Malicious PDF — malware analysis report

Static analysis result for SHA-256 6f6651a5ac5856a3…

MALICIOUS

PDF

40.8 KB Created: 2018-12-15 08:53:27 +03:00 Authoring application: Acrobat PDFMaker 7.0.7 for Word (via Acrobat Distiller 7.0.5 (Windows))
MD5: 9bd87b6de770070c556111eeae70ab13 SHA-1: b5d11c7c75d727f2544abbceb7d138a1054ac92c SHA-256: 6f6651a5ac5856a302cbfaa79f8fa7ee362727b4d6f6cf07899e4cdb7ee6ef48
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded external links, as indicated by the PDF_SEO_LINK_FARM heuristic. These links point to various documents on the 'gorillawalker.com' domain. The ML classifier also flagged this PDF as malicious. The primary attack pattern appears to be a link farm designed to manipulate search engine results or direct users to potentially malicious content hosted on these external URLs.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8872

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-american-protest-essay-and-national-belonging-addressing-division.pdf
    • http://www.gorillawalker.com/cases-and-materials-on-insurance-law-american-casebook-series.pdf
    • http://www.gorillawalker.com/radio-communications-receivers.pdf
    • http://www.gorillawalker.com/going-gray-an-apocalyptic-thriller-gray-series-book-1-kindle.pdf
    • http://www.gorillawalker.com/the-special-law-governing-public-service-corporations-and-all-others.pdf
    • http://www.gorillawalker.com/church-by-god-s-design-building-a-modern-day-book.pdf
    • http://www.gorillawalker.com/machine-guns-and-the-great-war.pdf
    • http://www.gorillawalker.com/probiotics-a-practical-guide-to-the-benefits-of-probiotics-and.pdf
    • http://www.gorillawalker.com/crafts-from-papier-mache-step-by-step-bridgestone.pdf
    • http://www.gorillawalker.com/kierkegaard-on-faith-and-love-modern-european-philosophy.pdf
    • http://www.gorillawalker.com/summary-how-to-make-it-when-you-re-cash-poor.pdf
    • http://www.gorillawalker.com/deeds-of-darkness.pdf
    • http://www.gorillawalker.com/blood-red-roses-the-archaeology-of-a-mass-grave-from.pdf
    • http://www.gorillawalker.com/sir-bobby-robson.pdf
    • http://www.gorillawalker.com/isle-of-man-offshore-tax-guide.pdf
    • http://www.gorillawalker.com/teach-yourself-business-spanish.pdf
    • http://www.gorillawalker.com/casserole-recipes-to-die-for-kindle-edition.pdf
    • http://www.gorillawalker.com/genrecide.pdf
    • http://www.gorillawalker.com/do-me-up-the-ass-please-lesbian-erotica.pdf
    • http://www.gorillawalker.com/ethnic-realignment-a-comparative-study-of-government-influences-on-identity.pdf
    • http://www.gorillawalker.com/selected-prose.pdf
    • http://www.gorillawalker.com/dominated-by-my-neighbours-husband-gay-mm-cuckold-taboo-alpha.pdf
    • http://www.gorillawalker.com/thanos-the-infinity-relativity.pdf
    • http://www.gorillawalker.com/essentials-of-health-behavior-essential-public-health.pdf
    • http://www.gorillawalker.com/the-stoic-s-bible-florilegium-for-the-good-life-expanded.pdf
    • http://www.gorillawalker.com/electronic-properties-of-doped-semiconductors-springer-series-in-solid-state.pdf
    • http://www.gorillawalker.com/appian-roman-history-vol-iii-the-civil-wars-books-1.pdf
    • http://www.gorillawalker.com/alchemical-studies-collected-works-of-c-g-jung-vol-13.pdf
    • http://www.gorillawalker.com/picture-book-of-florida.pdf
    • http://www.gorillawalker.com/music-minus-one-violin-beethoven-violin-concerto-in-d-major.pdf
    • http://www.gorillawalker.com/herod-s-christmas-10-1-pack-bauble-books.pdf
    • http://www.gorillawalker.com/this-was-singapore.pdf
    • http://www.gorillawalker.com/egmont-op-84-full-score-a1263.pdf
    • http://www.gorillawalker.com/hope-endures-leaving-mother-teresa-losing-faith-and-searching-for.pdf
    • http://www.gorillawalker.com/dancing-out-of-germany-a-bicultural-reflection.pdf
    • http://www.gorillawalker.com/nobody-will-believe-you-a-young-girl-abused-by-her.pdf
    • http://www.gorillawalker.com/trouble-at-the-tudor-banquet.pdf
    • http://www.gorillawalker.com/ada-plus-data-structures-an-object-oriented-approach.pdf
    • http://www.gorillawalker.com/the-screaming-orgasm-69-x-rated-cocktails-wine-spirits.pdf
    • http://www.gorillawalker.com/international-law-and-the-world-war-v-2.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
stream_001_off00000d6a.bin
eba6230f7250f0a8ac1e9ede486c247c06d4b1197704e0eccdff70936d56336b		 decompressed-pdf-stream PDF FlateDecoded stream at offset 0xD6A 16644 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.