Malicious PDF — malware analysis report

Static analysis result for SHA-256 5708de1c05a3e903…

MALICIOUS

PDF

44.7 KB Created: 2018-12-11 20:44:34 +03:00 Authoring application: Adobe InDesign CS6 (Macintosh) (via Adobe PDF Library 10.0.1)
MD5: 462ec4aa676947d3d7706851e9b79c62 SHA-1: 24bbee56cbe55390cb24da4ded759d34ca336df3 SHA-256: 5708de1c05a3e9032e81038e928f325476862055a48745e15f944f0eaf3a4505
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF was flagged by a machine learning classifier and contains a large number of external links, indicating a link farm. The primary heuristic identified a "PDF_SEO_LINK_FARM" with 32 external PDF links, suggesting the document's purpose is to drive traffic to these external resources. The embedded URLs are all hosted on the same domain, `gorillawalker.com`, and appear to be book titles, likely used to manipulate search engine results or to distribute further malicious content disguised as legitimate documents.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8634

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/schonberg-and-kandinsky-an-historic-encounter-contemporary-music-studies-kindle.pdf
    • http://www.gorillawalker.com/la-auto-uroterapia-metodo-natural-para-el-tratamiento-de-alergia.pdf
    • http://www.gorillawalker.com/literature-and-evil.pdf
    • http://www.gorillawalker.com/the-thresl-chronicles-volume-one.pdf
    • http://www.gorillawalker.com/the-beauty-of-nelson.pdf
    • http://www.gorillawalker.com/responsibility-and-the-moral-sentiments.pdf
    • http://www.gorillawalker.com/spring-walk.pdf
    • http://www.gorillawalker.com/a-little-love-in-big-manhattan-two-yiddish-poets.pdf
    • http://www.gorillawalker.com/8-steps-to-a-pain-free-back-natural-posture-solutions.pdf
    • http://www.gorillawalker.com/the-mad-scientist-s-guide-to-world-domination-original-short.pdf
    • http://www.gorillawalker.com/understanding-growth-hormone-new-discoveries-to-help-very-short-children.pdf
    • http://www.gorillawalker.com/les-fleurs-de-l-interdit-french-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/tokyo-a-cultural-and-literary-history.pdf
    • http://www.gorillawalker.com/the-michigan-meap-coach-preparation-for-the-grade-7-reading.pdf
    • http://www.gorillawalker.com/the-other-emptiness.pdf
    • http://www.gorillawalker.com/theodore-roosevelts-america.pdf
    • http://www.gorillawalker.com/condemnation-r-a-salvatore-presents-the-war-of-the-spider.pdf
    • http://www.gorillawalker.com/professionalizing-practice-a-critical-look-at-recent-practice-in-museum.pdf
    • http://www.gorillawalker.com/advances-in-communication-research-to-reduce-childhood-obesity.pdf
    • http://www.gorillawalker.com/measuring-up-to-the-new-york-state-learning-standards-mathematics.pdf
    • http://www.gorillawalker.com/birdie-mcfly-heart-of-the-hunter-book-12-kindle-edition.pdf
    • http://www.gorillawalker.com/krishna-and-the-mystery-of-the-stolen-calves-a-mandala.pdf
    • http://www.gorillawalker.com/proclus-commentary-on-plato-s-timaeus-volume-5-book-4.pdf
    • http://www.gorillawalker.com/death-note-vol-13-how-to-read.pdf
    • http://www.gorillawalker.com/measuring-weight-and-time-math-for-fun.pdf
    • http://www.gorillawalker.com/department-of-the-army-pamphlet-da-pam-738-751-logistics.pdf
    • http://www.gorillawalker.com/clinical-pharmacology-update-the-veterinary-clinics-of-north-america-food.pdf
    • http://www.gorillawalker.com/couture-in-the-21st-century-in-the-words-of-30.pdf
    • http://www.gorillawalker.com/by-night-in-chile.pdf
    • http://www.gorillawalker.com/the-risk-wise-investor-how-to-better-understand-and-manage.pdf
    • http://www.gorillawalker.com/heaven-s-little-helpers.pdf
    • http://www.gorillawalker.com/berries-growing-cooking-the-english-kitchen.pdf
    • http://www.gorillawalker.com/how-to-fix-copyright.pdf
    • http://www.gorillawalker.com/down-body-fat-friend-living-series-of-housewife-in-rhythmic.pdf
    • http://www.gorillawalker.com/the-formalisms-of-quantum-mechanics-an-introduction-lecture-notes-in.pdf
    • http://www.gorillawalker.com/the-sublime-life-of-monasticism.pdf
    • http://www.gorillawalker.com/five-minute-phobia-cure-dr-callahan-s-treatment-for-fears.pdf
    • http://www.gorillawalker.com/with-these-four-rings-book-five-wedding-bonus-billionaire-brides.pdf
    • http://www.gorillawalker.com/the-honolulu-pact.pdf
    • http://www.gorillawalker.com/analysis-of-sedimentary-successions.pdf
    • http://www.gorillawalker.com/a-little-love-in-big-manh
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.