Malicious PDF — malware analysis report

Static analysis result for SHA-256 39a0748b315d40c6…

MALICIOUS

PDF

43.3 KB Created: 2018-12-15 08:16:34 +03:00 Authoring application: Adobe Acrobat 7.0 (via Adobe Acrobat 7.0 Image Conversion Plug-in)
MD5: 88371c2270a7b0b13aeb4c21c6332237 SHA-1: 8275df304d9915bea9d2db6fee26a98802510d87 SHA-256: 39a0748b315d40c6d3baae1b2cafed1de5620fab67daa1805b81baba5a4f80b2
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF was flagged by a critical heuristic for containing a large link farm of external PDFs. The ML classifier also strongly indicated maliciousness. The document body contains numerous embedded URLs pointing to various PDF files on the domain www.gorillawalker.com, suggesting a social engineering tactic to direct users to potentially malicious content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9171

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/mis-quehaceres-my-chores-somos-latinos-we-are-latinos-spanish.pdf
    • http://www.gorillawalker.com/zizek-s-ontology-a-transcendental-materialist-theory-of-subjectivity-northwestern.pdf
    • http://www.gorillawalker.com/we-are-united-methodists-revised.pdf
    • http://www.gorillawalker.com/growing-deep-in-the-christian-life-essential-truths-for-becoming.pdf
    • http://www.gorillawalker.com/ayurvedic-cooking.pdf
    • http://www.gorillawalker.com/gregory-s-sydney-street-directory.pdf
    • http://www.gorillawalker.com/histological-and-histopathological-evaluation-of-the-testis.pdf
    • http://www.gorillawalker.com/the-anti-baby-sitter-plot.pdf
    • http://www.gorillawalker.com/molecular-gastronomy-exploring-the-science-of-flavor-arts-and-traditions.pdf
    • http://www.gorillawalker.com/digital-writing-research-technologies-methodologies-and-ethical-issues-new-dimensions.pdf
    • http://www.gorillawalker.com/the-prostate-health-diet-what-to-eat-to-prevent-and.pdf
    • http://www.gorillawalker.com/notes-from-a-minor-key-a-metaphysical-memoir-of-healing.pdf
    • http://www.gorillawalker.com/travels-in-georgian-devon-v-1-the-illustrated-journeys-of.pdf
    • http://www.gorillawalker.com/the-art-of-french-piano-music-debussy-ravel-faure-chabrier.pdf
    • http://www.gorillawalker.com/10-day-green-smoothie-cleanse-50-new-sleep-helper-recipes.pdf
    • http://www.gorillawalker.com/matthew-ritchie-the-morning-line.pdf
    • http://www.gorillawalker.com/neuromancer.pdf
    • http://www.gorillawalker.com/strategic-planning-for-not-for-profit-organizations-haworth-marketing-resources.pdf
    • http://www.gorillawalker.com/mucha-2016-calendar-glitter-cover.pdf
    • http://www.gorillawalker.com/the-five-rules-for-successful-stock-investing-morningstar-s-guide.pdf
    • http://www.gorillawalker.com/love-is-the-higher-law.pdf
    • http://www.gorillawalker.com/sonata-in-g-minor-bwv-1020-ue17774-for-alto-saxophone.pdf
    • http://www.gorillawalker.com/theory-of-viscoelasticity-second-edition-dover-civil-and-mechanical-engineering.pdf
    • http://www.gorillawalker.com/structure-and-bonding-in-condensed-matter.pdf
    • http://www.gorillawalker.com/the-midwestern-native-garden-native-alternatives-to-nonnative-flowers-and.pdf
    • http://www.gorillawalker.com/understanding-bipolar-disorder-a-developmental-psychopathology-perspective.pdf
    • http://www.gorillawalker.com/community-operational-research-or-and-systems-thinking-for-community-development.pdf
    • http://www.gorillawalker.com/economic-thought-before-adam-smith-large-print-edition-an-austrian.pdf
    • http://www.gorillawalker.com/colour-etching-printmaking-handbooks.pdf
    • http://www.gorillawalker.com/loring-rounds-a-trustees-handbook-2013-edition.pdf
    • http://www.gorillawalker.com/small-animal-soft-tissue-surgery-self-assessment-color-review-veterinary.pdf
    • http://www.gorillawalker.com/the-wolf-ticket-a-novel.pdf
    • http://www.gorillawalker.com/garfield-hangs-out-garfield-numbered-paperback.pdf
    • http://www.gorillawalker.com/escritos-sobre-homeopat-a-spanish-edition.pdf
    • http://www.gorillawalker.com/the-breakthrough-human-rights-in-the-1970s-pennsylvania-studies-in.pdf
    • http://www.gorillawalker.com/yes-sir.pdf
    • http://www.gorillawalker.com/the-individual-investor-s-guide-to-low-load-mutual-funds.pdf
    • http://www.gorillawalker.com/bringing-up-b-b-one-american-mother-discovers-the-wisdom.pdf
    • http://www.gorillawalker.com/the-30-second-golf-swing-how-to-train-your-brain.pdf
    • http://www.gorillawalker.com/nigger.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.