Malicious PDF — malware analysis report

Static analysis result for SHA-256 2fc097d3bb29cced…

MALICIOUS

PDF

44.1 KB Created: 2018-12-02 20:13:07 +03:00 Authoring application: PDFpen
MD5: 9c1e1c8d7387f5adcf30cbce84376798 SHA-1: e57fe020afc3ae07896a08b584ef0e397fe2a1ff SHA-256: 2fc097d3bb29cced602ac6e6f853c48dd4a5550e749d0af2478f786d820b5d4d
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious File

The PDF file was flagged by a machine learning classifier as malicious. Static analysis revealed a significant number of embedded external links, specifically a 'link farm' pointing to various PDF documents on the 'gorillawalker.com' domain. This technique is often used for SEO manipulation or to host a large number of redirectors to malicious sites. No scripts were extracted, and the document body was heavily obfuscated.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8439

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/strauss-waltzes-for-accordion-with-chord-symbols-and-bass-clef.pdf
    • http://www.gorillawalker.com/tarzan-versus-the-barbarians-vol-2.pdf
    • http://www.gorillawalker.com/the-collected-stories-the-legend-of-drizzt.pdf
    • http://www.gorillawalker.com/bags-boxes-buttons-beyond-a-resource-book-of-science-and.pdf
    • http://www.gorillawalker.com/diccionario-inverso-ilustrado-de-la-idea-aproximada-a-la-palabra.pdf
    • http://www.gorillawalker.com/the-power-of-thanks-how-social-recognition-empowers-employees-and.pdf
    • http://www.gorillawalker.com/archaeological-formation-processes-the-representativity-of-archaeological-remains-from-danish.pdf
    • http://www.gorillawalker.com/creating-science-fiction-comics-creating-comics.pdf
    • http://www.gorillawalker.com/conversations-with-scripture-the-law-anglican-association-of-biblical-scholars.pdf
    • http://www.gorillawalker.com/pmp-exam-success-series-bootcamp-manual-with-exam-simulation-application.pdf
    • http://www.gorillawalker.com/relative-strength-indicator-rsi-build-your-trading-plan-with-relative.pdf
    • http://www.gorillawalker.com/bala-veda-pediatrics-and-ayurveda.pdf
    • http://www.gorillawalker.com/system-dynamics-modelling-a-practical-approach.pdf
    • http://www.gorillawalker.com/beauty-of-the-coral-reefs.pdf
    • http://www.gorillawalker.com/successful-nursing-assistant-care.pdf
    • http://www.gorillawalker.com/circular-dichroism-principles-and-applications.pdf
    • http://www.gorillawalker.com/mental-health-law-in-new-zealand.pdf
    • http://www.gorillawalker.com/beginning-apologetics-2-how-to-answer-jehovah-s-witnesses-and.pdf
    • http://www.gorillawalker.com/sao-paulo-insight-fleximap-insight-flexi-maps.pdf
    • http://www.gorillawalker.com/toughness-developing-true-strength-on-and-off-the-court.pdf
    • http://www.gorillawalker.com/liturgy-sacrosanctum-concilium-rediscovering-vatican-ii.pdf
    • http://www.gorillawalker.com/worship-and-service-hymnal-for-church-school-and-home.pdf
    • http://www.gorillawalker.com/teolog-a-sistem-tica-de-finney-spanish-edition.pdf
    • http://www.gorillawalker.com/bloch-schoenberg-and-bernstein-assimilating-jewish-music.pdf
    • http://www.gorillawalker.com/seven-avms-tenets-and-techniques-for-resection.pdf
    • http://www.gorillawalker.com/enough-stewardship-program-key-tag-pkg-of-90-individual-tags.pdf
    • http://www.gorillawalker.com/assembly-language-step-by-step.pdf
    • http://www.gorillawalker.com/un-empleado-ejemplar-lecturas-graduadas-nivel-avanzado-lecturas-graduadas-graded.pdf
    • http://www.gorillawalker.com/the-gunners-of-shenyang.pdf
    • http://www.gorillawalker.com/architectural-heritage-ii-scotish-architects-abroad-the-journal-of-the.pdf
    • http://www.gorillawalker.com/epistemic-meaning-springer-series-in-language-and-communication.pdf
    • http://www.gorillawalker.com/kid-soldier.pdf
    • http://www.gorillawalker.com/battling-demons-witchcraft-heresy-and-reform-in-the-late-middle.pdf
    • http://www.gorillawalker.com/rendezvous-south-atlantic.pdf
    • http://www.gorillawalker.com/the-law-of-love-its-fabulous-frequency-of-freedom.pdf
    • http://www.gorillawalker.com/cancer-of-the-breast-5e-cancer-of-the-breast-donegan.pdf
    • http://www.gorillawalker.com/the-perfect-gentleman-the-pursuit-of-timeless-elegance-and-style.pdf
    • http://www.gorillawalker.com/athletics-know-the-game.pdf
    • http://www.gorillawalker.com/day-trips-from-charlotte-getaway-ideas-for-the-local-traveler.pdf
    • http://www.gorillawalker.com/uncle-eek-and-the-pirates-of-gloom-uncle-eek-s.pdf
    • http://www.gorillawalker.com/diccionario-inverso-ilustrado-de-la-idea-aproxima
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.