Malicious PDF — malware analysis report

Static analysis result for SHA-256 78375711648620f4…

MALICIOUS

PDF

45.7 KB Created: 2018-11-30 20:56:51 +03:00 Authoring application: FrameMaker 10.0.2 (via Acrobat Distiller 10.1.15 (Windows))
MD5: eff26726f574284f8d0b3ff08864e1aa SHA-1: 0f0f2aa1405375834876f67954c4685c3dd31aa9 SHA-256: 78375711648620f4e23604e9793be2f63e483edc1111d60d81282d6d828bc2c8
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of external links, identified by the PDF_SEO_LINK_FARM heuristic. These links point to various PDF documents hosted on gorillawalker.com. The ML_NYX_PDF_MALICIOUS heuristic also flagged the document. The purpose appears to be SEO manipulation or to distribute links to potentially malicious content, rather than a direct user-facing lure.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8634

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/fantasy-and-science-fiction-magazine-calendar-year-2001-set-11.pdf
    • http://www.gorillawalker.com/case-files-psychiatry-fourth-edition-lange-case-files.pdf
    • http://www.gorillawalker.com/lean-six-sigma-the-fall-of-a-nation-kindle-edition.pdf
    • http://www.gorillawalker.com/2016-just-ask-alice-wall-calendar.pdf
    • http://www.gorillawalker.com/lynette-woodard-sports-closeups.pdf
    • http://www.gorillawalker.com/wonder-woman-masterpiece-edition-the-golden-age-of-the-amazon.pdf
    • http://www.gorillawalker.com/the-recovery-stress-questionnaire-for-athletes-user-manual.pdf
    • http://www.gorillawalker.com/legendary-farm-tractors-a-photographic-history.pdf
    • http://www.gorillawalker.com/revelations-of-siberia-by-a-banished-lady-volume-2.pdf
    • http://www.gorillawalker.com/stock-market-zen-the-simple-no-stress-way-to-invest.pdf
    • http://www.gorillawalker.com/mittelst-ndische-unternehmen-in-polen-ihre-entwicklung-und-ihr-einflu.pdf
    • http://www.gorillawalker.com/my-prison-without-bars-the-journey-of-a-damaged-woman.pdf
    • http://www.gorillawalker.com/practical-solutions-to-practically-every-problem-the-early-childhood-teacher.pdf
    • http://www.gorillawalker.com/dear-diary.pdf
    • http://www.gorillawalker.com/cornwall-official-tourist-map.pdf
    • http://www.gorillawalker.com/iphone-for-seniors-get-started-quickly-with-the-iphone-with.pdf
    • http://www.gorillawalker.com/human-anatomy-and-physiology-laboratory-exercises-1-using-crime-scene.pdf
    • http://www.gorillawalker.com/four-little-blackberries-schottische-jacobs-amateur-series-for-banjo.pdf
    • http://www.gorillawalker.com/the-unknown-she-eight-faces-of-an-emerging-consciousness.pdf
    • http://www.gorillawalker.com/secrets-of-the-tai-chi-circle-journey-to-enlightenment-paperback.pdf
    • http://www.gorillawalker.com/the-coldest-sea.pdf
    • http://www.gorillawalker.com/time-causality-and-the-quantum-theory-studies-in-the-philosophy.pdf
    • http://www.gorillawalker.com/library-wars-love-war-vol-6.pdf
    • http://www.gorillawalker.com/blood-roses.pdf
    • http://www.gorillawalker.com/art-of-attraction.pdf
    • http://www.gorillawalker.com/microsoft-office-excel-2007-introductory-concepts-and-techniques-available-titles.pdf
    • http://www.gorillawalker.com/the-ekumeku-movement-western-igbo-resistance-to-the-british-conquest.pdf
    • http://www.gorillawalker.com/learning-to-live-financially-free-hard-earned-wisdom-for-saving.pdf
    • http://www.gorillawalker.com/continuance-of-national-service-life-insurance-information-for-veterans-of.pdf
    • http://www.gorillawalker.com/the-urban-oasis-guideways-and-greenways-in-the-human-environment.pdf
    • http://www.gorillawalker.com/proceedings-of-the-1991-bipolar-circuits-and-technology-meeting-minneapolis.pdf
    • http://www.gorillawalker.com/superconductivity-vol-2.pdf
    • http://www.gorillawalker.com/breve-historia-de-la-literatura-espa-ola.pdf
    • http://www.gorillawalker.com/non-obvious-how-to-think-different-curate-ideas-predict-the.pdf
    • http://www.gorillawalker.com/lonely-planet-tahiti-et-la-polynise-franaise-lonely-planet-travel.pdf
    • http://www.gorillawalker.com/the-xilixana-yanomami-of-the-amazon-history-social-structure-and.pdf
    • http://www.gorillawalker.com/in-times-of-war-an-anthology-of-war-and-peace.pdf
    • http://www.gorillawalker.com/spin-control-techniques-for-spinning-the-yarns-you-want-kindle.pdf
    • http://www.gorillawalker.com/optimization-modeling-with-lindo.pdf
    • http://www.gorillawalker.com/french-film-texts-and-contexts.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.