Malicious PDF — malware analysis report

Static analysis result for SHA-256 5bd3031f07f9fbbc…

MALICIOUS

PDF

42.5 KB Created: 2019-03-19 15:26:09 +03:00 Authoring application: QuarkXPressª: LaserWriter 8 8.5.1 (via Acrobat Distiller 3.01 for Power Macintosh)
MD5: be47981fb84624cd639d20b337591a6f SHA-1: c90cac9ade0fca36bb7b3f3ae5f16c2d21a8286f SHA-256: 5bd3031f07f9fbbc229bc18a8326645cacbc5160c35baa9f260aa6de2b07d24d
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded external links, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML_NYX_PDF_MALICIOUS classifier also flagged the document with high confidence. The document body, though heavily obfuscated, contains many URLs pointing to the domain gorillawalker.com, suggesting a link farm or content distribution strategy.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8872

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/aboriginal-tribes-of-india-and-pakistan-the-bhils-kolhis.pdf
    • http://www.gorillawalker.com/macbook-for-dummies-kindle-edition.pdf
    • http://www.gorillawalker.com/the-way-of-tea-reflections-on-a-life-with-tea.pdf
    • http://www.gorillawalker.com/petrolia-the-landscape-of-america-s-first-oil-boom-creating.pdf
    • http://www.gorillawalker.com/girls-i-ve-run-away-with.pdf
    • http://www.gorillawalker.com/volume-4-sport-in-divided-societies-chelsea-school-research-centre.pdf
    • http://www.gorillawalker.com/the-walking-wounded.pdf
    • http://www.gorillawalker.com/properties-of-materials.pdf
    • http://www.gorillawalker.com/jesu-joy-of-man-s-desiring-duet-for-two-pianos.pdf
    • http://www.gorillawalker.com/foundations-of-apologetics-dvd-set.pdf
    • http://www.gorillawalker.com/church-adminisration-and-management.pdf
    • http://www.gorillawalker.com/on-the-beaten-track-tourism-art-and-place.pdf
    • http://www.gorillawalker.com/being-buddha-at-work-108-ancient-truths-on-change-stress.pdf
    • http://www.gorillawalker.com/deep-purple-the-illustrated-biography.pdf
    • http://www.gorillawalker.com/how-to-find-legal-help-a-guide-to-new-mexico.pdf
    • http://www.gorillawalker.com/your-credit-score-how-to-fix-improve-and-protect-the.pdf
    • http://www.gorillawalker.com/the-servant-leadership-training-course-achieving-success-through-character-bravery.pdf
    • http://www.gorillawalker.com/100-rep-total-body-muscle-annihilator-program-ripped-in-5.pdf
    • http://www.gorillawalker.com/ontario-wildflowers-101-wayside-flowers.pdf
    • http://www.gorillawalker.com/detailed-designs-and-beautiful-patterns-sacred-mandala-designs-and-patterns.pdf
    • http://www.gorillawalker.com/laboratory-management-principles-and-processes-third-edition.pdf
    • http://www.gorillawalker.com/confessions-of-the-world-s-best-father.pdf
    • http://www.gorillawalker.com/the-human-skeleton.pdf
    • http://www.gorillawalker.com/the-college-board-college-handbook-2006-all-new-43rd-edition.pdf
    • http://www.gorillawalker.com/sweet-sue-just-you-for-piano-with-ukulele-arrangement.pdf
    • http://www.gorillawalker.com/humpty-dumpty-more-sing-a-story-book-2.pdf
    • http://www.gorillawalker.com/making-your-own-incense-storey-country-wisdom-bulletin-a-226.pdf
    • http://www.gorillawalker.com/six-not-so-easy-pieces-einstein-146-s-relativity-symmetry.pdf
    • http://www.gorillawalker.com/havah-a-novel-kindle-edition.pdf
    • http://www.gorillawalker.com/the-old-man-who-does-as-he-pleases.pdf
    • http://www.gorillawalker.com/la-gran-final-gol-5-spanish-edition.pdf
    • http://www.gorillawalker.com/masonic-architecture.pdf
    • http://www.gorillawalker.com/a-theater-criticism-arts-journalism-primer-refereeing-the-muses.pdf
    • http://www.gorillawalker.com/painting-weathered-buildings-in-pen-ink-watercolor.pdf
    • http://www.gorillawalker.com/the-grand-design-kindle-edition.pdf
    • http://www.gorillawalker.com/the-secret-daughter.pdf
    • http://www.gorillawalker.com/tasty-catalog-of-vietnamese-cuisine-wonderful-magnificent-art-book-37.pdf
    • http://www.gorillawalker.com/get-the-moon-yaoi.pdf
    • http://www.gorillawalker.com/personal-recollections-of-sherman-s-campaigns-in-georgia-and-the.pdf
    • http://www.gorillawalker.com/claude-the-poetic-landscape.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.