Malicious PDF — malware analysis report

Static analysis result for SHA-256 58bc6448868ae61e…

MALICIOUS

PDF

43.4 KB Created: 2018-11-14 08:17:07 +03:00 Authoring application: Adobe InDesign CS4_J (6.0.5) (via Acrobat Distiller 7.0 (Windows))
MD5: 0898596feebd91a913e44e3a9496794a SHA-1: 4d25d43690f05b57667c92cea7ead07e84efddc3 SHA-256: 58bc6448868ae61ea30dc171b95438571a29daf26189c152acf902458ecce58e
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious File

The PDF was flagged by a machine learning classifier and a critical heuristic identified it as a link farm containing 32 external PDF links. The majority of these links point to PDFs hosted on www.gorillawalker.com. This suggests the document's primary purpose is to redirect users to a large number of external resources, likely for SEO manipulation or to serve as a distribution point for further malicious content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8859

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/against-the-gods-the-remarkable-story-of-risk-kindle-edition.pdf
    • http://www.gorillawalker.com/on-the-far-side-of-liglig-mountain.pdf
    • http://www.gorillawalker.com/graders-big-machines-at-work.pdf
    • http://www.gorillawalker.com/a-history-of-europe-in-the-modern-world-volume-1.pdf
    • http://www.gorillawalker.com/broken-faith.pdf
    • http://www.gorillawalker.com/standard-catalog-of-winchester-firearms.pdf
    • http://www.gorillawalker.com/the-middle-choice-haiti-through-revolution-chaos-and-reconstruction-perspectives.pdf
    • http://www.gorillawalker.com/this-business-of-global-music-marketing-global-strategies-for-maximizing.pdf
    • http://www.gorillawalker.com/block-m-symphonic-band.pdf
    • http://www.gorillawalker.com/the-atlas-of-mind-body-and-spirit.pdf
    • http://www.gorillawalker.com/painter-s-quick-reference-trees-foliage.pdf
    • http://www.gorillawalker.com/grace-awakening-hope-again-simple-faith.pdf
    • http://www.gorillawalker.com/whole-food-at-half-price-30-days-to-healthy-eating.pdf
    • http://www.gorillawalker.com/on-deep-history-and-the-brain.pdf
    • http://www.gorillawalker.com/how-to-be-a-princess.pdf
    • http://www.gorillawalker.com/op-wrath-of-orcus-sword-sorcery.pdf
    • http://www.gorillawalker.com/the-iq-booster-how-to-dramatically-improve-your-performance-on.pdf
    • http://www.gorillawalker.com/secret-honor-honor-bound.pdf
    • http://www.gorillawalker.com/latin-american-politics-and-development-seventh-edition.pdf
    • http://www.gorillawalker.com/man-of-the-house-double-teamed-brat-behave-brat-taboo.pdf
    • http://www.gorillawalker.com/patent-litigation-in-germany-japan-and-the-united-states-a.pdf
    • http://www.gorillawalker.com/exploring-listening-strategy-instruction-through-action-research.pdf
    • http://www.gorillawalker.com/satisfaction-orchid-house-1-hentai-tentacle-shifter-monster-brothel-erotica.pdf
    • http://www.gorillawalker.com/how-serious-a-problem-is-drug-abuse-pamphlet-opposing-viewpoints.pdf
    • http://www.gorillawalker.com/balinese-dance-drama-music-a-guide-to-the-performing-arts.pdf
    • http://www.gorillawalker.com/express-cooking-make-healthy-meals-fast-in-today-s-quiet.pdf
    • http://www.gorillawalker.com/letters-to-a-young-contrarian-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/nickelback-all-the-right-reasons-for-piano-vocal-and-chords.pdf
    • http://www.gorillawalker.com/conjuring-property-speculation-and-environmental-futures-in-the-brazilian-amazon.pdf
    • http://www.gorillawalker.com/where-is-the-love-how-language-can-reorient-us-back.pdf
    • http://www.gorillawalker.com/outline-of-relativity-with-illustrations-kindle-edition.pdf
    • http://www.gorillawalker.com/balkan-peninsula.pdf
    • http://www.gorillawalker.com/serie-radiolog-a-cl-nica-los-100-diagn-sticos-principales.pdf
    • http://www.gorillawalker.com/the-lost-chronicles-the-official-companion-book-with-bonus-dvd.pdf
    • http://www.gorillawalker.com/guided-math-made-easy-grade-k.pdf
    • http://www.gorillawalker.com/chocolate-forever-dutch-knowledge-on-sustainable-cocoa.pdf
    • http://www.gorillawalker.com/skywalking-the-life-and-films-of-george-lucas-updated-edition.pdf
    • http://www.gorillawalker.com/the-geography-of-girlhood.pdf
    • http://www.gorillawalker.com/tort-law-concepts-and-applications-2nd-edition.pdf
    • http://www.gorillawalker.com/ac-dc-songbook-bass-play-along-volume-40.pdf
    • http://www.gorillawalker.com/this-busi
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.