Malicious PDF — malware analysis report

Static analysis result for SHA-256 283d364c18df864e…

MALICIOUS

PDF

43.9 KB Created: 2018-11-30 20:31:40 +03:00 Authoring application: FrameMaker 5.5.6. (via Acrobat Distiller 4.05 for Sparc Solaris)
MD5: 38bf8383d37504b94941e850865ce5b5 SHA-1: 9c8c2b7e5d2b070768616edd292dceb28c285f2e SHA-256: 283d364c18df864e30686eb19aece26c8a5a0578c8eb6e20ae83f621f2e344de
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF contains a large number of embedded links to external PDF files, primarily hosted on www.gorillawalker.com. This behavior is indicative of a link farm or a phishing lure designed to direct users to a high volume of content, potentially for SEO manipulation or to host malicious payloads disguised as legitimate documents. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9016

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/stalking-the-wild-asparagus-field-guide-edition.pdf
    • http://www.gorillawalker.com/the-joy-of-living-and-dying-in-peace-core-teachings.pdf
    • http://www.gorillawalker.com/comprehensive-management-of-chronic-obstructive-pulmonary-disease.pdf
    • http://www.gorillawalker.com/minecraft-diary-of-a-curious-steve-book-3-finding-the.pdf
    • http://www.gorillawalker.com/the-councils-of-the-church-a-short-history.pdf
    • http://www.gorillawalker.com/how-and-where-to-locate-the-merchandise-to-sell-on.pdf
    • http://www.gorillawalker.com/the-process-of-legal-research.pdf
    • http://www.gorillawalker.com/theory-of-elasticity-course-of-theoretical-physics-vol-7.pdf
    • http://www.gorillawalker.com/a-brewer-s-guide-to-opening-a-nano-brewery-your.pdf
    • http://www.gorillawalker.com/how-to-manage-spelling-successfully.pdf
    • http://www.gorillawalker.com/the-sharpbrains-guide-to-brain-fitness-how-to-optimize-brain.pdf
    • http://www.gorillawalker.com/basic-immunology-functions-and-disorders-of-the-immune-system-4e.pdf
    • http://www.gorillawalker.com/ciencias-de-la-salud-2-bachillerato-spanish-edition.pdf
    • http://www.gorillawalker.com/costa-rica-butterflies-wildlife-guide-laminated-foldout-pocket-field-guide.pdf
    • http://www.gorillawalker.com/ruined-a-decadence-after-dark-epilogue.pdf
    • http://www.gorillawalker.com/the-artful-universe-expanded.pdf
    • http://www.gorillawalker.com/a-companion-to-business-ethics.pdf
    • http://www.gorillawalker.com/the-indie-guide-to-music-marketing-and-money.pdf
    • http://www.gorillawalker.com/convergence-flashpoint-book-one.pdf
    • http://www.gorillawalker.com/statistical-mechanics-of-the-liquid-surface.pdf
    • http://www.gorillawalker.com/let-s-visit-the-beach-let-s-go-outdoors.pdf
    • http://www.gorillawalker.com/the-book-of-cheese.pdf
    • http://www.gorillawalker.com/superflirt.pdf
    • http://www.gorillawalker.com/a-beginner-s-guide-to-water-polo-volume-1-kindle.pdf
    • http://www.gorillawalker.com/access-card-for-basics-of-biblical-hebrew-interactive-workbook-for.pdf
    • http://www.gorillawalker.com/violin-manual-how-to-assess-buy-set-up-and-maintain.pdf
    • http://www.gorillawalker.com/the-beginner-s-guide-to-the-c4-engine-second-edition.pdf
    • http://www.gorillawalker.com/the-blood-vivicanti-part-3-theo-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/mighty-be-our-powers-how-sisterhood-prayer-and-sex-changed.pdf
    • http://www.gorillawalker.com/pollokshields-1894-lanarkshire-sheet-6-14-old-o-s-maps.pdf
    • http://www.gorillawalker.com/moray-inca-engineering-mystery.pdf
    • http://www.gorillawalker.com/ricin-technical-background-and-potential-role-in-terrorism-kindle-edition.pdf
    • http://www.gorillawalker.com/psychophysiological-recording.pdf
    • http://www.gorillawalker.com/play-and-learn-bible-stories-jesus-is-born-wipe-clean.pdf
    • http://www.gorillawalker.com/the-canadian-ufo-report-the-best-cases-revealed.pdf
    • http://www.gorillawalker.com/my-boyfriend-wrote-a-book-about-me-and-other-stories.pdf
    • http://www.gorillawalker.com/the-sales-bible-the-ultimate-sales-resource-revised-edition.pdf
    • http://www.gorillawalker.com/aqa-gcse-statistics.pdf
    • http://www.gorillawalker.com/marine-steam-turbines-marine-engineering-practice.pdf
    • http://www.gorillawalker.com/human-factors-in-aviation-maintenance-phase-2-progress-report.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.