shared-quest-on.pdf
    • http://www.gorillawalker.com/live-spanish-grammar-for-english-speakers-solucionario-spanish-edition.pdf
    • http://www.gorillawalker.com/write-book-make-money-monetize-your-existing-knowledge-and-publish.pdf
    • http://www.gorillawalker.com/zen-putting-mastering-the-mental-game-on-the-greens.pdf
    • http://www.gorillawalker.com/possidius-of-calama-a-study-of-the-north-african-episcopate.pdf
    • http://www.gorillawalker.com/the-wicked-widow-meets-her-match-a-regency-rogues-novel.pdf
    • http://www.gorillawalker.com/end-game-the-phenomenon-trilogy-volume-3.pdf
    • http://www.gorillawalker.com/2nd-ss-panzer-division-das-reich-vanguard-7.pdf
    • http://www.gorillawalker.com/cocina-sin-colesterol.pdf
    • http://www.gorillawalker.com/germany-a-country-study-da-pam-550-173.pdf
    • http://www.gorillawalker.com/belgium-and-holland-including-the-grand-duchy-of-luxembourg-handbook.pdf
    • http://www.gorillawalker.com/happy-stories-real-life-inspirational-stories-from-around-the-world.pdf
    • http://www.gorillawalker.com/how-to-build-hot-rod-chassis-motorbooks-workshop-paperback.pdf
    • http://www.gorillawalker.com/oxford-teachers-academy-teaching-english-to-teenagers-participant-code-card.pdf
    • http://www.gorillawalker.com/the-big-book-of-grandparents-names.pdf
    • http://www.gorillawalker.com/the-legend-of-the-bunny.pdf
    • http://www.gorillawalker.com/using-art-therapy-with-diverse-populations-crossing-cultures-and-abilities.pdf
    • http://www.gorillawalker.c
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.