Malicious PDF — malware analysis report

Static analysis result for SHA-256 29d720e270c78e17…

MALICIOUS

PDF

45.3 KB Created: 2018-11-14 11:32:50 +03:00 Authoring application: Adobe Illustrator CS5.1 (via GPL Ghostscript 9.10)
MD5: 97b97566a0d663299497d0f2255655bf SHA-1: 7e26542ebcf374936e1398865b473019b673e2e7 SHA-256: 29d720e270c78e178e84f98f1ca7af83852de280c3bfc2b39f2dcad82aa77fda
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links, primarily pointing to PDF files on www.gorillawalker.com. This behavior is indicative of a link farm or a technique to distribute malicious content indirectly. The ML classifier also flagged this PDF as malicious with a high probability. No scripts were extracted, and the document body was heavily obfuscated, limiting further analysis of the specific lure.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8812

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/franklin-d-roosevelt-and-the-great-depression-life-in-the.pdf
    • http://www.gorillawalker.com/mathematical-foundations-of-computer-science-2014-39th-international-symposium-mfcs.pdf
    • http://www.gorillawalker.com/the-inability-to-love-jews-gender-and-america-in-recent.pdf
    • http://www.gorillawalker.com/mission-shaped-evangelism-paperback.pdf
    • http://www.gorillawalker.com/educating-mentally-handicapped-children-education-pamphlet.pdf
    • http://www.gorillawalker.com/the-diary-of-a-district-officer-foreword-by-lord-hailey.pdf
    • http://www.gorillawalker.com/the-united-nations-in-the-21st-century-dilemmas-in-world.pdf
    • http://www.gorillawalker.com/easy-as-recipes-56-gluten-free-main-meals-easy-as.pdf
    • http://www.gorillawalker.com/textile-conservation-butterworth-heinemann-series-in-conservation-and-museology.pdf
    • http://www.gorillawalker.com/wedding-night-a-novel-kindle-edition.pdf
    • http://www.gorillawalker.com/high-impact-tools-and-activities-for-strategic-planning-creative-techniques.pdf
    • http://www.gorillawalker.com/law-and-providence-in-joseph-bellamy-s-new-england-the.pdf
    • http://www.gorillawalker.com/hit-and-run-misfits-inc.pdf
    • http://www.gorillawalker.com/the-informed-shopper-tips-for-buying-technology.pdf
    • http://www.gorillawalker.com/150-first-spanish-phrases.pdf
    • http://www.gorillawalker.com/gustav-gloom-and-the-nightmare-vault-2.pdf
    • http://www.gorillawalker.com/elementary-particles-library-of-physical-science.pdf
    • http://www.gorillawalker.com/the-quiltmaker-s-journey.pdf
    • http://www.gorillawalker.com/go-explore-the-solar-system-family-korean-edition.pdf
    • http://www.gorillawalker.com/the-power-of-forgetting-six-essential-skills-to-clear-out.pdf
    • http://www.gorillawalker.com/us-army-radio-wave-propagation-and-antennas-kindle-edition.pdf
    • http://www.gorillawalker.com/simple-worship-easy-to-play-piano-arrangements-of-contemporary-praise.pdf
    • http://www.gorillawalker.com/168-recetas-para-preparar-tortas-y-caf.pdf
    • http://www.gorillawalker.com/shepherding-god-s-flock-biblical-leadership-in-the-new-testament.pdf
    • http://www.gorillawalker.com/ciclo-da-agua-mapa-portugues-brasil.pdf
    • http://www.gorillawalker.com/transforming-undergraduate-science-teaching-social-constructivist-perspectives-counterpoints.pdf
    • http://www.gorillawalker.com/shakespeare-s-love-sonnets.pdf
    • http://www.gorillawalker.com/a-dark-night-s-passing-japan-s-modern-writers-paperback.pdf
    • http://www.gorillawalker.com/dog-man-chronicles-of-an-iditarod-champion.pdf
    • http://www.gorillawalker.com/the-furies-violence-and-terror-in-the-french-and-russian.pdf
    • http://www.gorillawalker.com/opportunities-in-computer-science-careers.pdf
    • http://www.gorillawalker.com/china-markets-yearbook-1999-english-and-chinese-edition.pdf
    • http://www.gorillawalker.com/pinterest-coffee-recipes-blank-cookbook-blank-recipe-book-recipe-keeper.pdf
    • http://www.gorillawalker.com/maverick-prospecting-secrets-leverage-free-internet-services-to-find-and.pdf
    • http://www.gorillawalker.com/mcdougal-littell-world-history-ancient-civilizations-reading-study-guide-spanish.pdf
    • http://www.gorillawalker.com/history-of-huntingdon-county-in-the-state-of-pennsylvania-from.pdf
    • http://www.gorillawalker.com/mitigating-shore-erosion-along-sheltered-coasts.pdf
    • http://www.gorillawalker.com/global-peace-and-the-rise-of-antichrist.pdf
    • http://www.gorillawalker.com/navigating-the-spanish-lake-the-pacific-in-the-iberian-world.pdf
    • http://www.gorillawalker.com/picnic-on-nearside.pdf
    • http://www.gorillawalker.com/the-diary-of-a-district-o
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.