Malicious PDF — malware analysis report

Static analysis result for SHA-256 3a45b6710633177e…

MALICIOUS

PDF

46.0 KB Created: 2019-03-17 10:17:28 +03:00 Authoring application: Adobe InDesign CC 2017 (Windows) (via Adobe PDF Library 15.0)
MD5: 211442e809ce7a472fb02db14bdfdfd7 SHA-1: a00ff6602f4eaac64c550c9039e5fe945452816e SHA-256: 3a45b6710633177e1a0a619f890f179ac7d6ee3320ca4240bad4e8adf689bc9e
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1059.001 PowerShell

The PDF file contains a large number of embedded links pointing to external PDF documents on the domain www.gorillawalker.com. This behavior is indicative of a link farm, often used for SEO manipulation or to distribute malicious content. The ML classifier also flagged this PDF as malicious with a high probability. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8634

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/introduction-to-accumark-pattern-design-and-pdm.pdf
    • http://www.gorillawalker.com/field-guide-to-trees-of-southern-africa-an-african-perspective.pdf
    • http://www.gorillawalker.com/white-and-black-volume-1-my-first-experience-with-a.pdf
    • http://www.gorillawalker.com/loving-life-the-morality-of-self-interest-and-the-facts.pdf
    • http://www.gorillawalker.com/the-origins-of-the-urban-crisis-race-and-inequality-in.pdf
    • http://www.gorillawalker.com/westcott-s-plant-disease-handbook.pdf
    • http://www.gorillawalker.com/above-a-common-soldier-frank-and-mary-clarke-in-the.pdf
    • http://www.gorillawalker.com/the-cottager-s-calendar-of-garden-operations-1851-hardcover.pdf
    • http://www.gorillawalker.com/exploring-the-spectrum-of-autism-and-pervasive-developmental-disorders-intervention.pdf
    • http://www.gorillawalker.com/fantasy-and-science-fiction-painting-techniques-encyclopedia-hardcover.pdf
    • http://www.gorillawalker.com/the-innocent-ryan-lock-book-5-kindle-edition.pdf
    • http://www.gorillawalker.com/sobrevives-survive-gran-angular-spanish-edition.pdf
    • http://www.gorillawalker.com/public-history-essays-from-the-field-public-history-series.pdf
    • http://www.gorillawalker.com/the-baffled-parent-s-guide-to-coaching-girls-basketball-baffled.pdf
    • http://www.gorillawalker.com/just-research.pdf
    • http://www.gorillawalker.com/mein-kampf-vol-i-and-vol-ii.pdf
    • http://www.gorillawalker.com/becoming-vegetarian-one-woman-s-experience-kindle-edition.pdf
    • http://www.gorillawalker.com/username-kindle-edition.pdf
    • http://www.gorillawalker.com/christmas-in-legend-and-story.pdf
    • http://www.gorillawalker.com/dragonman-face-of-the-unknown-kindle-edition.pdf
    • http://www.gorillawalker.com/by-betty-crocker-betty-crocker-s-cooking-calendar-facsimile-edition.pdf
    • http://www.gorillawalker.com/surfing-san-onofre-to-point-dume-photographs-by-don-james.pdf
    • http://www.gorillawalker.com/costume-design-in-the-movies-an-illustrated-guide-to-the.pdf
    • http://www.gorillawalker.com/i-kings-the-anchor-yale-bible-commentaries.pdf
    • http://www.gorillawalker.com/how-to-study-in-medical-school-2nd-edition-by-kamyab.pdf
    • http://www.gorillawalker.com/some-anatomies-of-melancholy-penguin-great-ideas.pdf
    • http://www.gorillawalker.com/experimental-methods-of-hypersonics-gasdynamics.pdf
    • http://www.gorillawalker.com/law-of-electronic-commercial-transactions-contemporary-issues-in-the-eu.pdf
    • http://www.gorillawalker.com/historia-y-desventuras-del-desconocido-soldado-schlump-spanish-edition.pdf
    • http://www.gorillawalker.com/dog-behaviour-evolution-and-cognition-oxford-biology.pdf
    • http://www.gorillawalker.com/brain-death.pdf
    • http://www.gorillawalker.com/pdf-hacks-100-industrial-strength-tips-tools-kindle-edition.pdf
    • http://www.gorillawalker.com/encyclopaedia-of-literary-and-typographical-anecdote-being-a-chronological-digest.pdf
    • http://www.gorillawalker.com/legends-of-marithia-war-of-prophecies-complete-trilogy.pdf
    • http://www.gorillawalker.com/the-reluctant-husband-harlequin-comics-kindle-edition.pdf
    • http://www.gorillawalker.com/psoriasis-prevalence-spontaneous-course-genetics-a-census-study-on-the.pdf
    • http://www.gorillawalker.com/encyclopedia-of-television-shows-1925-through-2010-2d-ed.pdf
    • http://www.gorillawalker.com/men-in-motion.pdf
    • http://www.gorillawalker.com/measurement-and-assessment-in-teaching.pdf
    • http://www.gorillawalker.com/bilingual-higher-education-in-the-legal-context-group-rights-state.pdf
    • http://www.gorillawalker.com/the-origins-of-the-urban-crisis-race-and-inequali
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.