Malicious PDF — malware analysis report

Static analysis result for SHA-256 6fa65434ba9cf949…

MALICIOUS

PDF

42.8 KB Created: 2018-11-30 20:08:58 +03:00 Authoring application: Adobe Acrobat 7.0 (via Adobe Acrobat 7.0 Image Conversion Plug-in)
MD5: f7be6d791637c875dd9a624ba3c70b45 SHA-1: 65398448cd9746a8e7ed11ac200e96eb662cadc9 SHA-256: 6fa65434ba9cf9493ed1c6a0349a733152428c46a60b122e4c3915ae506f1d99
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded external links, as indicated by the 'PDF_SEO_LINK_FARM' heuristic. These links point to various book titles on the 'gorillawalker.com' domain. The primary purpose appears to be SEO manipulation or directing users to a large collection of potentially malicious or unwanted content. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8872

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/with-love-and-quiches-a-long-island-housewife-s-surprising.pdf
    • http://www.gorillawalker.com/beagle-tales.pdf
    • http://www.gorillawalker.com/a-first-course-in-fuzzy-and-neural-control.pdf
    • http://www.gorillawalker.com/the-happy-body-the-simple-science-of-nutrition-exercise-and.pdf
    • http://www.gorillawalker.com/spectrophysics.pdf
    • http://www.gorillawalker.com/biological-response-modifiers-interferons-double-stranded-rna-and-2-5.pdf
    • http://www.gorillawalker.com/the-sartorialist-closer.pdf
    • http://www.gorillawalker.com/financialization-and-the-us-economy-new-directions-in-modern-economics.pdf
    • http://www.gorillawalker.com/bradley-company-europa-militaria-30.pdf
    • http://www.gorillawalker.com/advanced-methods-in-computer-graphics-with-examples-in-opengl.pdf
    • http://www.gorillawalker.com/activity-book-1b-collins-new-primary-maths.pdf
    • http://www.gorillawalker.com/kelley-blue-book-used-car-guide-consumer-ed-january-june.pdf
    • http://www.gorillawalker.com/marcel-proust-selected-letters-1880-1903.pdf
    • http://www.gorillawalker.com/sheer-grace-living-the-mystery-of-god.pdf
    • http://www.gorillawalker.com/copy-editor-s-handbook-for-newspapers.pdf
    • http://www.gorillawalker.com/wills-and-wealth-in-medieval-genoa-1150-1250-harvard-historical.pdf
    • http://www.gorillawalker.com/the-hormone-decision.pdf
    • http://www.gorillawalker.com/gospel-rhythm-and-blues-hymns-and-spirituals-for-piano-lillenas.pdf
    • http://www.gorillawalker.com/dx-101x-hf-six-meters-dxing-reference-guide-a-comprehensive.pdf
    • http://www.gorillawalker.com/gospel-music-encyclopedia.pdf
    • http://www.gorillawalker.com/creative-tao.pdf
    • http://www.gorillawalker.com/your-middle-years-a-doctor-s-guide-for-today-s.pdf
    • http://www.gorillawalker.com/lonely-planet-mauritius-reunion-and-seychelles.pdf
    • http://www.gorillawalker.com/heartsong.pdf
    • http://www.gorillawalker.com/sigler-s-pharmacy-drug-cards.pdf
    • http://www.gorillawalker.com/earth-weeps-not.pdf
    • http://www.gorillawalker.com/high-molecular-weight-organic-compounds-vol-vi-of-frontiers-in.pdf
    • http://www.gorillawalker.com/understanding-bigfoot.pdf
    • http://www.gorillawalker.com/follow-me-down-to-dublin.pdf
    • http://www.gorillawalker.com/practical-observations-on-the-treatment-of-ulcers-on-the-legs.pdf
    • http://www.gorillawalker.com/an-affair-of-state-a-gourmet-mystery-in-eight-courses.pdf
    • http://www.gorillawalker.com/clothes-clothes-clothes-music-music-music-boys-boys-boys-a.pdf
    • http://www.gorillawalker.com/manual-para-el-manejo-organico-del-nogal-pecanero-spanish-edition.pdf
    • http://www.gorillawalker.com/endgame-strategy-cadogan-chess-books.pdf
    • http://www.gorillawalker.com/understanding-your-6-year-old-understanding-your-child.pdf
    • http://www.gorillawalker.com/robotic-surgery-of-the-head-and-neck-a-comprehensive-guide.pdf
    • http://www.gorillawalker.com/launchpad-for-pulsipher-s-world-regional-geography-with-subregions-six.pdf
    • http://www.gorillawalker.com/paraprofessionals-and-teachers-working-together-highly-effective-strategies-for-the.pdf
    • http://www.gorillawalker.com/spirits-white-as-lightning-bedlam-bard-book-5.pdf
    • http://www.gorillawalker.com/portraits-of-the-vestal-virgins-priestesses-of-ancient-rome.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.