Malicious PDF — malware analysis report

Static analysis result for SHA-256 5c888c88376a0175…

MALICIOUS

PDF

43.7 KB Created: 2018-12-02 10:56:47 +03:00 Authoring application: FrameMaker 7.2 (via Acrobat Distiller 7.0.5 (Windows))
MD5: dc72afd5761115d4116c2d4931ffa787 SHA-1: b7f453abdc86bb1ab9697f5c1ef16a649b5191b1 SHA-256: 5c888c88376a017569467bd345defe821d0f5b6b2c0ba6aba4df5d1be3403f75
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1105 Ingress Tool Transfer

The PDF contains a large number of embedded URLs, identified by the PDF_SEO_LINK_FARM heuristic. These URLs point to various documents on the gorillawalker.com domain. The ML_NYX_PDF_MALICIOUS heuristic also flagged the document as malicious. The primary purpose appears to be directing users to a large number of external resources, likely for SEO spam or to host further malicious content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9016

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/100-division-worksheets-with-5-digit-dividends-1-digit-divisors.pdf
    • http://www.gorillawalker.com/infant-experiences-influence-atopic-dermatitis-dermatologic-therapy-an-article-from.pdf
    • http://www.gorillawalker.com/the-canadian-brass-immortal-folksongs-tuba-b-c.pdf
    • http://www.gorillawalker.com/bioshock-infinite-the-definitive-game-guide.pdf
    • http://www.gorillawalker.com/travel-and-talk-1885-93-95-my-hundred-thousand-miles.pdf
    • http://www.gorillawalker.com/the-complete-guide-to-ceramic-stone-tile-black-decker.pdf
    • http://www.gorillawalker.com/the-new-oxford-picture-dictionary-english-vietnamese-edition-english-and.pdf
    • http://www.gorillawalker.com/ink-bloom-draw-and-paint-a-fantasy-adventure.pdf
    • http://www.gorillawalker.com/africa-she-is-africa.pdf
    • http://www.gorillawalker.com/penrose-tiles-to-trapdoor-ciphers-and-the-return-of-dr.pdf
    • http://www.gorillawalker.com/dangerous-surrender-what-happens-when-you-say-yes-to-god.pdf
    • http://www.gorillawalker.com/aa-essential-budapest-aa-essential-guide.pdf
    • http://www.gorillawalker.com/friends-aboard-memories-of-patrick-leigh-fermor-lawrence-durrell-peggy.pdf
    • http://www.gorillawalker.com/injustice-for-all-a-family-law-tragedy.pdf
    • http://www.gorillawalker.com/norton-commando-the-essential-buyer-s-guide-norton-commando.pdf
    • http://www.gorillawalker.com/manual-trading-resistencias-y-soportes-teor.pdf
    • http://www.gorillawalker.com/thailande-ancienne-dition.pdf
    • http://www.gorillawalker.com/contemporary-tax-practice-research-planning-and-strategies-third-edition.pdf
    • http://www.gorillawalker.com/get-your-a-out-of-college.pdf
    • http://www.gorillawalker.com/the-oxford-companion-to-the-supreme-court-of-the-united.pdf
    • http://www.gorillawalker.com/project-finance-in-theory-and-practice-second-edition-designing-structuring.pdf
    • http://www.gorillawalker.com/the-mother-knot-a-memoir.pdf
    • http://www.gorillawalker.com/energy-and-process-optimization-for-the-process-industries.pdf
    • http://www.gorillawalker.com/the-clay-marble-with-connections-hrw-library.pdf
    • http://www.gorillawalker.com/the-k-factor-in-successful-selling-what-you-should-know.pdf
    • http://www.gorillawalker.com/you-must-remember-this-the-warner-bros-story.pdf
    • http://www.gorillawalker.com/the-customary-laws-and-usages-of-the-gambia-final-report.pdf
    • http://www.gorillawalker.com/leading-with-your-heart-diversity-and-ganas-for-inspired-inclusion.pdf
    • http://www.gorillawalker.com/love-inspired-april-2015-box-set-2-of-2-reunited.pdf
    • http://www.gorillawalker.com/abiding-under-the-shadow-god-s-call-to-return-to.pdf
    • http://www.gorillawalker.com/macbeth-parallel-text.pdf
    • http://www.gorillawalker.com/a-guide-to-executing-change-for-the-project-management-team.pdf
    • http://www.gorillawalker.com/spiritual-and-the-blues-an-interpretation.pdf
    • http://www.gorillawalker.com/world-war-ii-for-kids-a-history-with-21-activities.pdf
    • http://www.gorillawalker.com/radiographic-assessment-of-proximal-caries-a-comparison-between-film-based.pdf
    • http://www.gorillawalker.com/anatomy-and-100-stretching-exercises-for-runners.pdf
    • http://www.gorillawalker.com/fight-bareknuckle-boxing-brotherhood-book-1-kindle-edition.pdf
    • http://www.gorillawalker.com/the-grim-company.pdf
    • http://www.gorillawalker.com/student-solutions-manual-for-introductory-linear-algebra-an-applied-first.pdf
    • http://www.gorillawalker.com/battletech-compendium-the-rules-of-warfare.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.