Malicious PDF — malware analysis report

Static analysis result for SHA-256 5e246fddd1d6afd6…

MALICIOUS

PDF

42.1 KB Created: 2018-12-02 10:59:13 +03:00 Authoring application: Adobe PageMaker 6.5 (via Acrobat Distiller 3.0 for Windows)
MD5: b5f51efde3b29be171decd0ac6443e5c SHA-1: e947f2449aaa485c6090c9d0e0748fc33ef1ffb4 SHA-256: 5e246fddd1d6afd69111747813c1f1c41270b217ea807cb691cc752544e6ff46
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded URLs pointing to external PDF files on the domain 'www.gorillawalker.com'. This is indicative of a link farm or SEO manipulation tactic, potentially used to distribute malicious content or improve search engine ranking for malicious sites. While no scripts were explicitly extracted, the heuristic 'PDF_SEO_LINK_FARM' strongly suggests this behavior. The ML classifier also flagged the document as malicious.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8872

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/healthy-habits-for-healthy-kids-grade-k.pdf
    • http://www.gorillawalker.com/coloring-book-monet-prestel-coloring-books.pdf
    • http://www.gorillawalker.com/on-jean-am-ry-philosophy-of-catastrophe.pdf
    • http://www.gorillawalker.com/advances-in-photochemistry-volume-22.pdf
    • http://www.gorillawalker.com/is-adoption-for-you-the-information-you-need-to-make.pdf
    • http://www.gorillawalker.com/mild-cognitive-impairment-and-dementia-definitions-diagnosis-and-treatment-american.pdf
    • http://www.gorillawalker.com/renaissance-new-testament-the-acts-10-34-23-36.pdf
    • http://www.gorillawalker.com/relationship-tools-for-positive-change.pdf
    • http://www.gorillawalker.com/scaling-self-similarity-and-intermediate-asymptotics-dimensional-analysis-and-intermediate.pdf
    • http://www.gorillawalker.com/the-four-faces-of-jesus-kindle-edition.pdf
    • http://www.gorillawalker.com/the-blue-wall-wilderness-of-the-carolinas-and-georgia.pdf
    • http://www.gorillawalker.com/sciencesaurus-student-handbook-softcover-grades-6-8.pdf
    • http://www.gorillawalker.com/everyday-cooking-with-dr-dean-ornish-150-easy-low-fat.pdf
    • http://www.gorillawalker.com/government-response-to-the-education-and-skills-committee-report-on.pdf
    • http://www.gorillawalker.com/supernatural-born-killers-a-pepper-martin-mystery.pdf
    • http://www.gorillawalker.com/the-protecting-veil-cello-and-piano-reduction.pdf
    • http://www.gorillawalker.com/speaking-through-pictures-hello-out-there.pdf
    • http://www.gorillawalker.com/britannica-encyclopedia-2011.pdf
    • http://www.gorillawalker.com/i-am-very-far-the-lyrics.pdf
    • http://www.gorillawalker.com/the-art-of-landscape-painting-in-oil-colours.pdf
    • http://www.gorillawalker.com/color-pencil-drawing-inspiration-book-pencil-drawing-refrence-book-for.pdf
    • http://www.gorillawalker.com/opening-doors-understanding-college-reading.pdf
    • http://www.gorillawalker.com/wicked-magic-magic-series-book-3.pdf
    • http://www.gorillawalker.com/every-woman-in-the-bible-everything-in-the-bible-series.pdf
    • http://www.gorillawalker.com/haitian-kreyol-in-ten-steps.pdf
    • http://www.gorillawalker.com/pre-bankruptcy-planning-for-the-commercial-reorganization.pdf
    • http://www.gorillawalker.com/strangford-lough-irish-discoverer-maps.pdf
    • http://www.gorillawalker.com/iec-60191-1-ed-1-0-b-1966-mechanical-standardization.pdf
    • http://www.gorillawalker.com/the-afrocentric-myth-or-islam-the-liberator-of-the-american.pdf
    • http://www.gorillawalker.com/music-for-brass-instruments.pdf
    • http://www.gorillawalker.com/joy-boosters-120-ways-to-encourage-older-adults.pdf
    • http://www.gorillawalker.com/a-survey-of-buddhism-its-doctrines-and-methods-through-the.pdf
    • http://www.gorillawalker.com/china-industrial-policies-for-an-economy-in-transition-world-bank.pdf
    • http://www.gorillawalker.com/blue-like-jazz-special-edition-with-dvd-study-guide.pdf
    • http://www.gorillawalker.com/endangered-and-threatened-fishes-in-the-klamath-river-basin-causes.pdf
    • http://www.gorillawalker.com/m-tullius-ciceronis-de-re-publica-de-legibus-cato-maior.pdf
    • http://www.gorillawalker.com/handbook-of-transducers.pdf
    • http://www.gorillawalker.com/harlan-coben-unabridged-cd-collection-promise-me-the-woods-hold.pdf
    • http://www.gorillawalker.com/hematological-complications-in-obstetrics-pregnancy-and-gynecology.pdf
    • http://www.gorillawalker.com/happy-marriage-vol-6.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.