Malicious PDF — malware analysis report

Static analysis result for SHA-256 7b231c6973c92355…

MALICIOUS

PDF

41.6 KB Created: 2018-12-07 18:27:19 +03:00 Authoring application: easyPDF Printer Driver 4.3 (via BCL easyPDF 4.30 (0303))
MD5: cbb69fb0d2d024cf5fb08d5d555ef0b3 SHA-1: 6b60ee75cafabbb806ac33549b55162746df8923 SHA-256: 7b231c6973c92355efcd7fbbedbcd9f19ff3659d185b6a4fcce3269b90674dd1
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF was flagged by a machine learning classifier and a critical heuristic for containing a large number of external PDF links. The document body is heavily obfuscated, preventing analysis of its direct content. The primary attack pattern appears to be a link farm, likely for SEO manipulation or to distribute further malicious content, as indicated by the numerous URLs pointing to PDF files on gorillawalker.com.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9027

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/nicaragua-i-love-it-warts-and-all-kindle-edition.pdf
    • http://www.gorillawalker.com/concerto-full-score-for-violoncello-orch.pdf
    • http://www.gorillawalker.com/taboo-fantasy-erotica-little-brat-s-surprise.pdf
    • http://www.gorillawalker.com/migration-and-empire-oxford-history-of-the-british-empire-companion.pdf
    • http://www.gorillawalker.com/danger-girl-revolver.pdf
    • http://www.gorillawalker.com/lead-the-work-navigating-a-world-beyond-employment.pdf
    • http://www.gorillawalker.com/building-sustainable-peace-conflict-conciliation-and-civil-society-in-northern.pdf
    • http://www.gorillawalker.com/cancer-in-elderly-people-workshop-proceedings.pdf
    • http://www.gorillawalker.com/guns-n-roses-the-most-dangerous-band-in-the-world.pdf
    • http://www.gorillawalker.com/soult-napoleon-s-maligned-marshall.pdf
    • http://www.gorillawalker.com/maida-heatter-s-book-of-great-desserts-drawings-by-toni.pdf
    • http://www.gorillawalker.com/down-to-earth-geography-grade-3.pdf
    • http://www.gorillawalker.com/healing-the-hurts-of-your-past-a-guide-to-overcoming.pdf
    • http://www.gorillawalker.com/a-new-deal-for-the-world-america-s-vision-for.pdf
    • http://www.gorillawalker.com/my-best-friend-maybe-kindle-edition.pdf
    • http://www.gorillawalker.com/bread-for-the-journey-the-mission-of-transformation-and-the.pdf
    • http://www.gorillawalker.com/writing-strategies-reaching-diverse-audiences-qualitative-research-methods.pdf
    • http://www.gorillawalker.com/the-religious-question-in-modern-china.pdf
    • http://www.gorillawalker.com/gottfried-benn-the-unreconstructed-expressionist-modern-german-authors.pdf
    • http://www.gorillawalker.com/managing-sport-events-kindle-edition.pdf
    • http://www.gorillawalker.com/medical-pegboard-procedures.pdf
    • http://www.gorillawalker.com/the-spark-of-life-electricity-in-the-human-body-unabridged.pdf
    • http://www.gorillawalker.com/immune-system-natural-home-remedies-to-turn-your-immune-system.pdf
    • http://www.gorillawalker.com/twenty-years-after-vol-3.pdf
    • http://www.gorillawalker.com/sell-charisma-retail-to-challenge-fashion-business-to-create-a.pdf
    • http://www.gorillawalker.com/tibetan-buddhist-altar.pdf
    • http://www.gorillawalker.com/russian-dance-nutcracker-suite-tchaikovsky-beginner-piano-sheet-music-kindle.pdf
    • http://www.gorillawalker.com/supercooperators.pdf
    • http://www.gorillawalker.com/justice-as-fairness-a-restatement.pdf
    • http://www.gorillawalker.com/financial-peace-abridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/soul-mapping.pdf
    • http://www.gorillawalker.com/women-of-steel-and-stone-22-inspirational-architects-engineers-and.pdf
    • http://www.gorillawalker.com/a-new-concordance-of-the-old-testament-thesaurus-of-the.pdf
    • http://www.gorillawalker.com/keith-martin-on-collecting-austin-healey-mg-and-triumph.pdf
    • http://www.gorillawalker.com/the-way-of-the-thumb.pdf
    • http://www.gorillawalker.com/surface-matters-of-aesthetics-materiality-and-media.pdf
    • http://www.gorillawalker.com/peter-paul-and-mary-magdalene-the-followers-of-jesus-in.pdf
    • http://www.gorillawalker.com/the-st-louis-baseball-fan-word-search.pdf
    • http://www.gorillawalker.com/the-power-of-being-articulate.pdf
    • http://www.gorillawalker.com/a-marriage-without-regrets-study-guide.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.