Malicious PDF — malware analysis report

Static analysis result for SHA-256 55456a8d0e1db526…

MALICIOUS

PDF

42.8 KB Created: 2019-03-16 08:45:26 +03:00 Authoring application: QuarkXPressª 4.11: AdobePS 8.7.3 (301) (via Acrobat Distiller 5.0.5 for Macintosh)
MD5: f2478fe73f33a3342a6575b4507c56b0 SHA-1: 75c3d15ef92ca828cb303d809b4865fb7cac23dd SHA-256: 55456a8d0e1db526579f2405e609c2df8912a8307908d6fc352aa69078d05128
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded external links, identified by the PDF_SEO_LINK_FARM heuristic. The ML_NYX_PDF_MALICIOUS heuristic also flagged the document as malicious. The embedded URLs point to various PDF files hosted on www.gorillawalker.com, suggesting a link farm or redirection strategy. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9027

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/pocket-atlas-of-dental-radiology.pdf
    • http://www.gorillawalker.com/the-oxford-book-of-french-chansons.pdf
    • http://www.gorillawalker.com/saving-our-environment-from-washington-how-congress-grabs-power-shirks.pdf
    • http://www.gorillawalker.com/eight-modern-plays-norton-critical-editions.pdf
    • http://www.gorillawalker.com/pray-in-faith-member-book-growing-disciples.pdf
    • http://www.gorillawalker.com/piggy-monk-square.pdf
    • http://www.gorillawalker.com/the-greatest-bleeding-hearts-racket-in-the-world-irish-hospitals.pdf
    • http://www.gorillawalker.com/mma-strength-conditioning-guide-to-building-a-fighter-kindle-edition.pdf
    • http://www.gorillawalker.com/recollections-of-four-years-in-venezuela.pdf
    • http://www.gorillawalker.com/celebrate-the-season-vol-3-new-age-piano-stylings-of.pdf
    • http://www.gorillawalker.com/the-one-percenter-code-how-to-be-an-outlaw-in.pdf
    • http://www.gorillawalker.com/mixed-martial-arts-for-dummies.pdf
    • http://www.gorillawalker.com/caillou-what-s-that-funny-noise.pdf
    • http://www.gorillawalker.com/the-wit-wisdom-of-winston-churchill-a-treasury-of-more.pdf
    • http://www.gorillawalker.com/evolution-history-of-issues.pdf
    • http://www.gorillawalker.com/15-ways-to-fire-up-your-brainpower-kindle-edition.pdf
    • http://www.gorillawalker.com/corporate-softskills.pdf
    • http://www.gorillawalker.com/permanent-magnets-in-theory-and-practice.pdf
    • http://www.gorillawalker.com/introduccion-a-la-psiquiatria-introduction-to-psychiatry-spanish-edition.pdf
    • http://www.gorillawalker.com/wicked-fairy-tales-erotic-fantasy-anthology.pdf
    • http://www.gorillawalker.com/15-mega-tips-to-triple-your-profit-kindle-edition.pdf
    • http://www.gorillawalker.com/velvet-steel-a-practical-guide-for-christian-fathers-and-grandfathers.pdf
    • http://www.gorillawalker.com/journal-bearing-databook.pdf
    • http://www.gorillawalker.com/africana-the-encyclopedia-of-the-african-and-african-american-experience.pdf
    • http://www.gorillawalker.com/how-to-restore-and-modify-your-porsche-914-and-914.pdf
    • http://www.gorillawalker.com/travels-with-thai-food.pdf
    • http://www.gorillawalker.com/the-pheasant-cap-master-and-the-end-of-history-linking.pdf
    • http://www.gorillawalker.com/birth-of-an-adhd-child.pdf
    • http://www.gorillawalker.com/selecting-materials-for-library-collections.pdf
    • http://www.gorillawalker.com/north-cyprus-bradt-travel-guides-by-darke-diana-7th-seventh.pdf
    • http://www.gorillawalker.com/please-try-to-remember-the-first-of-octember-beginner-books.pdf
    • http://www.gorillawalker.com/curse-of-the-necronomicon-the-myth-hunter-book-3-kindle.pdf
    • http://www.gorillawalker.com/unmanned-air-systems-uav-design-development-and-deployment.pdf
    • http://www.gorillawalker.com/the-procurement-value-proposition-the-rise-of-supply-management.pdf
    • http://www.gorillawalker.com/storms-over-luxembourg-kindle-edition.pdf
    • http://www.gorillawalker.com/pope-visits-azerbaijan-and-bulgaria-news-in-brief-brief-article.pdf
    • http://www.gorillawalker.com/plurithematic-issue-scientific-and-technical-review-31-3.pdf
    • http://www.gorillawalker.com/potsdam-station-a-john-russell-wwii-thriller-a-john-russell.pdf
    • http://www.gorillawalker.com/small-animal-dermatology-self-assessment-picture-tests-in-veterinary-medicine.pdf
    • http://www.gorillawalker.com/rv-living-travel-the-rving-lifestyle-guide-to-full-time.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.