Malicious PDF — malware analysis report

Static analysis result for SHA-256 33a4293c9df517cf…

MALICIOUS

PDF

39.4 KB Created: 2018-11-23 21:06:45 +03:00 Authoring application: Adobe InDesign CS2 (4.0) (via Adobe PDF Library 7.0)
MD5: 0e5658c424d50199b1478555316fb81f SHA-1: 63d7bfdfd2dee61bdd216f2c13fdfddec08f637e SHA-256: 33a4293c9df517cf2a75a21e4d82d5f119b98d1ea87130f6e6c4d7e3ba5f1952
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF contains a large number of embedded links pointing to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged this PDF as malicious. The primary attack pattern appears to be a link farm designed to drive traffic to a large collection of documents hosted on www.gorillawalker.com.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/you-re-not-getting-better-you-re-getting-older.pdf
    • http://www.gorillawalker.com/amando-a-nuestros-hijos-a-proposito-conectando-de-coraz-n.pdf
    • http://www.gorillawalker.com/fat-talk-what-girls-and-their-parents-say-about-dieting.pdf
    • http://www.gorillawalker.com/legally-bound-volume-1.pdf
    • http://www.gorillawalker.com/stories-that-heal-reparenting-adult-children-of-dysfunctional.pdf
    • http://www.gorillawalker.com/tablado-de-dona-rosita-puertas-al-sol.pdf
    • http://www.gorillawalker.com/a-feast-of-you-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/private-pleasures-pleasures-series-book-1.pdf
    • http://www.gorillawalker.com/man-tiger-a-novel.pdf
    • http://www.gorillawalker.com/photonics-and-electronics-with-germanium.pdf
    • http://www.gorillawalker.com/the-legendary-joe-meek-the-telstar-man.pdf
    • http://www.gorillawalker.com/la-dolce-vita-sweet-dreams-chocolate-memories.pdf
    • http://www.gorillawalker.com/three-rounds-sheet-music.pdf
    • http://www.gorillawalker.com/indexing-specialties-web-sites.pdf
    • http://www.gorillawalker.com/kinetic-theory-in-the-earth-sciences-princeton-legacy-library.pdf
    • http://www.gorillawalker.com/2012-national-practitioner-qualification-examination-clinical-practice-physician-assistant-exam.pdf
    • http://www.gorillawalker.com/everyday-ethics-for-practicing-planners-publisher-apa-planners-press.pdf
    • http://www.gorillawalker.com/don-t-share-your-phone-number-online-internet-dos-don.pdf
    • http://www.gorillawalker.com/understanding-3d-printing.pdf
    • http://www.gorillawalker.com/from-underground-to-independent-alternative-film-culture-in-contemporary-china.pdf
    • http://www.gorillawalker.com/dombroff-on-direct-and-cross-examination-trial-practice-library.pdf
    • http://www.gorillawalker.com/hack-g-u-volume-3.pdf
    • http://www.gorillawalker.com/harrap-italian-paperback-dictionary.pdf
    • http://www.gorillawalker.com/kinn-s-the-administrative-medical-assistant-text-and-study-guide.pdf
    • http://www.gorillawalker.com/thunder-point.pdf
    • http://www.gorillawalker.com/the-legend-of-brink-s.pdf
    • http://www.gorillawalker.com/how-to-master-the-ukcat-600-practice-questions-digital.pdf
    • http://www.gorillawalker.com/french-sociology.pdf
    • http://www.gorillawalker.com/branemark-osseointegrated-implant.pdf
    • http://www.gorillawalker.com/three-point-shot.pdf
    • http://www.gorillawalker.com/a-song-for-lya.pdf
    • http://www.gorillawalker.com/war-and-crisis-in-the-americas-fidel-castro-speeches-1984.pdf
    • http://www.gorillawalker.com/microsystem-dynamics-principles-and-applications-microsystem-and-nanotechnology-series-me20.pdf
    • http://www.gorillawalker.com/farming-technology-technology-in-action.pdf
    • http://www.gorillawalker.com/being-a-state-and-states-of-being-in-highland-georgia.pdf
    • http://www.gorillawalker.com/all-the-way-home-one-woman-s-struggle-to-rescue.pdf
    • http://www.gorillawalker.com/cambridge-english-prepare-level-5-teacher-s-book-with-dvd.pdf
    • http://www.gorillawalker.com/from-third-world-to-first-the-singapore-story-1965-2000.pdf
    • http://www.gorillawalker.com/american-law-and-legal-systems-5th-edition.pdf
    • http://www.gorillawalker.com/everybody-wins-miller-arthur.pdf
    • http://www.gorillawalker.c
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.