Malicious PDF — malware analysis report

Static analysis result for SHA-256 505094b059386fb1…

MALICIOUS

PDF

42.0 KB Created: 2018-12-15 08:34:59 +03:00 Authoring application: Word (via Acrobat PDFMaker 15 for Word)
MD5: ff644bdde44abe98397071882078bcab SHA-1: bde27c91c78cfeaef6f9f03f30a120aa9d58ed40 SHA-256: 505094b059386fb1ce4be5f58f1464737811071fb0eecef3a9da6da12650b8d7
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF file was flagged by a machine learning classifier as malicious. Static analysis revealed a large number of embedded links to external PDF files hosted on 'gorillawalker.com'. This heuristic, combined with the ML classification, strongly suggests a link farm or redirection attack designed to lure users to malicious content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8469

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/all-for-love-new-mermaids.pdf
    • http://www.gorillawalker.com/chemistry-physics-of-carbon-volume-28-chemistry-and-physics-of.pdf
    • http://www.gorillawalker.com/seal-a-seal-romance-the-real-seal.pdf
    • http://www.gorillawalker.com/the-cinema-of-isolation-a-history-of-physical-disability-in.pdf
    • http://www.gorillawalker.com/no-one.pdf
    • http://www.gorillawalker.com/playboy-october-1999.pdf
    • http://www.gorillawalker.com/in-sherman-s-wake-survival-in-northwest-georgia.pdf
    • http://www.gorillawalker.com/elongacion-x-elongacion-spanish-edition.pdf
    • http://www.gorillawalker.com/the-first-crusade-1096-99-conquest-of-the-holy-land.pdf
    • http://www.gorillawalker.com/from-byzantine-to-islamic-egypt-religion-identity-and-politics-after.pdf
    • http://www.gorillawalker.com/the-kid-line.pdf
    • http://www.gorillawalker.com/introduction-to-medical-imaging-informatics.pdf
    • http://www.gorillawalker.com/natural-dance-unibooks.pdf
    • http://www.gorillawalker.com/8051-microcontroller-and-embedded-systems-the.pdf
    • http://www.gorillawalker.com/a-father-s-touch.pdf
    • http://www.gorillawalker.com/the-magellanic-system-iau-s256-stars-gas-and-galaxies-proceedings.pdf
    • http://www.gorillawalker.com/digital-signal-integrity-modeling-and-simulation-with-interconnects-and-packages.pdf
    • http://www.gorillawalker.com/swords-of-the-four-winds-tales-of-swords-and-sorcery.pdf
    • http://www.gorillawalker.com/john-calvin-christian-biographies-for-young-readers.pdf
    • http://www.gorillawalker.com/nature-and-wealth-overcoming-environmental-scarcity-and-inequality.pdf
    • http://www.gorillawalker.com/mathematical-modeling-of-melting-and-freezing-processes.pdf
    • http://www.gorillawalker.com/introduction-to-electrocardiography-1e.pdf
    • http://www.gorillawalker.com/the-best-of-ludovico-einaudi-piano-solo.pdf
    • http://www.gorillawalker.com/jenny-kissed-me.pdf
    • http://www.gorillawalker.com/cycles-in-agricultural-prices-a-digest-of-selected-references.pdf
    • http://www.gorillawalker.com/the-celtic-breeze-stories-of-the-otherworld-from-scotland-ireland.pdf
    • http://www.gorillawalker.com/fire-s-goal-poems-from-the-hindu-year.pdf
    • http://www.gorillawalker.com/sex-drugs-rock-roll.pdf
    • http://www.gorillawalker.com/sharing-shmittah-a-learn-along-song-for-the-whole-family.pdf
    • http://www.gorillawalker.com/the-global-spread-of-arms-political-economy-of-international-security.pdf
    • http://www.gorillawalker.com/gluten-free-diet-a-quick-guide-on-gluten-free-diet.pdf
    • http://www.gorillawalker.com/the-naked-spy.pdf
    • http://www.gorillawalker.com/flowers-of-evil-volume-8.pdf
    • http://www.gorillawalker.com/city-politics-and-planning.pdf
    • http://www.gorillawalker.com/mastering-hebrew-calligraphy.pdf
    • http://www.gorillawalker.com/sheep-all-the-bible-teaches-about-kindle-edition.pdf
    • http://www.gorillawalker.com/the-art-of-creating-ideas-for-little-presents-and-stylish.pdf
    • http://www.gorillawalker.com/virgin-erotica-kristen-s-first-first-time-erotica-first-time.pdf
    • http://www.gorillawalker.com/eva-and-sadie-and-the-worst-haircut-ever.pdf
    • http://www.gorillawalker.com/loving-kate-the-acceptance-series-volume-3.pdf
    • http://www.gorillawalker.com/in-sherman-s-wake-survival-in-northwest
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.