Malicious PDF — malware analysis report

Static analysis result for SHA-256 38ab7ebb99ad36b6…

MALICIOUS

PDF

46.3 KB Created: 2018-12-05 11:09:48 +03:00 Authoring application: Adobe InDesign CS4 (6.0.6) (via Mac OS X 10.9.1 Quartz PDFContext)
MD5: c9cdb626d4591f0dd7abdbde305c68bb SHA-1: a248df4e218d8656563f8e389ecb259a28832c6c SHA-256: 38ab7ebb99ad36b6a37763f06bfc2a59e1f2a276539d16ad4b52b13d2f3de9db
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF was flagged by a machine learning classifier and contains a large number of external links to other PDF files hosted on www.gorillawalker.com. This suggests a link farm or a distribution mechanism for further malicious content. No scripts were extracted, and the document body was unreadable, limiting the analysis of the specific lure.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8518

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-complete-diabetes-handbook-companion-cookbook-volume-1-low-carb.pdf
    • http://www.gorillawalker.com/der-eurocode-3-bemessung-und-konstruktion-von-stahlbauten-anschlusse-din.pdf
    • http://www.gorillawalker.com/stalking-the-dragon-a-john-justin-mallory-mystery.pdf
    • http://www.gorillawalker.com/outcasts-united-the-story-of-a-refugee-soccer-team-that.pdf
    • http://www.gorillawalker.com/still-my-grandma.pdf
    • http://www.gorillawalker.com/doing-research-in-business-and-management-an-introduction-to-process.pdf
    • http://www.gorillawalker.com/alpha-tau-omega-the-positive-experience.pdf
    • http://www.gorillawalker.com/treasures-of-the-heart-holiday-stories-that-reveal-the-soul.pdf
    • http://www.gorillawalker.com/shakespeare-s-verse-a-user-s-manual.pdf
    • http://www.gorillawalker.com/pathfinder-adventure-card-game-skull-shackles-adventure-deck-2-raiders.pdf
    • http://www.gorillawalker.com/wheels-science-projects-with-bicycles-skateboards-and-skates-score-sports.pdf
    • http://www.gorillawalker.com/select-materials-from-humanistic-tradition-prehistory-to-the-early-modern.pdf
    • http://www.gorillawalker.com/god-and-mammon-protestants-money-and-the-market-1790-1860.pdf
    • http://www.gorillawalker.com/handbook-of-reagents-for-organic-synthesis-reagents-for-heteroarene-functionalization.pdf
    • http://www.gorillawalker.com/red-dot-design-concept-yearbook-2014-2015.pdf
    • http://www.gorillawalker.com/nba-all-team-2016-calendar.pdf
    • http://www.gorillawalker.com/theory-of-computational-complexity.pdf
    • http://www.gorillawalker.com/old-south-novels-and-tales-boxed-set-kindle-edition.pdf
    • http://www.gorillawalker.com/black-box-testing-techniques-for-functional-testing-of-software-and.pdf
    • http://www.gorillawalker.com/study-guide-for-medical-surgical-nursing-assessment-and-management-of.pdf
    • http://www.gorillawalker.com/the-witness-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/healing-hark-doms-of-chicago-book-8.pdf
    • http://www.gorillawalker.com/riding-the-wind-with-liezi-new-perspectives-on-the-daoist.pdf
    • http://www.gorillawalker.com/easy-gardens-volume-9-water-features-ponds-kindle-edition.pdf
    • http://www.gorillawalker.com/streetwise-for-book-smarts-grassroots-organizing-and-education-reform-in.pdf
    • http://www.gorillawalker.com/refuel-study-guide-james.pdf
    • http://www.gorillawalker.com/there-is-no-such-thing-as-a-blended-family-a.pdf
    • http://www.gorillawalker.com/tatry-dookola-polski-polish-edition.pdf
    • http://www.gorillawalker.com/ontario-back-road-atlas.pdf
    • http://www.gorillawalker.com/planning-and-administering-early-childhood-programs-10th-edition.pdf
    • http://www.gorillawalker.com/perception-and-misperception-in-international-politics-center-for-international-affairs.pdf
    • http://www.gorillawalker.com/trigonometry-the-easy-way-easy-way-series.pdf
    • http://www.gorillawalker.com/evangelisk-luthersk-kirketidende-volume-2-part-2-norwegian-edition.pdf
    • http://www.gorillawalker.com/robert-mapplethorpe-photographs.pdf
    • http://www.gorillawalker.com/the-seven-seas-calendar-2002-the-sailor-s-calendar.pdf
    • http://www.gorillawalker.com/uncommon-sense-for-parents-with-teenagers-third-edition.pdf
    • http://www.gorillawalker.com/beyond-the-business-plan-10-principles-for-new-venture-explorers.pdf
    • http://www.gorillawalker.com/math-in-focus-the-singapore-approach-level-5a-extra-practice.pdf
    • http://www.gorillawalker.com/perfectly-paleo-tasty-vegetarian-dishes-indulgent-paleo-cooking-for-the.pdf
    • http://www.gorillawalker.com/through-self-discovery-to-self-transcendence-a-study-of.pdf
    • http://www.gorillawalker.com/doing-research-in-business-and-management-an-introd
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.