Malicious PDF — malware analysis report

Static analysis result for SHA-256 7725d5a246eff57c…

MALICIOUS

PDF

41.5 KB Created: 2018-11-14 11:19:56 +03:00 Authoring application: AH XSL Formatter V6.1 MR6 for Windows (x64) : 6.1.11.18624 (via Antenna House PDF Output Library 6.1.610 (Windows (x64)))
MD5: fc9ff327194301ef26714eb0d3ca55f6 SHA-1: ee9bca00d7961306c0a4e78ccc337ff8a140d355 SHA-256: 7725d5a246eff57c368064299b83901d9daa740c0c49f1c67cb9a5855d05c15d
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded links to external PDF files, as detected by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged the document as malicious. The primary purpose appears to be SEO manipulation or distributing a large volume of content from the gorillawalker.com domain.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9027

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/erotica-m-nage-bbw-threesome-interracial-bisexual-fantasy-bundle-ffm.pdf
    • http://www.gorillawalker.com/bluegrass-songbook-with-over-1000-songs-2-vol-set.pdf
    • http://www.gorillawalker.com/juan-rodriguez-cabrillo-latinos-in-american-history.pdf
    • http://www.gorillawalker.com/maimonides-confrontation-with-mysticism-the-littman-library-of-jewish-civilization.pdf
    • http://www.gorillawalker.com/washington-scenes-from-a-capital-city.pdf
    • http://www.gorillawalker.com/the-essential-wilderness-navigator-how-to-find-your-way-in.pdf
    • http://www.gorillawalker.com/sin-tacones-sin-reserva-diario-de-una-supermodelo-en-b.pdf
    • http://www.gorillawalker.com/ice-maidens-of-the-andes-time-travelers-twenty-first-century.pdf
    • http://www.gorillawalker.com/photography-topics.pdf
    • http://www.gorillawalker.com/sur-la-ligne-noire-folio-policier-french-edition.pdf
    • http://www.gorillawalker.com/feelings-reborn-life-after-alcohol.pdf
    • http://www.gorillawalker.com/statistical-and-neural-classifiers.pdf
    • http://www.gorillawalker.com/accounting-for-non-accountants-3e-the-fast-and-easy-way.pdf
    • http://www.gorillawalker.com/existentialism-dostovesky-to-sartre.pdf
    • http://www.gorillawalker.com/dreamweaver-cs3-dynamic-development.pdf
    • http://www.gorillawalker.com/shimizu-s-textbook-of-dermatology.pdf
    • http://www.gorillawalker.com/rheology-v-2.pdf
    • http://www.gorillawalker.com/neufert-arte-de-proyectar-en-arquitectura-spanish-edition.pdf
    • http://www.gorillawalker.com/design-of-control-systems.pdf
    • http://www.gorillawalker.com/wonders-of-numbers-adventures-in-mathematics-mind-and-meaning.pdf
    • http://www.gorillawalker.com/the-sculpture-of-austin-wright-british-sculptors-and-sculpture-british.pdf
    • http://www.gorillawalker.com/field-manual-fm-3-04-113-fm-1-113-utility.pdf
    • http://www.gorillawalker.com/heritage-of-spanish-cooking.pdf
    • http://www.gorillawalker.com/chronic-pain-life-out-of-balance.pdf
    • http://www.gorillawalker.com/the-chef-s-companion-third-edition.pdf
    • http://www.gorillawalker.com/management-of-primary-bone-tumors-sudoc-he-20-3173-3.pdf
    • http://www.gorillawalker.com/dolomiti-geoscape-geography-geology-landscape.pdf
    • http://www.gorillawalker.com/trixter-the-trix-adventures-volume-1.pdf
    • http://www.gorillawalker.com/american-tenant-everything-u-need-to-know-about-your-rights.pdf
    • http://www.gorillawalker.com/where-do-chicks-come-from-let-s-read-and-find.pdf
    • http://www.gorillawalker.com/working-the-london-underground-from-1863-to-2013.pdf
    • http://www.gorillawalker.com/physics-of-self-organization-and-evolution.pdf
    • http://www.gorillawalker.com/digital-art-masters-volume-5-1st-first-edition-by-3dtotal.pdf
    • http://www.gorillawalker.com/miami-miami-beach-the-paradise-in-the-sun.pdf
    • http://www.gorillawalker.com/national-geographic-july-1960-atlas-map-supplement-hawaii-vol-118.pdf
    • http://www.gorillawalker.com/the-politics-of-iranian-cinema-film-and-society-in-the.pdf
    • http://www.gorillawalker.com/music-minus-one-cello-dvorak-quintet-in-a-major-op.pdf
    • http://www.gorillawalker.com/canyon-rescue-the-adventures-of-bailey-canteen.pdf
    • http://www.gorillawalker.com/life-in-motion-an-unlikely-ballerina-kindle-edition.pdf
    • http://www.gorillawalker.com/the-queen-of-whale-cay-the-eccentric-story-of-joe.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.