Malicious PDF — malware analysis report

Static analysis result for SHA-256 250b17d22d6169d7…

MALICIOUS

PDF

34.3 KB Created: 2019-12-13 20:16:32 +03:00 Authoring application: Adobe InDesign CS4 (6.0.6) (via Adobe PDF Library 9.0)
MD5: 8217cad367da360a7492515ea54ec766 SHA-1: 896cc3f5695417c8f085e4e8b6af19694a72a8eb SHA-256: 250b17d22d6169d77848ee802784875dc8b49350352922d7cf214a3aec4d7bb5
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious File

The PDF file was flagged by a machine learning classifier and contains a large number of embedded links to external PDF files hosted on gorillawalker.com. This heuristic firing suggests the document is part of a link farm or SEO spam campaign, potentially designed to distribute further malicious content or lead users to phishing sites. The primary attack pattern involves leveraging these embedded links.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8261

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/novels-and-social-writings-the-people-of-the-abyss-the.pdf
    • http://www.gorillawalker.com/queen-sugar-a-novel.pdf
    • http://www.gorillawalker.com/ruger-his-guns-a-history-of-the-man-the-company.pdf
    • http://www.gorillawalker.com/drone-theory.pdf
    • http://www.gorillawalker.com/a-trolley-honeymoon-from-delaware-to-maine.pdf
    • http://www.gorillawalker.com/cpa-review-2009-auditing.pdf
    • http://www.gorillawalker.com/populismo-o-mercados-spanish-edition.pdf
    • http://www.gorillawalker.com/war-and-revolution-in-catalonia-1936-1939-historical-materialism-book.pdf
    • http://www.gorillawalker.com/elements-of-the-mathematical-theory-of-electricity-and-magnetism.pdf
    • http://www.gorillawalker.com/to-love-a-scottish-lord-book-four-of-the-highland.pdf
    • http://www.gorillawalker.com/cherokee-extended-big-band-arrangement-including-parts-for-french-horns.pdf
    • http://www.gorillawalker.com/cal-98-world-s-toughest-golf-holes.pdf
    • http://www.gorillawalker.com/good-food-for-camp-and-trail-all-natural-recipes-for.pdf
    • http://www.gorillawalker.com/the-strategic-leader-new-tactics-for-a-globalizing-world.pdf
    • http://www.gorillawalker.com/mother-was-it-worth-it-sell-the-pig-series-book.pdf
    • http://www.gorillawalker.com/constructing-the-political-spectacle.pdf
    • http://www.gorillawalker.com/joy-victorian-library.pdf
    • http://www.gorillawalker.com/basic-theorems-in-matrix-theory-u-s-department-of-commerce.pdf
    • http://www.gorillawalker.com/how-to-fix-a-leek-other-foods-from-your-farmers.pdf
    • http://www.gorillawalker.com/rules-of-thumb-for-engineers-and-scientists.pdf
    • http://www.gorillawalker.com/life-care-planning-and-case-management-handbook.pdf
    • http://www.gorillawalker.com/fall-of-the-sith-empire-star-wars-tales-of-the.pdf
    • http://www.gorillawalker.com/the-princeton-review-gre-computer-diagnostic-test-1995-mac-version.pdf
    • http://www.gorillawalker.com/australia-great-desert-tracks-atlas-and-guide-hema-a-dis20sp.pdf
    • http://www.gorillawalker.com/comparative-animal-nutrition-and-metabolism.pdf
    • http://www.gorillawalker.com/anxiety-theory-research-and-intervention-in-clinical-and-health-psychology.pdf
    • http://www.gorillawalker.com/social-security-financing-social-security-series-no-3.pdf
    • http://www.gorillawalker.com/deep-in-a-dream-the-long-night-of-chet-baker.pdf
    • http://www.gorillawalker.com/moll-flanders-norton-critical-editions.pdf
    • http://www.gorillawalker.com/chile-construction-plans-for-proposed-210-000-000-power-plant.pdf
    • http://www.gorillawalker.com/victoria-country-road-atlas-2003.pdf
    • http://www.gorillawalker.com/egyptian-scarabs.pdf
    • http://www.gorillawalker.com/vader-voldemort-and-other-villains-essays-on-evil-in-popular.pdf
    • http://www.gorillawalker.com/comprehensive-polymer-science-the-synthesis-characterization-reactions-and-applications-of.pdf
    • http://www.gorillawalker.com/moon-honduras-the-bay-islands-moon-handbooks-kindle-edition.pdf
    • http://www.gorillawalker.com/zagat-2007-san-francisco-bay-area-restaurants.pdf
    • http://www.gorillawalker.com/lost-in-time-and-space-an-unofficial-guide-to-the.pdf
    • http://www.gorillawalker.com/energy-true-books-physical-science.pdf
    • http://www.gorillawalker.com/die-fledermaus-act-i-terzett-so-muss-allein-ich-bleiben.pdf
    • http://www.gorillawalker.com/imitaci-n-de-cristo-colecci-n-sepan-cuantos-030-spanish.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.