Malicious PDF — malware analysis report

Static analysis result for SHA-256 3d4f0f8a4cdab2e8…

MALICIOUS

PDF

47.1 KB Created: 2018-12-15 20:07:22 +03:00 Authoring application: doPDF Ver 7.2 Build 376 (Windows XP Professional Edition (SP 3) - Version: 5.1.2600 (x86))
MD5: e556145af5a3d46f23e6e5fd8f54acb2 SHA-1: b1a50d3b86d0d2e29f6d93ca5bec21ef874b0cae SHA-256: 3d4f0f8a4cdab2e8a63b7b546a0b1646db47b67d7952f8c881d3637000a650c6
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. This suggests a link farm or content stuffing attack, aiming to drive traffic to a large collection of documents hosted on the gorillawalker.com domain. No scripts were extracted from this sample, and the document body was unreadable.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8518

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/medicare-will-cover-lvrs-for-certain-patient-groups-based-on.pdf
    • http://www.gorillawalker.com/new-visions-anthology.pdf
    • http://www.gorillawalker.com/cake-angels-amazing-gluten-wheat-and-dairy-free-cakes.pdf
    • http://www.gorillawalker.com/the-world-factbook-with-maps-2013-14.pdf
    • http://www.gorillawalker.com/blender-baby-food-over-175-recipes-for-healthy-homemade-meals.pdf
    • http://www.gorillawalker.com/mapping-the-christian-life.pdf
    • http://www.gorillawalker.com/the-tale-of-cuckoo-brow-wood-cottage-tales-of-beatrix.pdf
    • http://www.gorillawalker.com/historical-dictionary-of-paraguay.pdf
    • http://www.gorillawalker.com/history-of-the-7th-independent-battery-indiana-light-artillery.pdf
    • http://www.gorillawalker.com/food-security-and-food-safety-for-the-twenty-first-century.pdf
    • http://www.gorillawalker.com/beyond-the-walls-improving-conditions-of-confinement-for-youth-in.pdf
    • http://www.gorillawalker.com/imagining-culture-new-world-narrative-and-the-writing-of-canada.pdf
    • http://www.gorillawalker.com/teoria-historia-y-restauracion-de-estructuras-fab-spanish-edition.pdf
    • http://www.gorillawalker.com/the-owner-s-manual-for-personality-from-12-to-22.pdf
    • http://www.gorillawalker.com/2003-international-fuel-gascode-softbound.pdf
    • http://www.gorillawalker.com/symbols-signs-and-letters-about-handwriting-experimenting-with-alphabets-and.pdf
    • http://www.gorillawalker.com/the-value-of-debt-how-to-manage-both-sides-of.pdf
    • http://www.gorillawalker.com/learn-hypnosis-hypnotherapy-from-beginner-to-mastery-becoming-a-brief.pdf
    • http://www.gorillawalker.com/when-stories-clash-addressing-conflict-with-narrative-mediation-focus-book.pdf
    • http://www.gorillawalker.com/slitherlink-mixed-grids-large-print-easy-to-hard-volume-5.pdf
    • http://www.gorillawalker.com/women-s-lives-men-s-laws.pdf
    • http://www.gorillawalker.com/future-times-future-tenses-oxford-studies-of-time-in-language.pdf
    • http://www.gorillawalker.com/the-occult-arts-of-music-an-esoteric-survey-from-pythagoras.pdf
    • http://www.gorillawalker.com/abdu-l-baha-in-their-midst.pdf
    • http://www.gorillawalker.com/everything-paleo-all-you-need-to-know-about-paleo-health.pdf
    • http://www.gorillawalker.com/the-rebel-wife-a-novel.pdf
    • http://www.gorillawalker.com/through-a-midnight-s-mist-blaqjaq-and-nickerson-book-3.pdf
    • http://www.gorillawalker.com/journey-of-decision-a-way-of-the-cross-advent-christmas.pdf
    • http://www.gorillawalker.com/weimaraner-calendar-breed-specific-weimaraner-calendar-2015-wall-calendars-dog.pdf
    • http://www.gorillawalker.com/quantitative-analysis-for-management-12th-edition.pdf
    • http://www.gorillawalker.com/elements-of-language-tennessee-tcap-prep-workbook-grade-6.pdf
    • http://www.gorillawalker.com/sopa-de-pollo-para-alma-de-la-mujer-relatos-que.pdf
    • http://www.gorillawalker.com/rymes-of-robyn-hood-an-introduction-to-the-english-outlaw.pdf
    • http://www.gorillawalker.com/business-law-legal-environment-online-commerce-business-ethics-and-international.pdf
    • http://www.gorillawalker.com/the-church-of-dead-girls-a-novel.pdf
    • http://www.gorillawalker.com/hidden-georgia-2-ed-including-atlanta-savannah-jekyll-island-and.pdf
    • http://www.gorillawalker.com/liquid-polymorphism-advances-in-chemical-physics-152-by-stanley-h.pdf
    • http://www.gorillawalker.com/principles-of-pragmatics-longman-linguistics-library.pdf
    • http://www.gorillawalker.com/french-key-words-the-basic-2-000-word-vocabulary-in.pdf
    • http://www.gorillawalker.com/hot-wheels-variations-the-ultimate-guide-kindle-edition.pdf
    • http://www.gorillawalker.com/the-tale-of-cuckoo-brow-wood-cotta
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.