Malicious PDF — malware analysis report

Static analysis result for SHA-256 6c17fd07f3701c20…

MALICIOUS

PDF

43.4 KB Created: 2019-03-18 01:32:03 +03:00 Authoring application: Adobe InDesign CC (Macintosh) (via Adobe PDF Library 11.0)
MD5: be326a7bdf46d44bb48753c252dcfaed SHA-1: 501533b5d8993c5d37c38a714e8e7115c61cb8f9 SHA-256: 6c17fd07f3701c202fb5068cc48659991c66d8eabf5b2a1ce379354e4d5bd16a
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded URLs pointing to external PDF files on the domain 'gorillawalker.com'. This is indicative of a link farm or a method to distribute additional content. The ML classifier also flagged this PDF as malicious, supporting the suspicious nature of the embedded links.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9016

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/reconciliation.pdf
    • http://www.gorillawalker.com/the-student-s-instructor-in-drawing-and-working-the-five.pdf
    • http://www.gorillawalker.com/confronting-fragmentation-housing-and-urban-development-in-a-democratising-society.pdf
    • http://www.gorillawalker.com/pfeiffer-s-classic-activities-for-diversity-training.pdf
    • http://www.gorillawalker.com/fundamentals-of-light-microscopy-and-electronic-imaging.pdf
    • http://www.gorillawalker.com/grinnell-arctic-exploring-expedition-godfrey-s-narrative-of-the-last.pdf
    • http://www.gorillawalker.com/noise-and-ergonomics-in-the-workplace-business-issues-competition-and.pdf
    • http://www.gorillawalker.com/autodesk-inventor-2011-for-designers.pdf
    • http://www.gorillawalker.com/calamus-male-homosexuality-in-twentieth-century-literature-an-international-anthology.pdf
    • http://www.gorillawalker.com/littlest-tugboat.pdf
    • http://www.gorillawalker.com/honduras-travel-journal-pop-8-296-693-me.pdf
    • http://www.gorillawalker.com/fundamentals-of-the-theory-of-plasticity-dover-civil-and-mechanical.pdf
    • http://www.gorillawalker.com/the-mini-manual-of-humorous-quotations-mini-manuals.pdf
    • http://www.gorillawalker.com/carole-king-keyboard-play-along-volume-22-book-cd-hal.pdf
    • http://www.gorillawalker.com/native-treasures-gardening-with-the-plants-of-california-phyllis-m.pdf
    • http://www.gorillawalker.com/art-psychotherapy-wiley-series-on-personality-processes.pdf
    • http://www.gorillawalker.com/practicing-physics-for-conceptual-physics.pdf
    • http://www.gorillawalker.com/jerusalem.pdf
    • http://www.gorillawalker.com/dad-remembers-memories-for-my-child.pdf
    • http://www.gorillawalker.com/quick-easy-new-style-japanese-cooking.pdf
    • http://www.gorillawalker.com/attack-on-titan-before-the-fall-3.pdf
    • http://www.gorillawalker.com/shakespeare-kierkegaard-and-existential-tragedy.pdf
    • http://www.gorillawalker.com/jack-o-neill-it-s-always-summer-on-the-inside.pdf
    • http://www.gorillawalker.com/veterinary-neuroanatomy-and-clinical-neurology-2e.pdf
    • http://www.gorillawalker.com/the-pocket-guide-to-wedding-speeches-toasts-isbn-9781856486903.pdf
    • http://www.gorillawalker.com/cbt-to-help-young-people-with-asperger-s-syndrome-autism.pdf
    • http://www.gorillawalker.com/oxide-scale-behavior-in-high-temperature-metal-processing.pdf
    • http://www.gorillawalker.com/computer-vision-and-image-processing-a-practical-approach-using-cviptools.pdf
    • http://www.gorillawalker.com/santa-maria-tonantzin-virgen-guadalupe.pdf
    • http://www.gorillawalker.com/the-tripods-attack-the-young-chesterton-chronicles.pdf
    • http://www.gorillawalker.com/the-one-minute-millionaire.pdf
    • http://www.gorillawalker.com/integrated-office-systems.pdf
    • http://www.gorillawalker.com/after-100-years.pdf
    • http://www.gorillawalker.com/encyclopedia-of-paleoclimatology-and-ancient-environments-encyclopedia-of-earth-sciences.pdf
    • http://www.gorillawalker.com/the-migration-of-kenyah-badeng-a-study-based-on-oral.pdf
    • http://www.gorillawalker.com/a-million-miles-in-the-air-personal-experiences-impressions-and.pdf
    • http://www.gorillawalker.com/my-first-adventures-at-the-cabin.pdf
    • http://www.gorillawalker.com/indoor-sports.pdf
    • http://www.gorillawalker.com/premenstrual-syndrome-how-you-can-benefit-from-diet-vitamins-minerals.pdf
    • http://www.gorillawalker.com/lowe-s-complete-home-decorating-lowe-s-home-improvement.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.