Malicious PDF — malware analysis report

Static analysis result for SHA-256 29c025b3076814af…

MALICIOUS

PDF

42.8 KB Created: 2019-02-12 18:31:14 +03:00 Authoring application: PScript5.dll Version 5.2 (via Acrobat Distiller 6.0 (Windows))
MD5: 68b83482cc0be23e763f9527528a0838 SHA-1: 58e14bbf6764597f59d49311e3222593adeeb179 SHA-256: 29c025b3076814afa8660a7b9cff7fcad69574b50516b9a3fbdec1b57390cc46
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a mass of external links, identified by the PDF_SEO_LINK_FARM heuristic, pointing to numerous PDF files on the domain www.gorillawalker.com. This suggests a tactic to manipulate search engine results or to distribute a large number of potentially malicious documents. The ML_NYX_PDF_MALICIOUS heuristic further supports the malicious nature of the file. No scripts were extracted, and the document body was unreadable.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8872

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/otra-vez-adi-s-spanish-edition.pdf
    • http://www.gorillawalker.com/shipwright.pdf
    • http://www.gorillawalker.com/pharmacotherapeutics-for-advanced-nursing-practice.pdf
    • http://www.gorillawalker.com/lww-docucare-one-year-access-plus-lynn-handbook-package.pdf
    • http://www.gorillawalker.com/south-yorkshire-pits.pdf
    • http://www.gorillawalker.com/religion-in-modern-islamic-discourse-columbia-hurst.pdf
    • http://www.gorillawalker.com/daily-in-his-presence-a-classic-devotional-from-one-of.pdf
    • http://www.gorillawalker.com/archaeology-of-an-andean-pacarina-bar-international.pdf
    • http://www.gorillawalker.com/el-m-todo-acn-una-manera-saludable-de-adelgazar-spanish.pdf
    • http://www.gorillawalker.com/teresa-drame-en-trois-actes-french-edition.pdf
    • http://www.gorillawalker.com/the-measure-of-my-days.pdf
    • http://www.gorillawalker.com/dance-in-the-distance-there-s-alway-s-tomorrow-free.pdf
    • http://www.gorillawalker.com/200-problemas-de-determinacion-estructural-de-compuestos-organicos-spanish-edition.pdf
    • http://www.gorillawalker.com/the-condition-of-the-working-class-in-england-in-1844.pdf
    • http://www.gorillawalker.com/a-stranger-s-neighborhood-emerging-writers-in-creative-nonfiction.pdf
    • http://www.gorillawalker.com/throwim-way-leg-adventures-in-the-jungles-of-new-guinea.pdf
    • http://www.gorillawalker.com/the-mormon-tabernacle-enquirer.pdf
    • http://www.gorillawalker.com/dear-dad-it-s-over-turning-custody-into-candor.pdf
    • http://www.gorillawalker.com/travel-and-leisure-march-2008-issue.pdf
    • http://www.gorillawalker.com/e-bass-solo-e-bass-f-r-anf-nger-mit.pdf
    • http://www.gorillawalker.com/construction-of-water-works-and-sewerage-systems-for-the-cities.pdf
    • http://www.gorillawalker.com/linking-quality-to-profits-quality-based-cost-management.pdf
    • http://www.gorillawalker.com/the-music-teacher-plays-his-organ-she-takes-his-cherry.pdf
    • http://www.gorillawalker.com/online-investigations-snapchat-volume-3.pdf
    • http://www.gorillawalker.com/anthropology-the-exploration-of-human-diversity.pdf
    • http://www.gorillawalker.com/underwriting-commercial-liability-1st-ed-review-an-article-from-journal.pdf
    • http://www.gorillawalker.com/card-tricks.pdf
    • http://www.gorillawalker.com/king-of-thorns-the-broken-empire-book-2-kindle-edition.pdf
    • http://www.gorillawalker.com/beyond-perturbation-introduction-to-the-homotopy-analysis-method-modern-mechanics.pdf
    • http://www.gorillawalker.com/the-book-of-books-500-years-of-graphic-innovation.pdf
    • http://www.gorillawalker.com/structure-and-interpretation-of-classical-mechanics.pdf
    • http://www.gorillawalker.com/zweisprachiges-buch-deutsch-franz.pdf
    • http://www.gorillawalker.com/new-york-city-step-by-step.pdf
    • http://www.gorillawalker.com/special-edition-of-mosby-s-essentials-for-nursing-assistants.pdf
    • http://www.gorillawalker.com/superlife-the-5-forces-that-will-make-you-healthy-fit.pdf
    • http://www.gorillawalker.com/india-on-5-and-10-a-day.pdf
    • http://www.gorillawalker.com/counterexamples-in-analysis-dover-books-on-mathematics-kindle-edition.pdf
    • http://www.gorillawalker.com/caught-off-guard.pdf
    • http://www.gorillawalker.com/give-me-liberty-freeing-ourselves-in-the-twenty-first-century.pdf
    • http://www.gorillawalker.com/high-society-the-history-of-america-s-upper-class.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.