Malicious PDF — malware analysis report

Static analysis result for SHA-256 74d626972ee33fe7…

MALICIOUS

PDF

42.9 KB Created: 2018-12-15 08:53:34 +03:00 Authoring application: AutoCAD 2010 2010 (18.0s (LMS Tech)) (via pdfplot10.hdi 10.0.55.0)
MD5: 21dbd55774309d9d4dd05f559d2c925c SHA-1: e8ced37d5b2c7b648cac4a78e00338bb5a50a614 SHA-256: 74d626972ee33fe74377f768bc6453e25ed9e837c71f204350cfa903b34e03e2
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded external links, identified by the PDF_SEO_LINK_FARM heuristic. These links point to various PDF documents on the 'gorillawalker.com' domain. The ML classifier also flagged the document as malicious. The primary attack pattern appears to be a link farm designed to direct users to a large number of external resources, potentially for SEO manipulation or to serve as a distribution point for further malicious content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/endued-with-power-the-holy-spirit-in-the-church.pdf
    • http://www.gorillawalker.com/cliffstestprep-regents-integrated-algebra-workbook.pdf
    • http://www.gorillawalker.com/exploring-the-epistle-of-jude-john-phillips-commentary-series-the.pdf
    • http://www.gorillawalker.com/ashes-of-victory-honor-harrington-series-book-9.pdf
    • http://www.gorillawalker.com/printed-books-and-maps-including-greece-cyprus-turkey-the-near.pdf
    • http://www.gorillawalker.com/trogons-a-natural-history-of-the-trogonidae.pdf
    • http://www.gorillawalker.com/the-abc-s-of-menopause-it-s-elementary.pdf
    • http://www.gorillawalker.com/standardized-testing-at-issue.pdf
    • http://www.gorillawalker.com/thomas-calculus-early-transcendentals-books-a-la-carte-edition-plus.pdf
    • http://www.gorillawalker.com/nuestro-iceberg-se-derrite-spanish-edition.pdf
    • http://www.gorillawalker.com/super-stories-of-heroes-villains.pdf
    • http://www.gorillawalker.com/legality-and-legitimacy-in-global-affairs.pdf
    • http://www.gorillawalker.com/the-spy-king.pdf
    • http://www.gorillawalker.com/bringing-the-gospel-home-witnessing-to-family-members-close-friends.pdf
    • http://www.gorillawalker.com/german-vocabulary-academic.pdf
    • http://www.gorillawalker.com/first-principles-of-mechanical-and-engineering-drawing-classic-reprint.pdf
    • http://www.gorillawalker.com/samson-let-their-celestial-concerts-all-unite-sheet-music.pdf
    • http://www.gorillawalker.com/trinity-rock-pop-exams-drums-grade-2.pdf
    • http://www.gorillawalker.com/psychological-effects-of-epilepsy-a-review-journal-supplement-abstract-service.pdf
    • http://www.gorillawalker.com/taking-the-brat-at-the-chapel-taboo-fertile-first-time.pdf
    • http://www.gorillawalker.com/don-t-make-me-think-revisited-a-common-sense-approach.pdf
    • http://www.gorillawalker.com/woman-an-intimate-geography.pdf
    • http://www.gorillawalker.com/the-monkey-king-72-transformations-of-the-mythical-hero.pdf
    • http://www.gorillawalker.com/the-dirty-streets-of-heaven-bobby-dollar.pdf
    • http://www.gorillawalker.com/collage-in-twentieth-century-art-literature-and-culture-joseph-cornell.pdf
    • http://www.gorillawalker.com/cinco-relaciones-jeograficas-e-hidrograficas-que-interesan-a-chile-spanish.pdf
    • http://www.gorillawalker.com/the-fusarium-laboratory-manual.pdf
    • http://www.gorillawalker.com/nobody-expects-the-spanish-inquisition-cultural-contexts-in-monty-python.pdf
    • http://www.gorillawalker.com/by-michael-sullivan-algebra-and-trigonometry-5th-fifth-edition.pdf
    • http://www.gorillawalker.com/the-lake.pdf
    • http://www.gorillawalker.com/the-conflicts-of-the-holy-apostles-an-apocryphal-book-of.pdf
    • http://www.gorillawalker.com/parents-in-pain-overcoming-the-hurt-frustration-of-problem-children.pdf
    • http://www.gorillawalker.com/discordia-spanish-edition.pdf
    • http://www.gorillawalker.com/broadband-rf-and-microwave-amplifiers-digital.pdf
    • http://www.gorillawalker.com/from-novice-to-expert-excellence-and-power-in-clinical-nursing.pdf
    • http://www.gorillawalker.com/hypoplastic-left-heart-syndrome-a-handbook-for-parents.pdf
    • http://www.gorillawalker.com/la-peque-a-mu-eca-el-diario-wurtherington-n-1.pdf
    • http://www.gorillawalker.com/the-best-of-the-superstars-2002-the-year-in-sex.pdf
    • http://www.gorillawalker.com/viola-exam-pieces-complete-syllabus-from-2008-grade-1-2008.pdf
    • http://www.gorillawalker.com/new-york-city-museums-a-ross-guide-museums-historic-houses.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.