Malicious PDF — malware analysis report

Static analysis result for SHA-256 4f9bf8918ad9dec4…

MALICIOUS

PDF

40.8 KB Created: 2018-11-23 08:08:05 +03:00 Authoring application: Acrobat PDFMaker 10.0 for Word (via Adobe PDF Library 10.0)
MD5: fe574ae9d5086fee545e80156548d1e9 SHA-1: e2b986df761aa093351c385ff242b7bf6ee73767 SHA-256: 4f9bf8918ad9dec4b77c117809118fadc9b47b50461ea62ed0b1c11527ee033e
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF file contains a large number of embedded links to external PDF documents, a technique often used for SEO manipulation or to distribute malicious content. The ML classifier also flagged this PDF as malicious. The primary attack pattern involves directing users to a link farm hosted on www.gorillawalker.com.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/storm-over-the-land-a-profile-of-the-civil-war.pdf
    • http://www.gorillawalker.com/literacy-work-stations-making-centers-work.pdf
    • http://www.gorillawalker.com/paleo-grilling-recipes-and-paleo-kids-recipes-2-book-combo.pdf
    • http://www.gorillawalker.com/north-neches-river-national-wildlife-refuge-establishment-proposal-environment-assessment.pdf
    • http://www.gorillawalker.com/the-moldova-travel-journal.pdf
    • http://www.gorillawalker.com/surgical-approaches-to-the-facial-skeleton.pdf
    • http://www.gorillawalker.com/yotsuba-vol-7.pdf
    • http://www.gorillawalker.com/atlas-of-clinical-gastroenterology.pdf
    • http://www.gorillawalker.com/frommer-s-prague-by-night.pdf
    • http://www.gorillawalker.com/obama-mccain-election-2008.pdf
    • http://www.gorillawalker.com/mince-pie-for-starters-the-autobiography-of-one-of-racing.pdf
    • http://www.gorillawalker.com/la-persona-mas-importante-sobre-la-tierra-spanish-edition.pdf
    • http://www.gorillawalker.com/las-leyes-de-la-herencia-espiritual-spanish-edition.pdf
    • http://www.gorillawalker.com/continuing-bonds-new-understandings-of-grief-death-education-aging-and.pdf
    • http://www.gorillawalker.com/practical-problems-in-math-for-health-occupations-applied-mathematics.pdf
    • http://www.gorillawalker.com/technics-and-creativity-gemini-g-e-l.pdf
    • http://www.gorillawalker.com/armenia-in-depth-a-peace-corps-publication.pdf
    • http://www.gorillawalker.com/rin-ne-vol-2.pdf
    • http://www.gorillawalker.com/the-joy-of-tax.pdf
    • http://www.gorillawalker.com/saint-bernard-s-three-course-banquet-humility-charity-and-contemplation.pdf
    • http://www.gorillawalker.com/raising-healthy-horses-first-edition-revised.pdf
    • http://www.gorillawalker.com/the-therapist-s-guide-to-psychopharmacology-revised-edition-working-with.pdf
    • http://www.gorillawalker.com/litigation-trial-practice-for-the-legal-assistant-1995-publication.pdf
    • http://www.gorillawalker.com/unsolved-crimes.pdf
    • http://www.gorillawalker.com/colour-full-pain-tattoo-and-piercing.pdf
    • http://www.gorillawalker.com/an-excellent-mystery-cadfael-chronicles.pdf
    • http://www.gorillawalker.com/the-manipulated-mind-brainwashing-conditioning-and-indoctrination.pdf
    • http://www.gorillawalker.com/1001-buildings-you-must-see-before-you-die-the-world.pdf
    • http://www.gorillawalker.com/practical-underbalanced-drilling-and-workover.pdf
    • http://www.gorillawalker.com/pharmacodynamics-and-patient-care.pdf
    • http://www.gorillawalker.com/suzuki-viola-school-cd-vol-6-preucil.pdf
    • http://www.gorillawalker.com/fifty-shades-of-chicken-a-parody-in-a-cookbook.pdf
    • http://www.gorillawalker.com/snake-alarm-petsitters-club.pdf
    • http://www.gorillawalker.com/god-s-leaders-for-tomorrow-s-world.pdf
    • http://www.gorillawalker.com/acts-face-of-the-fire-no-limits-discipleship-series.pdf
    • http://www.gorillawalker.com/traveler-s-tool-kit-how-to-travel-absolutely-anywhere.pdf
    • http://www.gorillawalker.com/design-in-the-high-street.pdf
    • http://www.gorillawalker.com/by-chris-bishop-the-encyclopedia-of-weapons-of-world-war.pdf
    • http://www.gorillawalker.com/how-animals-hide-amicus-readers-our-animal-world-level-1.pdf
    • http://www.gorillawalker.com/das-urteil-und-andere-erzahlungen-franz-kafka.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.