Malicious PDF — malware analysis report

Static analysis result for SHA-256 303cee86fe5123ee…

MALICIOUS

PDF

41.0 KB Created: 2018-11-30 20:23:50 +03:00 Authoring application: QuarkXPress(R) 9.54
MD5: f043c48ae1712f973fd6f89c9b7c9a90 SHA-1: 2b1fa1a6fee8a8abe245a22fd1e93aacd7c00baf SHA-256: 303cee86fe5123ee1f174e843b2731f8157562261f719a230ee41f7a719deeda
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged the document as malicious. The primary attack pattern involves directing users to a link farm hosted on www.gorillawalker.com, likely as a distribution or redirection mechanism.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/god-have-you-got-it-all-together.pdf
    • http://www.gorillawalker.com/genetic-algorithms-and-the-optimization-problems-in-graph-theory.pdf
    • http://www.gorillawalker.com/knit-your-own-pet-easy-to-follow-patterns-for-beginners.pdf
    • http://www.gorillawalker.com/reading-2007-grammar-and-writing-practice-book-grade-1-reading.pdf
    • http://www.gorillawalker.com/meehan-and-sharpe-on-appellate-advocacy.pdf
    • http://www.gorillawalker.com/when-magoo-flew-the-rise-and-fall-of-animation-studio.pdf
    • http://www.gorillawalker.com/aa-road-map-portugal-aa-road-map-spain-portugal.pdf
    • http://www.gorillawalker.com/what-mad-pursuit-a-personal-view-of-scientific-discovery.pdf
    • http://www.gorillawalker.com/funk-disco-horn-section-transcribed-scores.pdf
    • http://www.gorillawalker.com/heart-of-the-flame-dragon-chalice-series-the-dragon-chalice.pdf
    • http://www.gorillawalker.com/personality-guided-therapy-for-posttraumatic-stress-disorder-personality-guided-psychology.pdf
    • http://www.gorillawalker.com/little-miss-overshare-a-parody-little-miss-and-mr-me.pdf
    • http://www.gorillawalker.com/malaysia-mineral-mining-sector-investment-and-business-guide-world-business.pdf
    • http://www.gorillawalker.com/math-common-core-4th-grade.pdf
    • http://www.gorillawalker.com/mcdonnell-douglas-md-80-airline-markings-vol-8.pdf
    • http://www.gorillawalker.com/sticker-style-shop.pdf
    • http://www.gorillawalker.com/jazz-dance-the-story-of-american-vernacular-dance.pdf
    • http://www.gorillawalker.com/the-friendship-riddle.pdf
    • http://www.gorillawalker.com/april-dailies.pdf
    • http://www.gorillawalker.com/practical-ophthalmology-a-manual-for-beginning-residents.pdf
    • http://www.gorillawalker.com/concerto-for-flute-strings-and-basso-continuo-in-g-major.pdf
    • http://www.gorillawalker.com/dear-mom.pdf
    • http://www.gorillawalker.com/syracuse-and-its-surroundings-a-victorian-photo-tour-of-new.pdf
    • http://www.gorillawalker.com/smoking-cessation-pipeline-review-q4-2010-download-pdf-digital.pdf
    • http://www.gorillawalker.com/columbus-and-the-age-of-discovery.pdf
    • http://www.gorillawalker.com/linear-second-order-elliptic-operators.pdf
    • http://www.gorillawalker.com/test-bank-for-essential-biology-and-essential-biology-with-physiology.pdf
    • http://www.gorillawalker.com/batman-dead-white.pdf
    • http://www.gorillawalker.com/aboriginal-tribes-of-india-and-pakistan-the-bhils-kolhis-primary.pdf
    • http://www.gorillawalker.com/progress-in-behavioral-studies-volume-1.pdf
    • http://www.gorillawalker.com/manual-pr-ctico-para-la-realizaci-n-de-planes-de.pdf
    • http://www.gorillawalker.com/when-the-stakes-are-too-high.pdf
    • http://www.gorillawalker.com/sustainable-food-security-in-west-africa.pdf
    • http://www.gorillawalker.com/drumming-at-the-edge-of-magic-a-journey-into-the.pdf
    • http://www.gorillawalker.com/hebrew-in-10-minutes-a-day-with-cd-rom.pdf
    • http://www.gorillawalker.com/ultrametric-calculus-an-introduction-to-p-adic-analysis-cambridge-studies.pdf
    • http://www.gorillawalker.com/saint-paul-daily-missal-burgundy-leatherflex.pdf
    • http://www.gorillawalker.com/quick-easy-menus-more-than-130-low-fat-recipes-weight.pdf
    • http://www.gorillawalker.com/the-fractal-organization-creating-sustainable-organizations-with-the-viable-system.pdf
    • http://www.gorillawalker.com/rain-spell-flute-clarinet-harp-piano-and-vibraphone-playing-score.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.