Malicious PDF — malware analysis report

Static analysis result for SHA-256 3004f9babe07b590…

MALICIOUS

PDF

43.9 KB Created: 2018-12-15 08:11:16 +03:00 Authoring application: PageMaker 6.5 (via Acrobat Distiller 4.05 for Windows)
MD5: 75a07a43f8a697edb7ad2b74f27e4118 SHA-1: 26c71bb4cdd9d705700c01dc8ea9cc2a7658687c SHA-256: 3004f9babe07b5902e2cd1955ffcc956db1f92bc613c0a394e05923459a6d90e
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML_NYX_PDF_MALICIOUS classifier also flagged this document with high confidence. The embedded URLs likely serve as a lure to redirect users to potentially malicious content hosted on the gorillawalker.com domain.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9016

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/online-education-using-learning-objects-open-flexible-learning.pdf
    • http://www.gorillawalker.com/office-space-planning-designing-for-tomorrow-s-workplace-professional-architecture.pdf
    • http://www.gorillawalker.com/introduction-to-employee-fire-and-life-safety.pdf
    • http://www.gorillawalker.com/collins-gem-german-phrasebook-and-dictionary-collins-gem.pdf
    • http://www.gorillawalker.com/dinosaurs-for-kids.pdf
    • http://www.gorillawalker.com/history-and-society-in-the-novels-of-ramon-musones.pdf
    • http://www.gorillawalker.com/diario-de-sesiones-de-la-c-mara-de-senadores-de.pdf
    • http://www.gorillawalker.com/american-review-of-respiratory-disease-march-1967.pdf
    • http://www.gorillawalker.com/immaculate.pdf
    • http://www.gorillawalker.com/captured-at-the-castle-scandal-in-sussex-book-2.pdf
    • http://www.gorillawalker.com/old-wineskins-new-wine-readings-in-sexuality-in-sub-saharan.pdf
    • http://www.gorillawalker.com/judaism-from-cyrus-to-hadrian-the-roman-period-volume-two.pdf
    • http://www.gorillawalker.com/the-canadian-style.pdf
    • http://www.gorillawalker.com/number-theory-an-introduction-to-proof.pdf
    • http://www.gorillawalker.com/in-good-hands-book-5-georgie-b-goode-gypsy-caravan.pdf
    • http://www.gorillawalker.com/contemporary-studio-case-furniture-the-inside-story.pdf
    • http://www.gorillawalker.com/pharmacology-and-therapeutics-for-dentistry-6e.pdf
    • http://www.gorillawalker.com/season-of-carols-harp-opt.pdf
    • http://www.gorillawalker.com/s-rie-castonbury-park-l-int-grale-french-edition.pdf
    • http://www.gorillawalker.com/constitutions-in-authoritarian-regimes-comparative-constitutional-law-and-policy.pdf
    • http://www.gorillawalker.com/the-best-stage-scenes-of-2001.pdf
    • http://www.gorillawalker.com/plastic-packaging-manufacturing-in-indonesia-download-pdf-digital.pdf
    • http://www.gorillawalker.com/friendship-according-to-humphrey-kindle-edition.pdf
    • http://www.gorillawalker.com/guardians-of-space-and-happiness-the-qed-for-climate-change.pdf
    • http://www.gorillawalker.com/recruiting-assessing-and-supporting-lesbian-and-gay-adopters-good-practice.pdf
    • http://www.gorillawalker.com/slovo-the-unfinished-autobiography-of-anc-leader-joe-slovo.pdf
    • http://www.gorillawalker.com/esska-instructional-course-lecture-book-amsterdam-2014.pdf
    • http://www.gorillawalker.com/el-plan-panza-plana-un-abdomen-plano-es-cuesti.pdf
    • http://www.gorillawalker.com/guide-to-distance-learning-the-practical-alternative-to-standard-classroom.pdf
    • http://www.gorillawalker.com/runequest-scenario-iii.pdf
    • http://www.gorillawalker.com/angels-in-america-a-gay-fantasia-on-national-themes-revised.pdf
    • http://www.gorillawalker.com/weather-radar-principles-and-advanced-applications-physics-of-earth-and.pdf
    • http://www.gorillawalker.com/hiraizumi-buddhist-art-and-regional-politics-in-twelfth-century-japan.pdf
    • http://www.gorillawalker.com/the-bible-on-leadership-from-moses-to-matthew-management-lessons.pdf
    • http://www.gorillawalker.com/realistic-ray-tracing-second-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/dark-duets-all-new-tales-of-horror-and-dark-fantasy.pdf
    • http://www.gorillawalker.com/antolog-a-personal-spanish-edition.pdf
    • http://www.gorillawalker.com/tomorrow-may-never-come.pdf
    • http://www.gorillawalker.com/advances-in-neural-networks-computational-and-theoretical-issues-smart-innovation.pdf
    • http://www.gorillawalker.com/growing-vegetables-in-containers-how-to-grow-gourmet-vegetables-in.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.