Malicious PDF — malware analysis report

Static analysis result for SHA-256 56ee2a3e0a07905c…

MALICIOUS

PDF

41.0 KB Created: 2018-11-14 08:36:55 +03:00 Authoring application: Adobe InDesign CS4_J (6.0.5) (via Acrobat Distiller 7.0 (Windows))
MD5: 7691dfebf6bad0e48a53e8e980a4a596 SHA-1: 04c485710fcc33f40cad9ff553e886fb53b2c1ca SHA-256: 56ee2a3e0a07905ca6b5e775b5caad07160d3724c7efba9815c19cbde9f07c1b
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded URLs pointing to external PDF files on the domain 'gorillawalker.com'. This is indicative of a PDF_SEO_LINK_FARM heuristic firing, suggesting the document's primary purpose is to link to a vast collection of other documents. The ML classifier also flagged this PDF as malicious. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8872

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/beethoven-the-moonlight-and-other-sonatas-op-27-and-op.pdf
    • http://www.gorillawalker.com/building-an-online-shopping-cart.pdf
    • http://www.gorillawalker.com/building-family.pdf
    • http://www.gorillawalker.com/the-perspective-of-the-world-civilization-capitalism-15th-18th-century.pdf
    • http://www.gorillawalker.com/metafisica-4-en-1-vol-ii-spanish-edition.pdf
    • http://www.gorillawalker.com/paperback-confidential-crime-writers-of-the-paperback-era.pdf
    • http://www.gorillawalker.com/saturn-apartments-vol-6.pdf
    • http://www.gorillawalker.com/acting-your-inner-music-music-therapy-and-psychodrama.pdf
    • http://www.gorillawalker.com/a-short-history-of-greek-literature.pdf
    • http://www.gorillawalker.com/a-gaggle-of-giggles-and-games-bible-funstuff.pdf
    • http://www.gorillawalker.com/wildwood-s-neon-nights-motel-memories.pdf
    • http://www.gorillawalker.com/blood-and-mistletoe-the-history-of-the-druids-in-britain.pdf
    • http://www.gorillawalker.com/photochemistry-volume-32-specialist-periodical-reports.pdf
    • http://www.gorillawalker.com/11-choral-preludes-op-122-complete-score-1-kindle-edition.pdf
    • http://www.gorillawalker.com/the-drunks-royal-shakespeare-company.pdf
    • http://www.gorillawalker.com/conan-rpg-titos-trading-post-conan-mongoose-publishing.pdf
    • http://www.gorillawalker.com/the-toughest-show-on-earth.pdf
    • http://www.gorillawalker.com/the-36-hour-day-4th-edition-4th-forth-edition-text.pdf
    • http://www.gorillawalker.com/safety-first-technology-labor-and-business-in-the-building-of.pdf
    • http://www.gorillawalker.com/cultural-conundrums-gender-race-nation-and-the-making-of-caribbean.pdf
    • http://www.gorillawalker.com/middle-range-theory-for-nursing-third-edition.pdf
    • http://www.gorillawalker.com/landmark-entertaining-party-traditions-and-favorite-recipes-from-the-junior.pdf
    • http://www.gorillawalker.com/he-s-just-not-that-into-you-the-no-excuses.pdf
    • http://www.gorillawalker.com/the-crisis-in-the-churches-spiritual-malaise-fiscal-woe.pdf
    • http://www.gorillawalker.com/berlitz-greek-phrase-book-dictionary-quick-reference-system.pdf
    • http://www.gorillawalker.com/blood-and-love-the-beginning-blood-and-love-series-book.pdf
    • http://www.gorillawalker.com/the-french-revolution-1787-1804-seminar-studies.pdf
    • http://www.gorillawalker.com/brain-power.pdf
    • http://www.gorillawalker.com/emotional-abuse-the-top-10-methods-of-recognizing-and-breaking.pdf
    • http://www.gorillawalker.com/nightbird-lady-of-shadows-the-coming-of-the-king.pdf
    • http://www.gorillawalker.com/colin-powell-a-man-of-quality.pdf
    • http://www.gorillawalker.com/las-50-grandes-mentiras-de-la-historia-spanish-edition.pdf
    • http://www.gorillawalker.com/the-achievement-gap-opposing-viewpoints.pdf
    • http://www.gorillawalker.com/machine-learning-projects-for-net-developers.pdf
    • http://www.gorillawalker.com/painting-the-island-vermilion-archibald-watson-and-the-brig-carl.pdf
    • http://www.gorillawalker.com/the-great-tantra-of-vajrasattva.pdf
    • http://www.gorillawalker.com/123-coloring-book-st-joseph-coloring-books.pdf
    • http://www.gorillawalker.com/deadly-laws.pdf
    • http://www.gorillawalker.com/understanding-the-development-of-inclusive-schools-studies-in-inclusive-education.pdf
    • http://www.gorillawalker.com/illustrating-nature-how-to-paint-and-draw-plants-and-animals.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.