Malicious PDF — malware analysis report

Static analysis result for SHA-256 51db7842cadb557e…

MALICIOUS

PDF

43.9 KB Created: 2018-12-15 08:33:51 +03:00 Authoring application: Adobe PageMaker 6.5 (via Acrobat Distiller 3.0 for Windows)
MD5: 0b472f9da1b7ce46f76ce10562993280 SHA-1: 1c781a0be9f58c85d1c72af156b3085bc5533459 SHA-256: 51db7842cadb557efe684cb472642776197489c4ebe6f7a0827fd08083c47ea3
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of external links, identified by the PDF_SEO_LINK_FARM heuristic. These links point to various PDF files hosted on the domain www.gorillawalker.com. The ML classifier also flagged this PDF as malicious. The primary attack pattern appears to be a link farm designed to manipulate search engine results or distribute numerous linked documents.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9171

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/cancer-cause-and-cure-how-mycotoxins-cause-cancer-and-lower.pdf
    • http://www.gorillawalker.com/mayo-clinic-guide-alzheimer-s-disease-by-mayo-clinic-2009.pdf
    • http://www.gorillawalker.com/the-messenger-the-golden-orb-winterheim-dragonlance-icewall-trilogy.pdf
    • http://www.gorillawalker.com/the-final-cut-all-star-sports-story.pdf
    • http://www.gorillawalker.com/plantas-medicina-y-poder-breve-historia-de-la-herbolaria-mexicana.pdf
    • http://www.gorillawalker.com/meet-the-panda-at-the-zoo.pdf
    • http://www.gorillawalker.com/prelude-fugue-for-oboe-bb-clarinet-and-bassoon.pdf
    • http://www.gorillawalker.com/the-quiet-season-remembering-country-winters.pdf
    • http://www.gorillawalker.com/collins-student-atlas.pdf
    • http://www.gorillawalker.com/the-blackjack-zone-lessons-in-winning-at-blackjack-and-life.pdf
    • http://www.gorillawalker.com/salt-palestinian-serbia-travelogue-of-seeing-2005-isbn-4861820499-japanese.pdf
    • http://www.gorillawalker.com/comm-with-access-bind-in-card.pdf
    • http://www.gorillawalker.com/planet-strike-extinction-wars.pdf
    • http://www.gorillawalker.com/best-management-practices-for-agricultural-pesticides-to-protect-water-resources.pdf
    • http://www.gorillawalker.com/arabian-winds-egypt-trilogy-1.pdf
    • http://www.gorillawalker.com/cartographies-of-disease-maps-mapping-and-medicine.pdf
    • http://www.gorillawalker.com/black-letter-outline-on-wills-trusts-and-future-interests.pdf
    • http://www.gorillawalker.com/crystals-and-gemstones-healing-the-body-naturally-chakra-healing-crystal.pdf
    • http://www.gorillawalker.com/eqbal-ahmad-confronting-empire.pdf
    • http://www.gorillawalker.com/neon-genesis-evangelion-the-shinji-ikari-raising-project-vol-10.pdf
    • http://www.gorillawalker.com/music-manuscript-notebook-large-stave-music-manuscript-paper.pdf
    • http://www.gorillawalker.com/within-me-without-me-adoption-an-open-and-shut-case.pdf
    • http://www.gorillawalker.com/sudden-fiction-international-60-short-stories.pdf
    • http://www.gorillawalker.com/a-little-history-of-the-world.pdf
    • http://www.gorillawalker.com/cell-mates-3-damien-and-kevin.pdf
    • http://www.gorillawalker.com/gelatine-handbook-theory-and-industrial-practice.pdf
    • http://www.gorillawalker.com/peace-regime-building-on-the-korean-peninsula-and-northeast-asian.pdf
    • http://www.gorillawalker.com/medicinal-plants-of-the-world-volume-3-chemical-constituents-traditional.pdf
    • http://www.gorillawalker.com/wiccan-spells-for-beginners-improve-your-wealth-relationships-health-and.pdf
    • http://www.gorillawalker.com/immoral-tales-european-sex-horror-movies-1956-1984.pdf
    • http://www.gorillawalker.com/minton-goes-driving-minton-series.pdf
    • http://www.gorillawalker.com/don-t-blame-the-devil-thorndike-african-american.pdf
    • http://www.gorillawalker.com/the-albrecht-papers-enter-without-knocking.pdf
    • http://www.gorillawalker.com/the-garden-of-the-soul-cultivating-your-spiritual-life.pdf
    • http://www.gorillawalker.com/life-lessons-for-the-teenage-girl-quotes-inspiration-and-advice.pdf
    • http://www.gorillawalker.com/i-see-you-the-shifting-paradigms-of-james-cameron-s.pdf
    • http://www.gorillawalker.com/quechua-grammar-for-germans-quechua-wort-fuer-wort.pdf
    • http://www.gorillawalker.com/fun-with-composers-just-for-kids-ages-7-12.pdf
    • http://www.gorillawalker.com/where-is-my-hat-with-sticker-s-now-i-m.pdf
    • http://www.gorillawalker.com/crystal-reports9-for-dummies.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.