Malicious PDF — malware analysis report

Static analysis result for SHA-256 7bfafeefd66b654a…

MALICIOUS

PDF

42.0 KB Created: 2018-11-14 08:30:00 +03:00 Authoring application: Adobe InDesign CC 2014 (Macintosh) (via Adobe PDF Library 11.0)
MD5: e63434ee163055db9b48a584783ff44c SHA-1: 19a7cf72d9846f75eb6cdd947e6d7b1c95c41033 SHA-256: 7bfafeefd66b654a8bb1f1035253c2f1dc0e6dee44632cda74225e44fbf56897
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious File

The PDF was flagged for containing a large number of external links, a technique often used for SEO manipulation or to distribute malicious content. The ML classifier also indicated a high probability of maliciousness. While no scripts were extracted, the sheer volume of embedded URLs suggests a malicious intent to redirect users to potentially harmful content hosted on www.gorillawalker.com.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8872

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/comida-mexicana-vegetariana-spanish-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/prim-proper-pregnant-harlequin-comics-kindle-edition.pdf
    • http://www.gorillawalker.com/an-accidental-soldier-memoirs-of-a-mestizo-in-vietnam.pdf
    • http://www.gorillawalker.com/paulus-op-36-aria-baritone-gott-sei-mir-gnadig-full.pdf
    • http://www.gorillawalker.com/the-official-guide-to-the-new-toefl-ibt-with-cd.pdf
    • http://www.gorillawalker.com/the-lobbying-and-advocacy-handbook-for-nonprofit-organizations-second-edition.pdf
    • http://www.gorillawalker.com/pocket-basics-for-math-and-english.pdf
    • http://www.gorillawalker.com/our-baby-brayden-the-story-of-brayden-s-first-year.pdf
    • http://www.gorillawalker.com/the-write-books-book-six-the-outside-world.pdf
    • http://www.gorillawalker.com/jean-potocki-oeuvres-iv-2-la-republique-des-lettres.pdf
    • http://www.gorillawalker.com/das-kaffeeorakel-von-hellas-abenteuer-alltag-und-krise-in-griechenland.pdf
    • http://www.gorillawalker.com/principles-and-practice-of-clinical-virology-4th-edition.pdf
    • http://www.gorillawalker.com/product-management-product-guoxue-zhenguan-politicians-learn-school-management-chinese.pdf
    • http://www.gorillawalker.com/basic-techniques-in-clinical-laboratory-science.pdf
    • http://www.gorillawalker.com/murder-in-norfolk-kindle-edition.pdf
    • http://www.gorillawalker.com/fertility-cycles-and-nutrition-can-what-you-eat-affect-your.pdf
    • http://www.gorillawalker.com/the-next-step.pdf
    • http://www.gorillawalker.com/the-stairway-to-heaven-book-ii-the-second-book-of.pdf
    • http://www.gorillawalker.com/kingdom-of-the-golden-dragon.pdf
    • http://www.gorillawalker.com/dateline-vermont.pdf
    • http://www.gorillawalker.com/potions-enchantments-unofficial-minecraft-guide-mc-gaming-expert-unofficial-minecraft.pdf
    • http://www.gorillawalker.com/lerida-y-andorra-lleida-and-andorra-spanish-edition.pdf
    • http://www.gorillawalker.com/ahfs-drug-information-2003.pdf
    • http://www.gorillawalker.com/the-shark-and-the-albatross-travels-with-a-camera-to.pdf
    • http://www.gorillawalker.com/flute-player-lazy-one.pdf
    • http://www.gorillawalker.com/manual-de-redacci-n-juridica-guide-of-legal-drafting-spanish.pdf
    • http://www.gorillawalker.com/mathematics-dictionary.pdf
    • http://www.gorillawalker.com/dating-of-certain-inscriptions-of-non-maya-origin-theoretical-approaches.pdf
    • http://www.gorillawalker.com/alfred-introduction-dance-and-furioso-for-alto-sax-by-couf.pdf
    • http://www.gorillawalker.com/spreading-improvement-across-your-health-care-organization.pdf
    • http://www.gorillawalker.com/beyond-the-empty-quarter.pdf
    • http://www.gorillawalker.com/dear-cow-not-now-i-m-busy-and-other-funny.pdf
    • http://www.gorillawalker.com/the-almighty-latin-king-and-queen-nation-street-politics-and.pdf
    • http://www.gorillawalker.com/lord-of-the-necropolis-ravenloft.pdf
    • http://www.gorillawalker.com/the-global-economics-of-forestry.pdf
    • http://www.gorillawalker.com/mytechcommlab-standalone-access-card-for-technical-communication-process-and-product.pdf
    • http://www.gorillawalker.com/theatre-education-and-performance.pdf
    • http://www.gorillawalker.com/kirov-trilogy-kirov-series-book-1-kindle-edition.pdf
    • http://www.gorillawalker.com/edwards-disaster-recovery-directory-2006-the-professional-s-resource-for.pdf
    • http://www.gorillawalker.com/when-the-night-is-sweet-with-starlight-treble-voices-electric.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.