Malicious PDF — malware analysis report

Static analysis result for SHA-256 420ae8f07bef0dfa…

MALICIOUS

PDF

38.9 KB Created: 2018-11-30 20:34:22 +03:00 Authoring application: FrameMaker 9.0 (via Acrobat Distiller 9.4.5 (Windows))
MD5: 85054a79ccb26a3e595362bba12927d7 SHA-1: 60f97544eb3cd41ee1277d16371b32801448dc73 SHA-256: 420ae8f07bef0dfae6e8049aed17f785d4d7b596ecba16114aa662d742fbd276
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML_NYX_PDF_MALICIOUS classifier also flagged the document with high confidence. The primary attack pattern appears to be a link farm designed to manipulate search engine results or to distribute a large volume of content, potentially malicious, from the gorillawalker.com domain.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8702

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/renegades-of-the-empire-how-three-software-warriors-started-a.pdf
    • http://www.gorillawalker.com/rice-flour-the-ultimate-recipe-guide.pdf
    • http://www.gorillawalker.com/in-the-kitchen-with-alain-passard-inside-the-world-and.pdf
    • http://www.gorillawalker.com/reverse-mortgages.pdf
    • http://www.gorillawalker.com/the-summer-the-world-ended.pdf
    • http://www.gorillawalker.com/cooking-with-smitty-s-mom.pdf
    • http://www.gorillawalker.com/superpower-three-choices-for-america-s-role-in-the-world.pdf
    • http://www.gorillawalker.com/la-cocina-sudamericana.pdf
    • http://www.gorillawalker.com/la-poeta-del-piso-de-arriba-the-poet-upstairs-spanish.pdf
    • http://www.gorillawalker.com/where-s-dear-dragon-beginning-to-read-dear-dragon.pdf
    • http://www.gorillawalker.com/under-your-skin-a-novel.pdf
    • http://www.gorillawalker.com/a-treasury-of-christmas-songs-twenty-five-favorites-to-sing.pdf
    • http://www.gorillawalker.com/the-adventure-of-the-martian-cylinder-kindle-edition.pdf
    • http://www.gorillawalker.com/mahler-una-fisiognomica-musical-spanish-edition.pdf
    • http://www.gorillawalker.com/el-caribe-y-miami-en-crucero-thomas-cook-viajeros-spanish.pdf
    • http://www.gorillawalker.com/mcdougal-littell-jurgensen-geometry-study-guide-for-reteaching-practice-geometry.pdf
    • http://www.gorillawalker.com/ask-wendy.pdf
    • http://www.gorillawalker.com/the-atlantic-sound.pdf
    • http://www.gorillawalker.com/back-door-studs.pdf
    • http://www.gorillawalker.com/woodall-s-tenting-directory-2002.pdf
    • http://www.gorillawalker.com/the-art-of-war-in-the-western-world.pdf
    • http://www.gorillawalker.com/amp-siege.pdf
    • http://www.gorillawalker.com/the-power-of-focusing-a-practical-guide-to-emotional-self.pdf
    • http://www.gorillawalker.com/discovery-jazz-favorites-piano.pdf
    • http://www.gorillawalker.com/mark-twain-2008-quote-a-day-calendar.pdf
    • http://www.gorillawalker.com/inside-language.pdf
    • http://www.gorillawalker.com/picture-yourself-learning-corel-paintshop-photo-pro-x3.pdf
    • http://www.gorillawalker.com/holt-physics-datasheets-for-in-text-labs.pdf
    • http://www.gorillawalker.com/red-rebel-urban-legend-kindle-edition.pdf
    • http://www.gorillawalker.com/payments-systems-problems-materials-and-cases-american-casebook.pdf
    • http://www.gorillawalker.com/professor-milks-amy-while-watched-hucow-university-menage-book-2.pdf
    • http://www.gorillawalker.com/starring-arabelle.pdf
    • http://www.gorillawalker.com/green-utopianism-perspectives-politics-and-micro-practices-routledge-studies-in.pdf
    • http://www.gorillawalker.com/sports-and-the-law-text-cases-and-problems-university-casebook.pdf
    • http://www.gorillawalker.com/hart-strings-by-julie-hart-april-15-2013.pdf
    • http://www.gorillawalker.com/beneath-origins-edition.pdf
    • http://www.gorillawalker.com/prolog-the-standard-reference-manual.pdf
    • http://www.gorillawalker.com/internet-made-easy.pdf
    • http://www.gorillawalker.com/graduate-programs-in-the-biological-sciences-2010-more-than-2.pdf
    • http://www.gorillawalker.com/the-war-of-the-dispossessed-honduras-and-el-salvador-1969.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.