Malicious PDF — malware analysis report

Static analysis result for SHA-256 2c2f740183bf7355…

MALICIOUS

PDF

44.3 KB Created: 2018-12-15 08:11:42 +03:00 Authoring application: PDFCreator Version 0.8.0 (via AFPL Ghostscript 8.14)
MD5: 1c0eab104c683ab4cf89b9ed738fae2b SHA-1: 8327288546fc7ad7f5d01e77ed858708e8b17e90 SHA-256: 2c2f740183bf73559389eb1897d5f31127f495feed614cf72bc64abb113f760c
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links, primarily pointing to the domain www.gorillawalker.com. This behavior is indicative of a link farm or SEO poisoning attack, designed to drive traffic to a large collection of documents. No scripts were extracted, and the document body was heavily obfuscated, making it difficult to determine a more specific user-facing lure.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9171

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/symmetry-groups-in-nuclear-and-particle-physics-lecture-note-and.pdf
    • http://www.gorillawalker.com/day-hikes-in-grand-teton-national-park-4th.pdf
    • http://www.gorillawalker.com/anarcho-syndicalism-pluto-classics.pdf
    • http://www.gorillawalker.com/a-girl-in-a-large-rectangle-a-collection-of-poetry.pdf
    • http://www.gorillawalker.com/god-came-near-the-bestseller-collection.pdf
    • http://www.gorillawalker.com/rushing-to-armageddon-the-shocking-truth-about-canada-missile-defence.pdf
    • http://www.gorillawalker.com/the-doors-you-mark-are-your-own-joshua-city-trilogy.pdf
    • http://www.gorillawalker.com/tcp-ip-lean-web-servers-for-embedded-systems-second-edition.pdf
    • http://www.gorillawalker.com/treasure-yourself-power-thoughts-for-my-generation.pdf
    • http://www.gorillawalker.com/the-roy-orbison-guitar-songbook-guitar-songbook-edition.pdf
    • http://www.gorillawalker.com/the-song-of-the-nibelungs-a-verse-translation-from-the.pdf
    • http://www.gorillawalker.com/bhajanamritam-2.pdf
    • http://www.gorillawalker.com/gymnastics-during-pregnancy-and-postpartum-recovery-operation.pdf
    • http://www.gorillawalker.com/autoimmunity-part-a-basic-principles-and-new-diagnostic-tools-volume.pdf
    • http://www.gorillawalker.com/oikismoi-architektonike-akama-greek-edition.pdf
    • http://www.gorillawalker.com/robot-voyagers-robozones.pdf
    • http://www.gorillawalker.com/creating-schools-that-heal-real-life-solutions.pdf
    • http://www.gorillawalker.com/analog-organic-electronics-building-blocks-for-organic-smart-sensor-systems.pdf
    • http://www.gorillawalker.com/malayalam-english-english-malayalam-dictionary-phrasebook-malayalam-edition.pdf
    • http://www.gorillawalker.com/principles-and-practice-of-echocardiography.pdf
    • http://www.gorillawalker.com/corazones-maltratados-c-mo-salvar-tu-familia-de-los-estragos.pdf
    • http://www.gorillawalker.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx-arabic-edition.pdf
    • http://www.gorillawalker.com/international-law-reports-volume-83.pdf
    • http://www.gorillawalker.com/mccracken-s-removable-partial-prosthodontics-international-edition.pdf
    • http://www.gorillawalker.com/son-of-liberty-no-apology.pdf
    • http://www.gorillawalker.com/guatemalan-caudillo-the-regime-of-jorge-ubico-guatemala-1933-to.pdf
    • http://www.gorillawalker.com/western-mining-an-informal-account-of-precious-metals-prospecting-placering.pdf
    • http://www.gorillawalker.com/child-abuse-an-personal-perspective-kindle-edition.pdf
    • http://www.gorillawalker.com/a-history-of-greek-philosophy-volume-3-the-fifth-century.pdf
    • http://www.gorillawalker.com/the-heidenmauer-or-the-benedictines-a-legend-of-the-rhine.pdf
    • http://www.gorillawalker.com/the-antidote-happiness-for-people-who-can-t-stand-positive.pdf
    • http://www.gorillawalker.com/fluorescence-in-situ-hybridization-fish-application-guide.pdf
    • http://www.gorillawalker.com/little-brats-bundle-taboo-older-younger-spanking-bareback-erotica.pdf
    • http://www.gorillawalker.com/before-france-and-germany-the-creation-and-transformation-of-the.pdf
    • http://www.gorillawalker.com/baby-help-hamilton-high-series.pdf
    • http://www.gorillawalker.com/discurso-criollista-en-la-formacion-de-la-argentina-coleccion-historia.pdf
    • http://www.gorillawalker.com/map-kinase-signaling-protocols-methods-in-molecular-biology.pdf
    • http://www.gorillawalker.com/democracy-without-competition-in-japan-opposition-failure-in-a-one.pdf
    • http://www.gorillawalker.com/ukrainians-of-metropolitan-detroit-images-of-america.pdf
    • http://www.gorillawalker.com/reussir-les-sauces-et-les-vinaigrettes-la-cuisine-v.pdf
    • http://www.gorillawalker.com/the-doors-you-mark-are-yo
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.