Malicious PDF — malware analysis report

Static analysis result for SHA-256 6cc778d72a888fde…

MALICIOUS

PDF

42.5 KB Created: 2018-11-23 21:03:30 +03:00 Authoring application: FrameMaker 10.0.2 (via Acrobat Distiller 10.1.15 (Windows))
MD5: 6b94e08954625f597c80e99382d3b268 SHA-1: 4b4720caba23309b7418d531d3e401be2fcf913c SHA-256: 6cc778d72a888fde4a9f0a7e3f340aa8637805edcec9046b07e76229c5f453ea
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The sample was flagged by an ML classifier as malicious and contains a large number of embedded URLs pointing to PDF files on the domain 'gorillawalker.com'. This indicates a likely attempt to manipulate search engine results or distribute content through a link farm. No scripts were extracted, and the document body was heavily obfuscated, limiting further analysis of specific user lures.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8698

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/somato-emotional-release-deciphering-the-language-of-life.pdf
    • http://www.gorillawalker.com/our-town-three-piano-excerpts-from-the-film-score.pdf
    • http://www.gorillawalker.com/nutrition-for-foodservice-managers-concepts-applications-and-management.pdf
    • http://www.gorillawalker.com/writer-s-digest-grammar-desk-reference.pdf
    • http://www.gorillawalker.com/social-theory-in-the-real-world.pdf
    • http://www.gorillawalker.com/the-stock-investor-s-pocket-calculator-a-quick-guide-to.pdf
    • http://www.gorillawalker.com/understanding-copyright-intellectual-property-in-the-digital-age.pdf
    • http://www.gorillawalker.com/the-perfect-children-of-captain-funai-a-short-story.pdf
    • http://www.gorillawalker.com/one-perfect-gift-culdee-creek-christmas.pdf
    • http://www.gorillawalker.com/ukulele-all-time-favorites-music-sales-america.pdf
    • http://www.gorillawalker.com/poesia.pdf
    • http://www.gorillawalker.com/the-easiest-thing-to-remember-my-life-as-an-artist.pdf
    • http://www.gorillawalker.com/martha-graham-e-la-modern-dance-ricerche-italian-edition.pdf
    • http://www.gorillawalker.com/islamic-militancy-opposing-viewpoints.pdf
    • http://www.gorillawalker.com/johann-joachim-quantz-trisonate-c-dur-for-blockflote-querflote-violine.pdf
    • http://www.gorillawalker.com/writing-the-apocalypse-historical-vision-in-contemporary-u-s-and.pdf
    • http://www.gorillawalker.com/the-seres-agenda.pdf
    • http://www.gorillawalker.com/russia-of-the-tsars-world-history-series.pdf
    • http://www.gorillawalker.com/the-statistical-theory-of-linear-systems-classics-in-applied-mathematics.pdf
    • http://www.gorillawalker.com/wizardry-and-wild-romance.pdf
    • http://www.gorillawalker.com/once-upon-a-taboo-three-erotic-fairy-tales-kindle-edition.pdf
    • http://www.gorillawalker.com/the-graphic-designer-s-and-illustrator-s-guide-to-marketing.pdf
    • http://www.gorillawalker.com/texian-iliad-a-military-history-of-the-texas-revolution-1835.pdf
    • http://www.gorillawalker.com/national-fictions-literature-film-and-the-construction-of-australian-narrative.pdf
    • http://www.gorillawalker.com/rogue-regime-kim-jong-il-and-the-looming-threat-of.pdf
    • http://www.gorillawalker.com/key-account-management-in-financial-services.pdf
    • http://www.gorillawalker.com/the-spirit-lens-a-novel-of-the-collegia-magica.pdf
    • http://www.gorillawalker.com/the-language-of-flowers-a-novel-kindle-edition.pdf
    • http://www.gorillawalker.com/brazilian-cooking.pdf
    • http://www.gorillawalker.com/gas-cleaning-at-high-temperatures.pdf
    • http://www.gorillawalker.com/i-won-i-beat-cerebral-palsy.pdf
    • http://www.gorillawalker.com/sins-of-the-father-the-long-shadow-of-a-religious.pdf
    • http://www.gorillawalker.com/jammin-jumble-puzzle-fun-for-everyone-jumbles.pdf
    • http://www.gorillawalker.com/vince-gill-guitar-anthology-series-authentic-guitar-tab.pdf
    • http://www.gorillawalker.com/medical-laboratory-technology-volume-iii-procedure-manual-for-routine-diagnostic.pdf
    • http://www.gorillawalker.com/the-optics-of-life-a-biologist-s-guide-to-light.pdf
    • http://www.gorillawalker.com/supernatural-england-poltergeists-ghosts-hauntings-general-history.pdf
    • http://www.gorillawalker.com/glee-e-z-play-today-volume-88.pdf
    • http://www.gorillawalker.com/digital-art-2nd-edition.pdf
    • http://www.gorillawalker.com/better-sentence-writing-in-30-minutes-a-day-better-english.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.