Malicious PDF — malware analysis report

Static analysis result for SHA-256 2cade2f3686e8519…

MALICIOUS

PDF

43.8 KB Created: 2018-11-30 20:56:10 +03:00 Authoring application: Adobe InDesign CS3 (5.0.4) (via Adobe PDF Library 8.0)
MD5: 0d5ff78a8c4a2624c2520d1567d98809 SHA-1: 1d9fabaa80bcae7b9b0e693ddcf0b26e7bdeeef5 SHA-256: 2cade2f3686e8519840fb6a5e2be0556ca2c85226580a27a525a959a1c078a28
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 User Execution: Malicious File

The PDF was flagged by a machine learning classifier as malicious and contains a large number of embedded external links. The heuristic 'PDF_SEO_LINK_FARM' indicates that the document is designed to host a mass of external PDF links, with the primary domain being www.gorillawalker.com. This suggests a tactic to manipulate search engine results or to distribute a large volume of content, potentially malicious, to unsuspecting users. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9016

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/mechanical-vibrations.pdf
    • http://www.gorillawalker.com/fitzgerald-geography-of-a-revolution-geographies-of-justice-and-social.pdf
    • http://www.gorillawalker.com/give-it-a-push-give-it-a-pull-a-look.pdf
    • http://www.gorillawalker.com/the-brahmo-somaj-lectures-and-tracts-by-keshub-chunder-sen.pdf
    • http://www.gorillawalker.com/fly-patterns-of-british-columbia-the-roderick-haig-brown-centenary.pdf
    • http://www.gorillawalker.com/the-biology-and-management-of-lobsters-physiology-and-behavior-the.pdf
    • http://www.gorillawalker.com/the-craftsman-s-handbook-il-libro-dell-arte.pdf
    • http://www.gorillawalker.com/mind-s-eye-theater-book-of-the-wyrm.pdf
    • http://www.gorillawalker.com/inside-secrets-to-venture-capital.pdf
    • http://www.gorillawalker.com/world-of-warcraft-2009-mini-wall-calendar-calendar.pdf
    • http://www.gorillawalker.com/the-monster-we-defied-a-son-s-alzheimer-s-recital.pdf
    • http://www.gorillawalker.com/back-of-the-boat-gourmet-cooking-afloat-pool-side-backyard.pdf
    • http://www.gorillawalker.com/the-magdalene-gospel.pdf
    • http://www.gorillawalker.com/an-illustrated-history-of-motorcycles.pdf
    • http://www.gorillawalker.com/in-and-out-of-the-garbage-pail.pdf
    • http://www.gorillawalker.com/mighty-midsized-companies-how-leaders-overcome-7-silent-growth-killers.pdf
    • http://www.gorillawalker.com/mixed-models-theory-and-applications-with-r.pdf
    • http://www.gorillawalker.com/life-s-a-cappella-a-cappella-series-book-1-volume.pdf
    • http://www.gorillawalker.com/essential-theravada-and-mahayana-texts-extended-annotated-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/loyalist-mosaic-a-multi-ethnic-heritage.pdf
    • http://www.gorillawalker.com/recasting-women-essays-in-colonial-history.pdf
    • http://www.gorillawalker.com/the-right-to-die-1993-supplement-no-2.pdf
    • http://www.gorillawalker.com/rka-jb-1-112-3-tuba-part-qty-2-a2057.pdf
    • http://www.gorillawalker.com/the-case-for-faith-student-edition-a-journalist-investigates-the.pdf
    • http://www.gorillawalker.com/mayo-clinic-cardiology-board-review-questions-and-answers.pdf
    • http://www.gorillawalker.com/sky-high-prose-version-in-the-picture-fantasies.pdf
    • http://www.gorillawalker.com/one-hand-clapping-zen-stories-for-all-ages.pdf
    • http://www.gorillawalker.com/harnessing-microstation-v8.pdf
    • http://www.gorillawalker.com/rock-n-road.pdf
    • http://www.gorillawalker.com/collector-s-guide-to-transistor-radios.pdf
    • http://www.gorillawalker.com/justice-prevails-sin-city-uniforms-volume-3.pdf
    • http://www.gorillawalker.com/ghosts-among-us-uncovering-the-truth-about-the-other-side.pdf
    • http://www.gorillawalker.com/in-control-learning-to-say-no-to-sexual-pressure-the.pdf
    • http://www.gorillawalker.com/berlin-insight-guide-berlin.pdf
    • http://www.gorillawalker.com/om-john-wiclif-och-hans-betydelse-ssom-en-reformationens-frelpare.pdf
    • http://www.gorillawalker.com/ukulele-song-book-in-notation-and-tablature-by-middlebrook-ron.pdf
    • http://www.gorillawalker.com/q-a-a-day-for-creatives-a-4-year-journal.pdf
    • http://www.gorillawalker.com/controversies-high-level-catholic-apologetics.pdf
    • http://www.gorillawalker.com/blanket-chests-outstanding-designs-from-30-of-the-world-s.pdf
    • http://www.gorillawalker.com/essential-further-mathematics-fourth-edition-enhanced-tin-cp-version-essential.pdf
    • http://www.goril
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.