Malicious PDF — malware analysis report

Static analysis result for SHA-256 70e83cf0b0410065…

MALICIOUS

PDF

43.1 KB Created: 2019-02-14 08:11:32 +03:00 Authoring application: Adobe InDesign CS3 (5.0.3) (via Adobe PDF Library 8.0)
MD5: 4b800a94480477ce1d7b1354b30456fc SHA-1: bd321b5dc7a95b70ddcaeaa2f4957f304d4fb3ac SHA-256: 70e83cf0b0410065b1464573111903c08e31936a1ccc0285c9d5d9b5bf91e3ac
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged the document as malicious. The primary attack pattern appears to be a link farm designed to manipulate search engine results or redirect users to potentially malicious content hosted on the 'gorillawalker.com' domain.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9027

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/agents-of-treachery-vintage-crime-black-lizard-original.pdf
    • http://www.gorillawalker.com/portable-workshop-great-decks-black-decker-portable-workshop.pdf
    • http://www.gorillawalker.com/positive-poker-a-modern-psychological-approach-to-mastering-your-mental.pdf
    • http://www.gorillawalker.com/drugs-and-stress-drug-abuse-prevention-library.pdf
    • http://www.gorillawalker.com/isaac-newton-and-the-scientific-revolution-oxford-portraits-in-science.pdf
    • http://www.gorillawalker.com/ready-to-cut-read-to-cut-paperback.pdf
    • http://www.gorillawalker.com/student-affairs.pdf
    • http://www.gorillawalker.com/was-jefferson-davis-right-oxford-world-s-classics.pdf
    • http://www.gorillawalker.com/the-imagineering-workout-exercises-to-shape-your-creative-muscles.pdf
    • http://www.gorillawalker.com/path-of-light-vol-2-the-domains-of-life.pdf
    • http://www.gorillawalker.com/heavenly-nurses-3-deep-inside-gillian.pdf
    • http://www.gorillawalker.com/advances-in-teaching-physical-chemistry-acs-symposium-series.pdf
    • http://www.gorillawalker.com/a-spider-s-web-revised-a-spider-s-web-series.pdf
    • http://www.gorillawalker.com/proposed-asphalt-and-base-specifications-for-txdot-general-aviation-construction.pdf
    • http://www.gorillawalker.com/living-rock-buddhist-hindu-and-jain-cave-temples-in-the.pdf
    • http://www.gorillawalker.com/op-tribebook-stargazers-rev-werewolf.pdf
    • http://www.gorillawalker.com/on-two-wheels-an-encyclopedia-of-motorcycles-and-motorcycling.pdf
    • http://www.gorillawalker.com/the-rhine-gold-rhine-gold-das-rheingold-vocal-score-first.pdf
    • http://www.gorillawalker.com/image-sensors-and-imaging-systems-2015-proceedings-of-spie.pdf
    • http://www.gorillawalker.com/the-interstellar-age-inside-the-forty-year-voyager-mission.pdf
    • http://www.gorillawalker.com/the-crusades-holy-war-and-canon-law-collected-studies-series.pdf
    • http://www.gorillawalker.com/cognition-theories-and-applications-psy-384-cognitive-psychology.pdf
    • http://www.gorillawalker.com/cribbet-findley-smith-and-dzienkowski-s-property-cases-and-materials.pdf
    • http://www.gorillawalker.com/calder-pride-calder-saga-book-5.pdf
    • http://www.gorillawalker.com/10-soluciones-simples-para-el-deficit-de-atencion-en-adultos.pdf
    • http://www.gorillawalker.com/kiss-me-again-7-secrets-to-kisses-that-drive-her.pdf
    • http://www.gorillawalker.com/mariah-carey-hip-hop.pdf
    • http://www.gorillawalker.com/official-isc-2-guide-to-the-cissp-cbk-third-edition.pdf
    • http://www.gorillawalker.com/from-baghdad-to-america-life-lessons-from-a-dog-named.pdf
    • http://www.gorillawalker.com/spanish-memory-book-a-new-approach-to-vocabulary-building-junior.pdf
    • http://www.gorillawalker.com/running-and-fatburning-for-women.pdf
    • http://www.gorillawalker.com/major-problems-in-american-history-volume-i-major-problems-in.pdf
    • http://www.gorillawalker.com/wild-ireland-a-traveller-s-guide-wild-guides.pdf
    • http://www.gorillawalker.com/the-world-s-greatest-fake-book.pdf
    • http://www.gorillawalker.com/an-orphan-named-eva.pdf
    • http://www.gorillawalker.com/fiddler-s-curse-the-untold-story-of-ervin-t-rouse.pdf
    • http://www.gorillawalker.com/overruling-democracy-03-by-raskin-jamin-b-paperback-2004.pdf
    • http://www.gorillawalker.com/the-hand-of-ethelberta.pdf
    • http://www.gorillawalker.com/artifice-kindle-edition.pdf
    • http://www.gorillawalker.com/asa-ang-miming-a-cebuano-word-picture-book.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.