Malicious PDF — malware analysis report

Static analysis result for SHA-256 68a753e96cd7e5a1…

MALICIOUS

PDF

33.3 KB Created: 2020-01-17 19:19:18 +03:00 Authoring application: FrameMaker 9.0 (via Acrobat Distiller 9.3.2 (Windows))
MD5: b17910c07c51e36841c7a6ed3c67f0b3 SHA-1: 0fa34ad59d517208c064d033495c56c594bfd957 SHA-256: 68a753e96cd7e5a1ee951fe62af320dbff832a76f5b83e2d98c1fe804cf570da
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded external links, identified by the PDF_SEO_LINK_FARM heuristic. These links point to various PDF documents on the domain 'gorillawalker.com'. The ML_NYX_PDF_MALICIOUS heuristic also flagged the document. The purpose appears to be SEO manipulation or potentially distributing further malicious content through these linked PDFs.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8529

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-history-of-the-stasi-east-germany-s-secret-police.pdf
    • http://www.gorillawalker.com/jack-of-diamonds.pdf
    • http://www.gorillawalker.com/the-underdog-s-guide-to-the-sat-strategy-guide-prepare.pdf
    • http://www.gorillawalker.com/landscape-interpretations.pdf
    • http://www.gorillawalker.com/obsessive-compulsive-disorder-in-adults-in-the-series-advances-in.pdf
    • http://www.gorillawalker.com/iso-9001-2000-audit-procedures.pdf
    • http://www.gorillawalker.com/david-mcwilliams-the-pope-s-children-david-mcwilliams-ireland-1.pdf
    • http://www.gorillawalker.com/montreal-berlitz-z-map.pdf
    • http://www.gorillawalker.com/the-yale-edition-of-the-complete-works-of-st-thomas.pdf
    • http://www.gorillawalker.com/how-to-pass-advanced-numeracy-tests-improve-your-scores-in.pdf
    • http://www.gorillawalker.com/the-christy-miller-collection-vol-1-summer-promise-a-whisper.pdf
    • http://www.gorillawalker.com/city-of-angels-shannon-saga.pdf
    • http://www.gorillawalker.com/horses-wall.pdf
    • http://www.gorillawalker.com/history-of-the-warfare-of-science-with-theology-in-christendom.pdf
    • http://www.gorillawalker.com/die-umweltpramie-und-ihre-auswirkung-auf-den-automobilhandel-german-edition.pdf
    • http://www.gorillawalker.com/laparoscopic-bariatric-surgery.pdf
    • http://www.gorillawalker.com/lessons-of-life-from-my-son-never-give-up.pdf
    • http://www.gorillawalker.com/social-skills-support-play-role-in-adolescent-depression-child-adolescent.pdf
    • http://www.gorillawalker.com/mouth-watering-super-shred-diet-recipes-your-stick-with-it.pdf
    • http://www.gorillawalker.com/berkovich-spaces-and-applications-lecture-notes-in-mathematics.pdf
    • http://www.gorillawalker.com/theo-angelopolous-interviews-conversations-with-filmmakers-series.pdf
    • http://www.gorillawalker.com/a-friendship-promise.pdf
    • http://www.gorillawalker.com/meaning-and-textuality-toronto-studies-in-semiotics-and-communication.pdf
    • http://www.gorillawalker.com/international-management-managing-across-borders-and-cultures-text-and-cases.pdf
    • http://www.gorillawalker.com/decision-making-in-engineering-design.pdf
    • http://www.gorillawalker.com/commentary-on-aristotle-s-physics-aristotelian-commentary-series.pdf
    • http://www.gorillawalker.com/building-the-rule-of-law.pdf
    • http://www.gorillawalker.com/drawing-on-the-go-people-dover-little-activity-books.pdf
    • http://www.gorillawalker.com/debt-free-investing-how-to-balance-your-priorities-between-debt.pdf
    • http://www.gorillawalker.com/cape-lookout-national-seashore-o-boyle-bryant-house-historic-structure.pdf
    • http://www.gorillawalker.com/a-checklist-of-north-american-amphibians-and-reptiles-the-united.pdf
    • http://www.gorillawalker.com/this-new-noise-the-extraordinary-birth-and-troubled-life-of.pdf
    • http://www.gorillawalker.com/the-dolorous-passion-of-our-lord-jesus-christ.pdf
    • http://www.gorillawalker.com/banged-in-the-bayou-monster-erotica-fifty-states-of-monster.pdf
    • http://www.gorillawalker.com/the-rhinegold-complete-vocal-score.pdf
    • http://www.gorillawalker.com/start-up-an-entrepreneur-s-guide-to-launching-and-managing.pdf
    • http://www.gorillawalker.com/leviticus-ot-daily-study-bible-series.pdf
    • http://www.gorillawalker.com/handbook-of-ornament-dover-pictorial-archive-kindle-edition.pdf
    • http://www.gorillawalker.com/salt-of-the-earth-the-story-of-a-film-the.pdf
    • http://www.gorillawalker.com/a-midsummer-nights-dream-arden-shakespeare-second-series-by-william.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.