Malicious PDF — malware analysis report

Static analysis result for SHA-256 4ab1b3696c61c569…

MALICIOUS

PDF

45.4 KB Created: 2018-11-15 19:35:36 +03:00 Authoring application: Adobe Acrobat 6.02 (via Adobe Acrobat 6.0)
MD5: 37cd72185f0accc77d8a0925dbc0df1b SHA-1: 5bef44c0376a7a02820df7ba3fab9a24c0966f99 SHA-256: 4ab1b3696c61c569eb35967057cdeed9ade7d4fd122029bfef552d5a9ba274ff
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of external links, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged this PDF as malicious. While no scripts were extracted, the sheer volume of links suggests a malicious intent, possibly for SEO manipulation or to distribute further malware. The primary IOCs are the URLs hosted on www.gorillawalker.com.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8812

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-riverkeeper-s-guide-to-the-chattahoochee.pdf
    • http://www.gorillawalker.com/the-storm-murders-a-thriller.pdf
    • http://www.gorillawalker.com/special-integral-functions-used-in-wireless-communications-theory.pdf
    • http://www.gorillawalker.com/pressure-ulcer-research-etiology-assessment-and-early-intervention-national-pressure.pdf
    • http://www.gorillawalker.com/that-mitchell-webb-sound-radio-series-four-bbc-radio-program.pdf
    • http://www.gorillawalker.com/super-juice-cleanse-3-day-juice-cleanse-for-weight-loss.pdf
    • http://www.gorillawalker.com/getting-started-with-the-internet-of-things-connecting-sensors-and.pdf
    • http://www.gorillawalker.com/mosby-s-guide-to-nursing-diagnosis-1e.pdf
    • http://www.gorillawalker.com/a-family-for-christmas.pdf
    • http://www.gorillawalker.com/costa-rica-a-global-studies-handbook-global-studies-latin-america.pdf
    • http://www.gorillawalker.com/beneath-a-highland-moon-the-highland-moon-series-book-1.pdf
    • http://www.gorillawalker.com/cambridge-primary-science-stage-1-activity-book-cambridge-international-examinations.pdf
    • http://www.gorillawalker.com/co2-storage-in-carboniferous-formations-and-abandoned-coal-mines.pdf
    • http://www.gorillawalker.com/the-literature-of-japanese-education-1945-1954.pdf
    • http://www.gorillawalker.com/los-mejores-chistes-de-curas-y-monjas-r-ete-con.pdf
    • http://www.gorillawalker.com/avodath-hakodesh-sacred-service-vocal-score.pdf
    • http://www.gorillawalker.com/taking-aim-at-the-arms-trade.pdf
    • http://www.gorillawalker.com/six-stages-of-forgiving-others-a-spirit-led-adventure.pdf
    • http://www.gorillawalker.com/grab-bag-6-a-gay-erotica-anthology-volume-6.pdf
    • http://www.gorillawalker.com/costa-rica-a-visit-to.pdf
    • http://www.gorillawalker.com/mathematics-without-numbers-towards-a-modal-structural-interpretation-clarendon-paperbacks.pdf
    • http://www.gorillawalker.com/special-effects-new-histories-theories-contexts.pdf
    • http://www.gorillawalker.com/out-of-the-middle-east-the-emergence-of-an-arab.pdf
    • http://www.gorillawalker.com/sophocles-philoctetes-and-the-great-soul-robbery-wisconsin-studies-in.pdf
    • http://www.gorillawalker.com/design-for-production-manual-volume-3-the-application-of-production.pdf
    • http://www.gorillawalker.com/tappan-s-handbook-of-healing-massage-techniques-classic-holistic-and.pdf
    • http://www.gorillawalker.com/the-essential-chronology-star-wars.pdf
    • http://www.gorillawalker.com/rethinking-alzheimer-s-care.pdf
    • http://www.gorillawalker.com/materials-management-systems-a-modular-library.pdf
    • http://www.gorillawalker.com/nursing-informatics-91-proceedings-of-the-post-conference-on-health.pdf
    • http://www.gorillawalker.com/darkroom-handbook.pdf
    • http://www.gorillawalker.com/the-expedition-to-the-philippines.pdf
    • http://www.gorillawalker.com/betting-strategy-betting-systems-learn-how-to-maximize-your-wins.pdf
    • http://www.gorillawalker.com/the-dawning-place-the-building-of-a-temple.pdf
    • http://www.gorillawalker.com/state-regulation-and-the-politics-of-public-service-the-case.pdf
    • http://www.gorillawalker.com/yes-ma-am-no-sir-the-12-essential-steps-for.pdf
    • http://www.gorillawalker.com/petri-lescaloperii-humanitas-theologica-in-qua-m-t-cicero-de.pdf
    • http://www.gorillawalker.com/perinatal-medicine-v-1-clinical-and-biochemical-aspects.pdf
    • http://www.gorillawalker.com/statistical-analysis-of-behavioural-data-an-approach-based-on-time.pdf
    • http://www.gorillawalker.com/by-adam-fisch-md-neuroanatomy-draw-it-to-know-it.pdf
    • http://www.gorillawalker.com/getting-started-with-t
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.