Malicious PDF — malware analysis report

Static analysis result for SHA-256 649870aebee418a3…

MALICIOUS

PDF

43.7 KB Created: 2018-12-11 20:46:57 +03:00 Authoring application: dvipsk 5.58f Copyright 1986, 1994 Radical Eye Software (via Acrobat Distiller 3.0 f r Macintosh)
MD5: 9dc4c91439573601411e138b29e442a0 SHA-1: d21dfedc359ef911ea5a780b4d1e021d57a7e484 SHA-256: 649870aebee418a3e20ceb14ad40c407f3f3088be1755d613742e48ed6c3b51d
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded external links, identified by the PDF_SEO_LINK_FARM heuristic. These links point to various PDF documents on the 'gorillawalker.com' domain. While no scripts were explicitly extracted, the ML_NYX_PDF_MALICIOUS heuristic indicates a high probability of malicious intent. The primary attack pattern appears to be the distribution of a large number of links, potentially for SEO manipulation or to serve as a landing page for further malicious content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8683

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/a-bowdon-romance-romance-intrigue-and-murder-in-a-19th.pdf
    • http://www.gorillawalker.com/jacula-n-2-terrore-nel-collegio-italian-edition.pdf
    • http://www.gorillawalker.com/who-s-in-a-family.pdf
    • http://www.gorillawalker.com/da-vinci-decoded-discovering-the-spiritual-secrets-of-leonardo-s.pdf
    • http://www.gorillawalker.com/soup-greats-190-delicious-and-easy-soup-recipes-the-top.pdf
    • http://www.gorillawalker.com/intelligent-design-science-or-religion-critical-perspectives-contemporary-issue-series.pdf
    • http://www.gorillawalker.com/india-after-the-mutiny-travel-photography-from-india-and-sri.pdf
    • http://www.gorillawalker.com/gustav-mahler-s-symphonies-critical-commentary-on-recordings-since-1986.pdf
    • http://www.gorillawalker.com/connect-writing-3-0-access-card.pdf
    • http://www.gorillawalker.com/uganda-by-pen-and-camera.pdf
    • http://www.gorillawalker.com/stalin-a-biography.pdf
    • http://www.gorillawalker.com/mastering-autocad-2005-and-autocad-lt-2005.pdf
    • http://www.gorillawalker.com/earth-wisdom-a-heart-warming-mixture-of-the-spiritual-and.pdf
    • http://www.gorillawalker.com/fusang-or-the-discovery-of-america-by-chinese-buddhist-priests.pdf
    • http://www.gorillawalker.com/readying-cavalli-s-operas-for-the-stage-manuscript-edition-production.pdf
    • http://www.gorillawalker.com/don-juan-s-serenade-selected-songs-sheet-music.pdf
    • http://www.gorillawalker.com/sister-sarah-s-pick-4-lottoluck-s-system-win-now.pdf
    • http://www.gorillawalker.com/the-complete-idiot-s-guide-to-freemasonry-second-edition-idiot.pdf
    • http://www.gorillawalker.com/dave-larue-on-the-record-songs-from-the-dixie-dregs.pdf
    • http://www.gorillawalker.com/everything-you-ever-wanted-to-know-about-watercolor.pdf
    • http://www.gorillawalker.com/the-adventures-of-sir-astanax-tahlmarine.pdf
    • http://www.gorillawalker.com/bacteriology-for-sanitary-engineers.pdf
    • http://www.gorillawalker.com/hans-rosbaud-a-bio-bibliography-bio-bibliographies-in-music.pdf
    • http://www.gorillawalker.com/this-is-jamaica.pdf
    • http://www.gorillawalker.com/at-the-tomb-of-the-inflatable-pig-travels-through-paraguay.pdf
    • http://www.gorillawalker.com/the-diaries-of-benjamin-lynde-and-of-benjamin-lynde-jr.pdf
    • http://www.gorillawalker.com/graphic-novels-and-comics-in-the-classroom-essays-on-the.pdf
    • http://www.gorillawalker.com/a-year-at-the-new-yorker-2004-wall-calendar.pdf
    • http://www.gorillawalker.com/manners-can-be-fun-rev-pb.pdf
    • http://www.gorillawalker.com/effective-teaching-methods-research-based-practice-8th-edition.pdf
    • http://www.gorillawalker.com/ufos-and-the-national-security-state-the-cover-up-exposed.pdf
    • http://www.gorillawalker.com/writings-from-prison-bobby-sands-writings.pdf
    • http://www.gorillawalker.com/linux-kernel-architecture-sams-white-book-series.pdf
    • http://www.gorillawalker.com/teodoro-moscoso-and-puerto-rico-s-operation-bootstrap.pdf
    • http://www.gorillawalker.com/palo-mayombe-el-legado-vivo-de-africa-en-cuba-1.pdf
    • http://www.gorillawalker.com/hitler-s-forgotten-children-my-life-inside-the-lebensborn.pdf
    • http://www.gorillawalker.com/keeping-faith-memoirs-of-a-president.pdf
    • http://www.gorillawalker.com/c-how-to-program-6th-edition.pdf
    • http://www.gorillawalker.com/lsc-cuyahoga-community-college-the-journey-vol-i.pdf
    • http://www.gorillawalker.com/social-capital-of-civil-society-in-vietnam-empowering-community-based.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.