Malicious PDF — malware analysis report

Static analysis result for SHA-256 679ddeb0038eaeb9…

MALICIOUS

PDF

45.9 KB Created: 2019-03-16 09:23:03 +03:00 Authoring application: PageMaker 6.5 (via Acrobat Distiller 3.01 for Windows)
MD5: 00feb82152990e3f76d17199ccbe6fa6 SHA-1: a085eed57f786022d8f25ac2a34d447cc410c15c SHA-256: 679ddeb0038eaeb91371efea4e214f0d115565e8cf569e8160a7faddc64b0c28
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded links pointing to external PDF files on the domain 'gorillawalker.com'. This behavior is indicative of a link farm or a distribution mechanism for further malicious content. The ML classifier also flagged this PDF as malicious, supporting the suspicious nature of the embedded URLs.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8643

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/operatives-spies-and-saboteurs-the-unknown-story-of-the-men.pdf
    • http://www.gorillawalker.com/what-s-wrong-with-my-plant-and-how-do-i.pdf
    • http://www.gorillawalker.com/the-quiet-professional-major-richard-j-meadows-of-the-u.pdf
    • http://www.gorillawalker.com/engineering-physics-part-1-1e.pdf
    • http://www.gorillawalker.com/calvinism-communion-and-the-baptists-a-study-of-english-calvinistic.pdf
    • http://www.gorillawalker.com/dictionary-of-british-scientific-instruments-1921.pdf
    • http://www.gorillawalker.com/psychosis-as-a-personal-crisis-an-experience-based-approach-the.pdf
    • http://www.gorillawalker.com/colonial-virtue-the-mobility-of-temperance-in-renaissance-england.pdf
    • http://www.gorillawalker.com/optimizing-patient-care-in-the-pediatric-epilepsy-monitoring-unit-neurosciences.pdf
    • http://www.gorillawalker.com/president-roosevelt-and-the-coming-of-the-war-1941-a.pdf
    • http://www.gorillawalker.com/essential-people-skills-for-project-managers.pdf
    • http://www.gorillawalker.com/my-traitor-s-heart-a-south-african-exile-returns-to.pdf
    • http://www.gorillawalker.com/dark-fires.pdf
    • http://www.gorillawalker.com/stradivari-s-genius-five-violins-one-cello-and-three-centuries.pdf
    • http://www.gorillawalker.com/sabre-wrath-mig-alley-dogfights-north-american-f-86-sabre.pdf
    • http://www.gorillawalker.com/natural-antibiotics-how-to-heal-yourself-from-the-inside-out.pdf
    • http://www.gorillawalker.com/la-creativit-come-identit-terapeutica-atti-del-ii-convegno-della.pdf
    • http://www.gorillawalker.com/le-magasin-d-antiquit-s-l-int-gral-french-edition.pdf
    • http://www.gorillawalker.com/longman-academic-writing-series-4-essays-5th-edition.pdf
    • http://www.gorillawalker.com/ase-test-prep-series-automobile-a4-automotive-suspension-and-steering.pdf
    • http://www.gorillawalker.com/the-motherf-ker-with-the-hat-oberon-modern-plays.pdf
    • http://www.gorillawalker.com/management-s-fatal-flaw.pdf
    • http://www.gorillawalker.com/gre-geometry-manhattan-prep-gre-strategy-guides.pdf
    • http://www.gorillawalker.com/frontier-wolf.pdf
    • http://www.gorillawalker.com/the-collected-letters-of-joseph-conrad-the-cambridge-edition-of.pdf
    • http://www.gorillawalker.com/a-slave-in-the-white-house-paul-jennings-and-the.pdf
    • http://www.gorillawalker.com/water-resources-and-environmental-depth-practice-exams-for-the-civil.pdf
    • http://www.gorillawalker.com/the-story-of-the-little-mole-who-knew-it-was.pdf
    • http://www.gorillawalker.com/essays-in-pragmatic-philosophy-volume-ii.pdf
    • http://www.gorillawalker.com/toxic.pdf
    • http://www.gorillawalker.com/the-agony-of-jesus-paperback.pdf
    • http://www.gorillawalker.com/i-am-jewish-american-our-american-family.pdf
    • http://www.gorillawalker.com/the-art-of-peace-teachings-of-the-founder-of-aikido.pdf
    • http://www.gorillawalker.com/bacharach-and-david-jazz-play-along-volume-123.pdf
    • http://www.gorillawalker.com/the-gift-of-life-the-reality-behind-donor-organ-retrieval.pdf
    • http://www.gorillawalker.com/beyond-rust-metropolitan-pittsburgh-and-the-fate-of-industrial-america.pdf
    • http://www.gorillawalker.com/plumbing-home-repair-improvement.pdf
    • http://www.gorillawalker.com/solutions-minerals-and-equilibria.pdf
    • http://www.gorillawalker.com/work-it-girl-the-black-woman-s-guide-to-professional.pdf
    • http://www.gorillawalker.com/self-rescue-2nd-how-to-climb-series.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.