Malicious PDF — malware analysis report

Static analysis result for SHA-256 471061c807f26120…

MALICIOUS

PDF

47.8 KB Created: 2018-11-14 23:30:01 +03:00 Authoring application: Acrobat PDFMaker 7.0 for Excel (via Acrobat Distiller 7.0 (Windows))
MD5: 36386c7d66d93836d2fe8ecb3f00e9f1 SHA-1: ffa8b74473ab19eab9954897d75280c7751a1f52 SHA-256: 471061c807f261205f084a3f80768bd5560327cce879220595d7e58453b80b1b
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links to external PDF files, suggesting a link farm or redirection strategy. The ML classifier also flagged this document as malicious. No scripts were extracted from this sample. The primary attack pattern involves directing users to a large collection of documents hosted on www.gorillawalker.com.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8518

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/appalachian-trail-guide-to-new-hampshire-vermont-with-maps-appalachian.pdf
    • http://www.gorillawalker.com/selected-papers-of-chen-ning-yang-ii-with-commentaries.pdf
    • http://www.gorillawalker.com/combat-irritable-bowel-syndrome-hypnosis-relieve-the-stress-of-ibs.pdf
    • http://www.gorillawalker.com/the-enchiridion-the-library-of-liberal-arts-8.pdf
    • http://www.gorillawalker.com/attic-operations.pdf
    • http://www.gorillawalker.com/coasts.pdf
    • http://www.gorillawalker.com/which-would-you-rather-be.pdf
    • http://www.gorillawalker.com/the-history-of-political-parties-in-the-province-of-new.pdf
    • http://www.gorillawalker.com/goethe-im-urtheile-seiner-zeitgenossen-zeitungskritiken-berichte-notizen-goethe-und.pdf
    • http://www.gorillawalker.com/inside-amarc-the-aerospace-maintenance-and-regeneration-center-tucson-arizona.pdf
    • http://www.gorillawalker.com/the-hot-cloth-an-odyssey-into-internet-dating-sex-and.pdf
    • http://www.gorillawalker.com/by-dianne-fallon-pioneer-on-a-mountain-bike-eight-days.pdf
    • http://www.gorillawalker.com/mckeesport-trolleys.pdf
    • http://www.gorillawalker.com/the-military-industrial-complex-and-american-society.pdf
    • http://www.gorillawalker.com/handbook-of-the-birds-of-the-world-vol-10-cuckoo.pdf
    • http://www.gorillawalker.com/newcastle-united-cult-heroes-the-toon-s-greatest-icons.pdf
    • http://www.gorillawalker.com/concrete-designers-manual-tables-and-diagrams-for-the-design-of.pdf
    • http://www.gorillawalker.com/narrative-of-a-two-years-residence-at-nineveh-and-travels.pdf
    • http://www.gorillawalker.com/rape-and-sexual-assault-a-renewed-call-to-action.pdf
    • http://www.gorillawalker.com/a-voice-in-the-wind-mark-of-the-lion-book.pdf
    • http://www.gorillawalker.com/olympic-mountains-trail-guide-national-park-national-forest.pdf
    • http://www.gorillawalker.com/vegan-breakfast-30-plant-based-diet-recipes-to-kickstart-your.pdf
    • http://www.gorillawalker.com/routenneuberechnung-hundert-orientierungsglossen-german-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/andrew-lloyd-webber-classics-mallet-percussion-mallet-percussion-play-along.pdf
    • http://www.gorillawalker.com/the-managed-heart-commercialization-of-human-feeling-twentieth-anniversary-edition.pdf
    • http://www.gorillawalker.com/voices-at-the-world-s-edge-irish-poets-on-skellig.pdf
    • http://www.gorillawalker.com/the-globalization-of-human-rights-united-nations-system-in-the.pdf
    • http://www.gorillawalker.com/grandson-kee-kodansha-bunko-of-berlin-olympic-games-marathon-and.pdf
    • http://www.gorillawalker.com/fantastic-inventions-and-inventors-true-stories-from-ancient-china.pdf
    • http://www.gorillawalker.com/machu-picchu-a-civil-engineering-marvel.pdf
    • http://www.gorillawalker.com/chronic-myelocytic-leukemia-an-entry-from-thomson-gale-s-gale.pdf
    • http://www.gorillawalker.com/curious-george-at-the-fire-station.pdf
    • http://www.gorillawalker.com/the-age-of-oversupply-overcoming-the-greatest-challenge-to-the.pdf
    • http://www.gorillawalker.com/chainbreaker-bike-book-a-rough-guide-to-bicycle-maintenance-diy.pdf
    • http://www.gorillawalker.com/sudden-prey-a-lucas-davenport-novel-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/introduction-to-p-adic-numbers-and-their-functions-cambridge-tracts.pdf
    • http://www.gorillawalker.com/historical-dictionary-of-the-vikings-historical-dictionaries-of-ancient-civilizations.pdf
    • http://www.gorillawalker.com/latest-top-class-super-tasty-salads-top-30-delicious-popular.pdf
    • http://www.gorillawalker.com/wheat-that-springeth-green-new-york-review-books-classics.pdf
    • http://www.gorillawalker.com/implementing-cisco-ip-routing-route-foundation-learning-guide-ccnp-route.pdf
    • http://www.gorillawalker.com/goethe-im-urtheile-seiner-zeitgenossen-zei
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.