Malicious PDF — malware analysis report

Static analysis result for SHA-256 58581da229ae009a…

MALICIOUS

PDF

33.3 KB Created: 2019-09-18 22:00:54 +03:00 Authoring application: C2 v4.2.0220 build 670 - c2_rendition_config : Techlit_Active (via Acrobat Distiller 10.0.0 (Windows); modified using iText 2.1.7 by 1T3XT)
MD5: 9423e6b3f766a96874574f1e0f2c471c SHA-1: 0c7711f15567662b2abe0fa338e27b59c83d667e SHA-256: 58581da229ae009a53883518fc41c4ef7cea862a96b711cdcad9b1de5515fa9a
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded external links, identified by the PDF_SEO_LINK_FARM heuristic. These links point to various book titles hosted on gorillawalker.com. The ML_NYX_PDF_MALICIOUS heuristic also flagged the document as malicious. The primary attack pattern appears to be a link farm designed to manipulate search engine results or direct users to potentially malicious content hosted on the linked domains.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8529

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/laboratory-investigations-in-anatomy-physiology-cat-version-2nd-edition.pdf
    • http://www.gorillawalker.com/abused-boys-the-neglected-victims-of-sexual-abuse.pdf
    • http://www.gorillawalker.com/autonomy-in-social-science-research-volume-4-the-view-from.pdf
    • http://www.gorillawalker.com/the-14-day-green-smoothie-detox-diet-achieve-better-health.pdf
    • http://www.gorillawalker.com/management-of-chronic-pain-in-a-primary-care-primary-health.pdf
    • http://www.gorillawalker.com/the-psychology-of-winning-for-women-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/man-dis-connected-how-technology-has-sabotaged-what-it-means.pdf
    • http://www.gorillawalker.com/clinical-management-of-binocular-vision-heterophoric-accommodative-and-eye-movement.pdf
    • http://www.gorillawalker.com/stone-hunts-the-fraternity-20.pdf
    • http://www.gorillawalker.com/the-chair-collection-edition-1-golden-age-of-furniture-design.pdf
    • http://www.gorillawalker.com/lean-green-and-healthy.pdf
    • http://www.gorillawalker.com/fiddle-time-joggers-piano-accompaniment-book.pdf
    • http://www.gorillawalker.com/lucky-luke-english-version-volume-6-ma-dalton-kindle-edition.pdf
    • http://www.gorillawalker.com/bay-city-rollers-unofficial-calendar-2008-a3-calendar-a3-calendar.pdf
    • http://www.gorillawalker.com/hot-dogs-croissants-the-culinary-misadventures-of-two-french-women.pdf
    • http://www.gorillawalker.com/cartas-sobre-la-guerra-del-paraguay-1865-1866-primary-source.pdf
    • http://www.gorillawalker.com/the-stone-gods.pdf
    • http://www.gorillawalker.com/the-chocolate-chef-uncovered-chocolate-secrets-revealed.pdf
    • http://www.gorillawalker.com/tobacco-or-health.pdf
    • http://www.gorillawalker.com/tightrope-poppy-the-high-wire-pig.pdf
    • http://www.gorillawalker.com/zebras-2016-calendar.pdf
    • http://www.gorillawalker.com/valuable-oils-of-the-bible-and-their-prayerful-use-a.pdf
    • http://www.gorillawalker.com/fields-of-fury-the-american-civil-war.pdf
    • http://www.gorillawalker.com/electrical-machines-with-matlab.pdf
    • http://www.gorillawalker.com/fancy-a-cuppa-north-yorkshire.pdf
    • http://www.gorillawalker.com/storying-domestic-violence-constructions-and-stereotypes-of-abuse-in-the.pdf
    • http://www.gorillawalker.com/medical-devices-fda-s-approval-of-four-temporomandibular-joint-implants.pdf
    • http://www.gorillawalker.com/akira-to-zoltan-twenty-six-men-who-changed-the-world.pdf
    • http://www.gorillawalker.com/stand-on-the-gas-sprint-car-racing-in-america.pdf
    • http://www.gorillawalker.com/underground-front-the-chinese-communist-party-in-hong-kong.pdf
    • http://www.gorillawalker.com/warlord-of-mars-the-martian-barsoom-john-carter-series-book.pdf
    • http://www.gorillawalker.com/saint-drogo-the-saint-for-the-ugly-people.pdf
    • http://www.gorillawalker.com/economics-for-executives.pdf
    • http://www.gorillawalker.com/writing-ancient-history-an-introduction-to-classical-historiography-library-of.pdf
    • http://www.gorillawalker.com/russian-literature-an-introduction.pdf
    • http://www.gorillawalker.com/color-environment-human-response.pdf
    • http://www.gorillawalker.com/great-smoky-mountain-impressions.pdf
    • http://www.gorillawalker.com/baby-s-very-first-colors-book-usborne-baby-board-books.pdf
    • http://www.gorillawalker.com/jackasses-2016-square-12x12.pdf
    • http://www.gorillawalker.com/what-would-jesus-say-a-lenten-study-nextsunday-studies.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.