Malicious PDF — malware analysis report

Static analysis result for SHA-256 5bc4059cf0cb6843…

MALICIOUS

PDF

44.4 KB Created: 2018-11-23 08:05:55 +03:00 Authoring application: FrameMaker 5.5.6. (via Acrobat Distiller 4.05 for Sparc Solaris)
MD5: ce8a7439b74828a2e0cf8b4a12e705c9 SHA-1: c7e93a9e4b4f8d42164d0ed419a9646d8b38091c SHA-256: 5bc4059cf0cb6843eab212d7edaecdb60ddfb092cef9d157a0678d0f807e0978
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded links to external PDF files, as indicated by the 'PDF_SEO_LINK_FARM' heuristic. The ML classifier also flagged the document as malicious. The primary goal appears to be SEO manipulation or directing users to a large collection of documents hosted on 'gorillawalker.com'.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8859

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-3-minute-book-spend-less-time-looking-for-answers.pdf
    • http://www.gorillawalker.com/mozambique-du-sous-developpement-au-socialisme-rapport-du-comite-central.pdf
    • http://www.gorillawalker.com/learning-electronics-communications-through-experimentation-using-electronics-workbench-multisim.pdf
    • http://www.gorillawalker.com/power-of-blackness-hawthorne-poe-melville.pdf
    • http://www.gorillawalker.com/impasto.pdf
    • http://www.gorillawalker.com/dinotopia-lost-dinotopia-harpercollins.pdf
    • http://www.gorillawalker.com/3-pieces-from-water-music-2-pianos-8-hands.pdf
    • http://www.gorillawalker.com/independent-travelers-2002-thailand-malaysia-and-singapore-the-budget-travel.pdf
    • http://www.gorillawalker.com/fibernoodles-cooking-with-shirataki-pasta-volume-2.pdf
    • http://www.gorillawalker.com/natural-law-and-moral-philosophy-from-grotius-to-the-scottish.pdf
    • http://www.gorillawalker.com/solana-and-the-master-kindle-edition.pdf
    • http://www.gorillawalker.com/her-pharaoh-an-erotic-interracial-fantasy-kindle-edition.pdf
    • http://www.gorillawalker.com/mcgraw-hill-education-s-nursing-spanish-visual-phrasebook.pdf
    • http://www.gorillawalker.com/good-wife-bad-cop-short-story-erotica-hotwife-lactation-bisexual.pdf
    • http://www.gorillawalker.com/auto-insurance-and-claims-operations-guide-paperback.pdf
    • http://www.gorillawalker.com/an-introduction-to-probability-and-statistical-inference-second-edition.pdf
    • http://www.gorillawalker.com/prehistoric-a-prehistoric-thriller.pdf
    • http://www.gorillawalker.com/toefl-preparation-guide-with-cassette.pdf
    • http://www.gorillawalker.com/cyberpsychology.pdf
    • http://www.gorillawalker.com/map-reading-and-navigation-the-official-u-s-army-field.pdf
    • http://www.gorillawalker.com/gardening-with-pooh-cheerful-poems-plus-planting-pointers.pdf
    • http://www.gorillawalker.com/pediatric-transplant-hepatology-board-review-board-certification-in-pediatric-transplant.pdf
    • http://www.gorillawalker.com/flesh-and-blood-a-novel.pdf
    • http://www.gorillawalker.com/how-to-restore-fuel-systems-and-carburetors-osprey-restoration-guide.pdf
    • http://www.gorillawalker.com/race-for-the-south-pole-the-expedition-diaries-of-scott.pdf
    • http://www.gorillawalker.com/speed-and-methamphetamine-drug-dangers.pdf
    • http://www.gorillawalker.com/secrets-of-salt-free-cooking-a-complete-low-sodium-cookbook.pdf
    • http://www.gorillawalker.com/easy-stories-plus-readings-and-activities-for-language-skills.pdf
    • http://www.gorillawalker.com/the-pronunciation-of-english-4th-ed.pdf
    • http://www.gorillawalker.com/cifar-s-international-accounting-and-auditing-trends.pdf
    • http://www.gorillawalker.com/me-gana-la-risa-vol-8-spanish-edition.pdf
    • http://www.gorillawalker.com/extremadura.pdf
    • http://www.gorillawalker.com/logic-methodology-and-philosophy-of-science-iii-proceedings-of-the.pdf
    • http://www.gorillawalker.com/siete-fuegos-mi-cocina-argentina-spanish-edition.pdf
    • http://www.gorillawalker.com/gcse-design-technology-graphic-products-aqa-revision-guide.pdf
    • http://www.gorillawalker.com/squire-tarantella-op-23-for-cello-and-piano.pdf
    • http://www.gorillawalker.com/sport-exercise-and-social-theory-an-introduction.pdf
    • http://www.gorillawalker.com/interpretive-interactionism-applied-social-research-methods.pdf
    • http://www.gorillawalker.com/african-short-stories-an-anthology.pdf
    • http://www.gorillawalker.com/introductory-horticulture-7th-edition.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.