Malicious PDF — malware analysis report

Static analysis result for SHA-256 589d1d31dd83b16a…

MALICIOUS

PDF

44.0 KB Created: 2018-11-30 01:49:30 +03:00 Authoring application: Acrobat PDFMaker 7.0.7 for Word (via Acrobat Distiller 7.0.5 (Windows))
MD5: 988a65ae15e73c9575df77dd431f90af SHA-1: 0800e03bf83499796551a52dbf5652ea5fde68fd SHA-256: 589d1d31dd83b16aa8c9d105d11c8ab7d953762a63c198278b1785d4d57bb282
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF was flagged by a critical heuristic for containing a mass external link farm, with 32 links pointing to external PDFs. The ML classifier also indicated a high probability of maliciousness. While no scripts were extracted, the sheer volume of links suggests a malicious intent, possibly for SEO manipulation or to lure users to potentially malicious content hosted on gorillawalker.com.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8683

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/roly-y-renee-los-mejores-amigos-spanish-edition.pdf
    • http://www.gorillawalker.com/icd-9-cm-easy-coder-optometry.pdf
    • http://www.gorillawalker.com/a-memoir-of-the-future.pdf
    • http://www.gorillawalker.com/the-hiding-place-hendrickson-classic-biographies.pdf
    • http://www.gorillawalker.com/dictionary-of-dreams-wordsworth-reference-wordsworth-collection.pdf
    • http://www.gorillawalker.com/charlier-36-etudes-transcendantes-for-trumpet-cornet-or-flugelhorn.pdf
    • http://www.gorillawalker.com/puccini-il-tabarro-hai-ben-ragione-luigi-tenor-instantly-download.pdf
    • http://www.gorillawalker.com/atlanta-insight-guide-insight-city-guides.pdf
    • http://www.gorillawalker.com/saga-of-the-god-touched-mage.pdf
    • http://www.gorillawalker.com/rag-rug-handbook.pdf
    • http://www.gorillawalker.com/parting-with-illusions.pdf
    • http://www.gorillawalker.com/kombucha-recipes-how-to-make-your-own-delicious-probiotic-fermented.pdf
    • http://www.gorillawalker.com/knowledge-power-and-practice-the-anthropology-of-medicine-and-everyday.pdf
    • http://www.gorillawalker.com/just-get-out-there-achieving-abundance-self-empowerment-and-professional.pdf
    • http://www.gorillawalker.com/manual-de-carre-o-para-ninos-spanish-edition.pdf
    • http://www.gorillawalker.com/an-introduction-to-metallurgy-si-units-2nd-edition.pdf
    • http://www.gorillawalker.com/will-shortz-presents-sudoku-while-you-wait-200-puzzles-to.pdf
    • http://www.gorillawalker.com/aspiring-academics-a-resource-book-for-graduate-students-and-early.pdf
    • http://www.gorillawalker.com/paperback-songs-classic-rock-melody-line-chords-and-lyric-for.pdf
    • http://www.gorillawalker.com/learn-to-draw-disney-s-enchanted-princesses-learn-to-draw.pdf
    • http://www.gorillawalker.com/binary-option-profits-how-you-can-make-20000-per-month.pdf
    • http://www.gorillawalker.com/a-place-called-wiregrass.pdf
    • http://www.gorillawalker.com/four-days-in-istanbul-kindle-edition.pdf
    • http://www.gorillawalker.com/come-to-delicious-mauritius-relax-and-unwind-album-fotografici-volume.pdf
    • http://www.gorillawalker.com/an-awesome-book-of-thanks.pdf
    • http://www.gorillawalker.com/money-what-financial-experts-will-never-tell-you.pdf
    • http://www.gorillawalker.com/ida-scudder-healing-bodies-touching-hearts-christian-heroes-then-now.pdf
    • http://www.gorillawalker.com/la-chanson-du-vieux-marin-sonority-classics-french-edition-kindle.pdf
    • http://www.gorillawalker.com/ira-gershwin-selected-lyrics-american-poets-project.pdf
    • http://www.gorillawalker.com/feral-searching-for-enchantment-on-the-frontiers-of-rewilding.pdf
    • http://www.gorillawalker.com/romantic-island-getaway-2-the-new-york-city-getaway.pdf
    • http://www.gorillawalker.com/the-renaissance-volume-ii-the-eve-of-the-reformation-illustrated.pdf
    • http://www.gorillawalker.com/high-blood-pressure-fd-6-pocket-edition.pdf
    • http://www.gorillawalker.com/ontario-provincial-testing-practice-english-grade-6.pdf
    • http://www.gorillawalker.com/rumkowski-and-the-orphans-of-lodz.pdf
    • http://www.gorillawalker.com/no-shelter-here-making-the-world-a-kinder-place-for.pdf
    • http://www.gorillawalker.com/internship-volunteer-opportunities-for-people-who-love-music-foot-in.pdf
    • http://www.gorillawalker.com/the-visual-dictionary-of-star-wars-episode-i-the-phantom.pdf
    • http://www.gorillawalker.com/an-introduction-to-formal-logic.pdf
    • http://www.gorillawalker.com/the-warm-place-turtleback-school-library-binding-edition.pdf
    • http://www.gorillawalker
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.