Malicious PDF — malware analysis report

Static analysis result for SHA-256 47a48b94419f8c11…

MALICIOUS

PDF

41.1 KB Created: 2019-04-30 15:58:19 +03:00 Authoring application: - (via Haru Free PDF Library 2.1.0)
MD5: b73f40fb6e52d5b316a52b99216701e1 SHA-1: f6755cbadedb1ec0f5a52e87510cd45486144598 SHA-256: 47a48b94419f8c11df9b2de7f4451e1fe60f766d1b9714494eb8a8c67cae77a4
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged this PDF as malicious. The primary attack pattern appears to be a link farm designed to direct users to numerous other documents hosted on 'gorillawalker.com'. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8872

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/jonas-and-kovner-s-health-care-delivery-in-the-united.pdf
    • http://www.gorillawalker.com/elementary-algebra-with-student-cd-rom-windows-mandatory-package.pdf
    • http://www.gorillawalker.com/slipknot-play-your-favourite-artists-tracks-guitar-recorded-versions.pdf
    • http://www.gorillawalker.com/keyshia-and-clyde-a-novel.pdf
    • http://www.gorillawalker.com/contes-populaires-italiens-tome-4-les-les.pdf
    • http://www.gorillawalker.com/aliyah-the-exodus-continues.pdf
    • http://www.gorillawalker.com/sue-bird-be-yourself-basketball-positively-for-kids-baseball-positively.pdf
    • http://www.gorillawalker.com/iran-export-import-and-business-directory-world-business-law-handbook.pdf
    • http://www.gorillawalker.com/the-multiethnic-placement-act-minorities-in-foster-care-and-adoption.pdf
    • http://www.gorillawalker.com/the-chesapeake-bay-crater-geology-and-geophysics-of-a-late.pdf
    • http://www.gorillawalker.com/wolf-s-head-the-forest-lord.pdf
    • http://www.gorillawalker.com/subtraction-made-easy-making-math-easy.pdf
    • http://www.gorillawalker.com/controlling-anger-the-anthropology-of-gisu-violence-eastern-african-studies.pdf
    • http://www.gorillawalker.com/talk-now-tibetan.pdf
    • http://www.gorillawalker.com/captive-the-blackcoat-rebellion.pdf
    • http://www.gorillawalker.com/cinema-wars-hollywood-film-and-politics-in-the-bush-cheney.pdf
    • http://www.gorillawalker.com/castorshade-castoria-series-book-2-kindle-edition.pdf
    • http://www.gorillawalker.com/soft-targets-a-jonathan-grave-novella-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/the-race-to-the-moon-an-interactive-history-adventure-you.pdf
    • http://www.gorillawalker.com/best-of-cuffs-collars-real-conservation-officer-field-reports-minnesota.pdf
    • http://www.gorillawalker.com/the-innkeeper-s-wife-bible-women-book-2-kindle-edition.pdf
    • http://www.gorillawalker.com/backgammon-the-cruelest-game.pdf
    • http://www.gorillawalker.com/momentos-mick-s-journey.pdf
    • http://www.gorillawalker.com/microsoft-visual-c-cli-step-by-step-step-by-step.pdf
    • http://www.gorillawalker.com/physical-change-and-aging-a-guide-for-the-helping-professions.pdf
    • http://www.gorillawalker.com/the-limbourg-brothers-reflections-on-the-origins-and-the-legacy.pdf
    • http://www.gorillawalker.com/approaches-in-integrative-bioinformatics-towards-the-virtual-cell.pdf
    • http://www.gorillawalker.com/the-13-colonies-a-new-life-in-a-new-world.pdf
    • http://www.gorillawalker.com/wavelength-filters-in-fibre-optics-springer-series-in-optical-sciences.pdf
    • http://www.gorillawalker.com/the-greek-new-testament-ubs4-with-nrsv-niv.pdf
    • http://www.gorillawalker.com/intimate-moments-with-the-savior-learning-to-love.pdf
    • http://www.gorillawalker.com/the-complete-illustrated-book-to-herbs-growing-health-and-beauty.pdf
    • http://www.gorillawalker.com/pro-design-patterns-in-swift.pdf
    • http://www.gorillawalker.com/math-on-the-playground-welcome-books-math-in-my-world.pdf
    • http://www.gorillawalker.com/gases-liquids-and-solids-cambridge-advanced-sciences.pdf
    • http://www.gorillawalker.com/the-mountain-biker-s-training-bible.pdf
    • http://www.gorillawalker.com/american-muscle-cars-calendar-2003.pdf
    • http://www.gorillawalker.com/all-good-things-abby-jones-series-book-3-kindle-edition.pdf
    • http://www.gorillawalker.com/beyond-ugly.pdf
    • http://www.gorillawalker.com/disney-how-to-draw.pdf
    • http://www.gorillawalker.com/iran-export-import-and-business-directory-wor
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.