Malicious PDF — malware analysis report

Static analysis result for SHA-256 4bc43164975b7544…

MALICIOUS

PDF

44.3 KB Created: 2019-03-18 10:06:08 +03:00 Authoring application: Acrobat Distiller 5.0 (Windows) (via Adobe PDF Library 9.9)
MD5: 3c30cd11913aed91e70155c98e079b29 SHA-1: 2ad4b662c0cd8b780a059dc5dcda7aed0ba18e8f SHA-256: 4bc43164975b754436b9ad37a51ff75b94abd969e9a2adf978760499e463e74d
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious File

The PDF contains a large number of embedded external links, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged this PDF as malicious. While no scripts were extracted, the sheer volume of links suggests a malicious intent, possibly for SEO manipulation or to serve as a distribution point for further malware. The primary IOCs are the numerous URLs hosted on www.gorillawalker.com.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9007

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/athens-ga-city-wall-maps.pdf
    • http://www.gorillawalker.com/teach-yourself-polish-conversation-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/backcountry-skiing-snowboarding-lake-tahoe-by-brandyn-roth-2011-paperback.pdf
    • http://www.gorillawalker.com/calendar-mysteries-4-april-adventure-a-stepping-stone-book-tm.pdf
    • http://www.gorillawalker.com/love-your-life-living-happy-healthy-whole-2010-day-to.pdf
    • http://www.gorillawalker.com/using-quickbooks-accountant-2014-with-cd-rom.pdf
    • http://www.gorillawalker.com/canada-suil-mun-cuairt-scots-gaelic-edition.pdf
    • http://www.gorillawalker.com/dark-paradise-a-history-of-opiate-addiction-in-america.pdf
    • http://www.gorillawalker.com/learn-from-the-legends-chess-champions-at-their-best.pdf
    • http://www.gorillawalker.com/2016-metropolitan-maps-wall-calendar.pdf
    • http://www.gorillawalker.com/the-encyclopedia-of-psychoactive-plants-ethnopharmacology-and-its-applications-kindle.pdf
    • http://www.gorillawalker.com/coatings-tribology-volume-56-second-edition-properties-mechanisms-techniques-and.pdf
    • http://www.gorillawalker.com/theories-of-informetrics-and-scholarly-communication.pdf
    • http://www.gorillawalker.com/sign-here-how-to-understand-any-contract-before-you-sign.pdf
    • http://www.gorillawalker.com/ice-cream-manufacturing-in-australia-industry-risk-rating-report-download.pdf
    • http://www.gorillawalker.com/kids-book-about-tadpoles-to-frogs-real-facts-and-pictures.pdf
    • http://www.gorillawalker.com/no-more-heroes-steroids-cocaine-finance-and-film-in-the.pdf
    • http://www.gorillawalker.com/by-kaplan-inside-the-toeic-exam-second-edition-mass-market.pdf
    • http://www.gorillawalker.com/a-short-introduction-to-the-hebrew-bible.pdf
    • http://www.gorillawalker.com/fodor-s-italian-for-travelers-phrase-book-3rd-edition-fodor.pdf
    • http://www.gorillawalker.com/the-love-chapter-understanding-agape-love-from-1-corinthians-13.pdf
    • http://www.gorillawalker.com/jesus-loves-the-little-children-of-the-world.pdf
    • http://www.gorillawalker.com/witches-westerners-and-hiv-aids-and-cultures-of-blame-in.pdf
    • http://www.gorillawalker.com/the-melancholy-of-mechagirl.pdf
    • http://www.gorillawalker.com/researching-the-nexus-between-statelessness-and-human-trafficking-the-example.pdf
    • http://www.gorillawalker.com/hypertension-a-high-yield-study-guide-for-nursing-assistant-students.pdf
    • http://www.gorillawalker.com/sir-john-beverley-robinson-bone-and-sinew-of-the-compact.pdf
    • http://www.gorillawalker.com/standard-catalog-of-ducati-motorcycles-1946-2005.pdf
    • http://www.gorillawalker.com/general-ultrasound-in-the-critically-ill.pdf
    • http://www.gorillawalker.com/blood-in-our-boots.pdf
    • http://www.gorillawalker.com/lesbian-art-in-america-a-contemporary-history.pdf
    • http://www.gorillawalker.com/sonography-exam-review-physics-abdomen-obstetrics-and-gynecology-pageburst-e.pdf
    • http://www.gorillawalker.com/south-west-france-the-wines-and-winemakers.pdf
    • http://www.gorillawalker.com/fifty-things-i-want-my-son-to-know.pdf
    • http://www.gorillawalker.com/gabriel-dumont.pdf
    • http://www.gorillawalker.com/the-social-fund-law-and-practice.pdf
    • http://www.gorillawalker.com/water-music-and-music-for-the-royal-fireworks-in-full.pdf
    • http://www.gorillawalker.com/osho-meditacion-6-lecciones-de-vida-osho-spanish-edition.pdf
    • http://www.gorillawalker.com/ancient-china-and-the-yue-perceptions-and-identities-on-the.pdf
    • http://www.gorillawalker.com/dobbs-and-bublick-s-cases-and-materials-on-advanced-torts.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.