Malicious PDF — malware analysis report

Static analysis result for SHA-256 35dbfb7991561d05…

MALICIOUS

PDF

45.1 KB Created: 2018-12-03 17:09:21 +03:00 Authoring application: pdfFactory Pro www.pdffactory.com (via pdfFactory Pro 4.05 (Windows 7 Home Basic x86 Russian))
MD5: a60687bdea930ccb6bda7ac2da787d41 SHA-1: 900ea34915a298c56076c6d1081fb130034bb76b SHA-256: 35dbfb7991561d059ff6482c9f06e88870c9cc87eea8bff79f8021b3469325cf
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded URLs pointing to external PDF files on the domain www.gorillawalker.com. This is indicative of a link farm or SEO manipulation tactic. The ML classifier also flagged this PDF as malicious. No scripts were extracted from this sample, and the document body was heavily obfuscated, preventing a deeper analysis of its specific intent beyond link distribution.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8634

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/niv.pdf
    • http://www.gorillawalker.com/challenges-to-the-power-of-zeus-in-early-greek-poetry.pdf
    • http://www.gorillawalker.com/using-microprocessors-and-microcomputers-the-motorola-family-4th-edition.pdf
    • http://www.gorillawalker.com/discourse-concepts-in-the-social-sciences.pdf
    • http://www.gorillawalker.com/cool-as-a-cucumber-and-other-expressions-about-food-it.pdf
    • http://www.gorillawalker.com/rising-to-the-challenge-china-146-s-grand-strategy-and.pdf
    • http://www.gorillawalker.com/saving-our-soil-solutions-for-sustaining-earth-s-vital-resource.pdf
    • http://www.gorillawalker.com/no-man-knows-my-history-the-life-of-joseph-smith.pdf
    • http://www.gorillawalker.com/goddess-of-fire-the-vampire-inheritance-saga-book-2-kindle.pdf
    • http://www.gorillawalker.com/the-gentleman-s-guide-to-life-what-every-guy-should.pdf
    • http://www.gorillawalker.com/thermal-oxidation-stability-of-aviation-turbine-fluids-monograph-amer-society.pdf
    • http://www.gorillawalker.com/brahms-liebeslieder-walzer-op-52-schubert-the-shepherd-on-the.pdf
    • http://www.gorillawalker.com/olivia-cuenta-olivia-counts.pdf
    • http://www.gorillawalker.com/mary-s-message-of-divine-love-the-golden-word-of.pdf
    • http://www.gorillawalker.com/mini-sudoku-for-kids-6x6-easy-to-hard-volume-1.pdf
    • http://www.gorillawalker.com/bariloche-my-home.pdf
    • http://www.gorillawalker.com/a-marmac-guide-to-san-antonio.pdf
    • http://www.gorillawalker.com/informed-consumer-s-pharmacy-the-essential-guide-to-prescription-and.pdf
    • http://www.gorillawalker.com/my-least-favorite-team-is-my-favorite-team.pdf
    • http://www.gorillawalker.com/hal-leonard-beatles-hits-guitar-signature-licks-book-with-cd.pdf
    • http://www.gorillawalker.com/preaching-communicating-faith-in-an-age-of-skepticism-unabridged-audible.pdf
    • http://www.gorillawalker.com/occupy-three-inquiries-in-disobedience-trios.pdf
    • http://www.gorillawalker.com/yacht-interiors-design-book.pdf
    • http://www.gorillawalker.com/the-films-of-michelangelo-antonioni-cambridge-film-classics.pdf
    • http://www.gorillawalker.com/yo-y-una-lujuriosa-negra-vieja-spanish-edition.pdf
    • http://www.gorillawalker.com/the-christmas-carol-sampler.pdf
    • http://www.gorillawalker.com/when-the-enemy-strikes-the-keys-to-winning-your-spiritual.pdf
    • http://www.gorillawalker.com/ac-dc-shock-to-the-system.pdf
    • http://www.gorillawalker.com/green-smoothie-recipes-delicious-green-smoothies-for-weight-loss-more.pdf
    • http://www.gorillawalker.com/dido-and-aeneas-opera-study-score-edition-eulenburg.pdf
    • http://www.gorillawalker.com/la-magia-de-la-sal-y-el-limon.pdf
    • http://www.gorillawalker.com/the-master-of-disguise-my-secret-life-in-the-cia.pdf
    • http://www.gorillawalker.com/heinemann-humanities-2-workbook-pack-a-narrative-approach.pdf
    • http://www.gorillawalker.com/christmas-with-southern-living-2015-the-ultimate-guide-to-holiday.pdf
    • http://www.gorillawalker.com/conferences-and-conventions-3rd-edition-a-global-industry-events-management.pdf
    • http://www.gorillawalker.com/fifty-famous-classical-themes-for-violin-easy-and-intermediate-solos.pdf
    • http://www.gorillawalker.com/framed-by-gender-how-gender-inequality-persists-in-the-modern.pdf
    • http://www.gorillawalker.com/indian-americans-one-nation.pdf
    • http://www.gorillawalker.com/moon-gal-pagos-islands-moon-handbooks.pdf
    • http://www.gorillawalker.com/saxon-math-8-7-with-prealgebra-kit-text-test-worksheets.pdf
    • http://www.gorillawalker.com/rising-to-the-chal
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.