Malicious PDF — malware analysis report

Static analysis result for SHA-256 55319e5a9889f047…

MALICIOUS

PDF

32.6 KB Created: 2019-11-10 05:23:17 +03:00 Authoring application: Adobe InDesign CS4 (6.0.6) (via Mac OS X 10.9.1 Quartz PDFContext)
MD5: 393981825260557fc382c210ef96c1e9 SHA-1: 35dae21251c163fbb41bb11c29df03d04999cad9 SHA-256: 55319e5a9889f0473419d579345ff11ccec040dacb6b629c98aa273186bab3bc
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF was flagged by a critical heuristic for containing a mass external PDF link farm, with 32 links identified. The ML classifier also indicated a high probability of maliciousness. The embedded URLs, predominantly pointing to PDF files on gorillawalker.com, suggest a potential SEO poisoning or content distribution scheme. No scripts were extracted, and the document body was unreadable, limiting further analysis of the specific lure.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8529

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/java-2-the-complete-reference-third-edition.pdf
    • http://www.gorillawalker.com/marine-algae-of-the-monterey-peninsula.pdf
    • http://www.gorillawalker.com/elective-affinities.pdf
    • http://www.gorillawalker.com/mitt-magic.pdf
    • http://www.gorillawalker.com/the-complete-guide-to-building-your-own-greenhouse-everything-you.pdf
    • http://www.gorillawalker.com/mcsweeney-s-quarterly-concern-no-13-an-assorted-sampler-of.pdf
    • http://www.gorillawalker.com/computerized-maintenance-management-systems-made-easy-how-to-evaluate-select.pdf
    • http://www.gorillawalker.com/shirley-mckie-the-price-of-innocence.pdf
    • http://www.gorillawalker.com/the-asthm-action-plan-practical-advice-for-gaining-relief-from.pdf
    • http://www.gorillawalker.com/air-for-saxophone-choir-by-edvard-grieg.pdf
    • http://www.gorillawalker.com/art-in-the-streets.pdf
    • http://www.gorillawalker.com/draw-horses-with-sam-savitt.pdf
    • http://www.gorillawalker.com/barth-s-earlier-theology-scripture-confession-and-church.pdf
    • http://www.gorillawalker.com/the-odds-a-post-apocalyptic-action-comedy-the-deadblast-chronicles.pdf
    • http://www.gorillawalker.com/the-beatles-drum-collection.pdf
    • http://www.gorillawalker.com/my-enemy-my-love.pdf
    • http://www.gorillawalker.com/raw-vegan-nature-s-path-to-bodybuilding-kindle-edition.pdf
    • http://www.gorillawalker.com/the-discovery-bible-new-american-standard-new-testament.pdf
    • http://www.gorillawalker.com/an-english-to-akkadian-companion-to-the-assyrian-dictionaries.pdf
    • http://www.gorillawalker.com/the-customary-law-of-the-rawalpindi-district-punjab-customary-law.pdf
    • http://www.gorillawalker.com/beauty-is-skin-deep.pdf
    • http://www.gorillawalker.com/essential-tools-for-operations-management-tools-models-and-approaches-for.pdf
    • http://www.gorillawalker.com/schizophrenia-albert-benzon-symposium-38-an-integrated-view-alfred-benzon.pdf
    • http://www.gorillawalker.com/the-little-dragon-s-alpha-savior-of-dragons-and-wolves.pdf
    • http://www.gorillawalker.com/computer-chess-compendium.pdf
    • http://www.gorillawalker.com/essentials-of-uwb-the-cambridge-wireless-essentials-series.pdf
    • http://www.gorillawalker.com/butter.pdf
    • http://www.gorillawalker.com/unanswered-questions-in-periodontology-an-issue-of-dental-clinics-of.pdf
    • http://www.gorillawalker.com/david-baker-todd-ratcliff-sthe-50-most-extreme-places-in.pdf
    • http://www.gorillawalker.com/jayson-best-of-the-90s.pdf
    • http://www.gorillawalker.com/shadow-of-the-minotaur-legendeer-trilogy-paperback.pdf
    • http://www.gorillawalker.com/the-house-of-lords.pdf
    • http://www.gorillawalker.com/icc-a117-1-2009-accessible-and-usable-buildings-and-facilities.pdf
    • http://www.gorillawalker.com/abraham-lincoln-complete-works-comprising-his-speeches-state-papers-and.pdf
    • http://www.gorillawalker.com/the-preacher-s-virgin-daughters-collection-2-kindle-edition.pdf
    • http://www.gorillawalker.com/pragmatic-philosophy-of-c-s-peirce.pdf
    • http://www.gorillawalker.com/work-less-live-more-the-way-to-semi-retirement.pdf
    • http://www.gorillawalker.com/dubliners-penguin-classics-deluxe.pdf
    • http://www.gorillawalker.com/graeme-gow-s-complete-guide-to-australian-snakes.pdf
    • http://www.gorillawalker.com/social-structure-and-forms-of-consciousness-volume-1-the-social.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.