Malicious PDF — malware analysis report

Static analysis result for SHA-256 7a6086d9468fd78d…

MALICIOUS

PDF

45.4 KB Created: 2019-02-13 20:36:53 +03:00 Authoring application: - (via Acrobat Distiller 4.0 for Windows)
MD5: c9ad76bdfc7bb219259fd46dc4627757 SHA-1: a55404acb875f96cfa79e925ae1e5670b6c31800 SHA-256: 7a6086d9468fd78d3d2ad61c736d2587c99cf76069db0593489e548f9f22b6df
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF was flagged by a machine learning classifier and a critical heuristic for containing a large number of external links. The document body, though heavily obfuscated, contains numerous URLs pointing to external PDF files hosted on 'gorillawalker.com'. This suggests a link farm or distribution mechanism rather than a typical document lure. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8812

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/prentice-hall-conceptual-physics-student-edition-and-concept-development-practice.pdf
    • http://www.gorillawalker.com/the-way-of-things-upper-kingdom-boxed-set-books-1.pdf
    • http://www.gorillawalker.com/handbook-of-research-on-innovative-technology-integration-in-higher-education.pdf
    • http://www.gorillawalker.com/the-knowledge-creating-company-harvard-business-review-classics.pdf
    • http://www.gorillawalker.com/acadia-2013-adaptive-architecture.pdf
    • http://www.gorillawalker.com/fundamentals-of-software-testing.pdf
    • http://www.gorillawalker.com/novel-images-literature-in-performance.pdf
    • http://www.gorillawalker.com/the-requiem-shark.pdf
    • http://www.gorillawalker.com/wind-energy-conversion-1996-british-wind-energy-association-s.pdf
    • http://www.gorillawalker.com/mama-did-they-drop-the-bomb.pdf
    • http://www.gorillawalker.com/middle-eastern-cooking-food-of-the-world-series.pdf
    • http://www.gorillawalker.com/the-scandal-of-the-incarnation.pdf
    • http://www.gorillawalker.com/agencies-webster-s-specialty-crossword-puzzles-volume-3-the-expert.pdf
    • http://www.gorillawalker.com/chemistry-manufacture-and-applications-of-natural-rubber-woodhead-publishing-in.pdf
    • http://www.gorillawalker.com/icloud-visual-quickstart-guide-2nd-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/lean-in-women-work-and-the-will-to-lead-by.pdf
    • http://www.gorillawalker.com/reisen-in-sud-amerika-geologische-studien-in-der-republik-colombia.pdf
    • http://www.gorillawalker.com/women-in-the-mines-stories-of-life-and-work-twayne.pdf
    • http://www.gorillawalker.com/fingerboard-geography-for-violin-vol-1.pdf
    • http://www.gorillawalker.com/microeconometrics-methods-and-applications.pdf
    • http://www.gorillawalker.com/risk-and-crisis-management-in-the-public-sector-routledge-masters.pdf
    • http://www.gorillawalker.com/allegro-spiritoso-for-tenor-saxophone-and-piano.pdf
    • http://www.gorillawalker.com/the-complete-guide-to-investing-in-undervalued-properties.pdf
    • http://www.gorillawalker.com/light-dreams-the-art-and-technology-of-holography-september-1.pdf
    • http://www.gorillawalker.com/becoming-money-wise-biblical-and-practical-principles-encouraging-faithful-management.pdf
    • http://www.gorillawalker.com/puzzlepal-books-cuddly-cow.pdf
    • http://www.gorillawalker.com/an-introduction-to-combustion-concepts-and-applications-w-software.pdf
    • http://www.gorillawalker.com/texts-events-cultural-narratives-of-britain-the-united-states.pdf
    • http://www.gorillawalker.com/rheumatoid-arthritis-and-proteus.pdf
    • http://www.gorillawalker.com/the-god-king.pdf
    • http://www.gorillawalker.com/annotated-bibliography-of-childhood-schizophrenia.pdf
    • http://www.gorillawalker.com/health-economics-and-financing-5th-edition-print-replica-kindle-edition.pdf
    • http://www.gorillawalker.com/wiccan-pagan-holidays-an-easy-beginner-s-guide-to-celebrating.pdf
    • http://www.gorillawalker.com/a-photogeological-analysis-of-the-structure-of-the-western-guayas.pdf
    • http://www.gorillawalker.com/1089-nights-an-odyssey-through-the-middle-east-africa-and.pdf
    • http://www.gorillawalker.com/sabaudian-studies-political-culture-dynasty-territory-1400-150-1700-early.pdf
    • http://www.gorillawalker.com/acute-spinal-cord-injury-pipeline-review-q2-2011-download-pdf.pdf
    • http://www.gorillawalker.com/food-for-the-soul-from-ama-s-kitchen-soulful-vegan.pdf
    • http://www.gorillawalker.com/does-atlas-shrug-the-economic-consequences-of-taxing-the-rich.pdf
    • http://www.gorillawalker.com/encyclopedia-of-the-nfl-oakland-raiders-super-bowl-xii-the.pdf
    • http://www.gorillawal
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.