Malicious PDF — malware analysis report

Static analysis result for SHA-256 7bfd8651278b173a…

MALICIOUS

PDF

47.0 KB Created: 2019-04-05 19:45:11 +03:00 Authoring application: dvips 5.83 (MiKTeX 1.20b) Copyright 1998 Radical Eye Software (via Acrobat Distiller 4.0 for Windows)
MD5: c8748e7d3a9ffeb8bac467d7aecc6671 SHA-1: 0565a0310c43e2a40f48d9e4e10f456533d0a968 SHA-256: 7bfd8651278b173a75f9d0903e7cd57b7cd4eed8208c615ac8a759db3a0d1a24
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged this PDF as malicious. The document body appears to be heavily obfuscated or corrupted, preventing a clear understanding of its specific lure. The primary attack pattern observed is the creation of a link farm designed to direct users to potentially malicious content hosted on the gorillawalker.com domain.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8527

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/making-your-own-mead-43-recipes-for-homemade-honey-wines.pdf
    • http://www.gorillawalker.com/field-manual-fm-3-50-army-personnel-recovery-september-2014.pdf
    • http://www.gorillawalker.com/robben-ford-and-the-blue-line-handful-of-blues-guitar.pdf
    • http://www.gorillawalker.com/applied-minds-how-engineers-think.pdf
    • http://www.gorillawalker.com/plant-your-own-garden.pdf
    • http://www.gorillawalker.com/history-of-cornelis-maessen-van-buren-who-came-from-holland.pdf
    • http://www.gorillawalker.com/start-the-game-galactogon-book-1.pdf
    • http://www.gorillawalker.com/a-harry-stack-sullivan-case-seminar.pdf
    • http://www.gorillawalker.com/solomon-d-butcher-photographing-the-american-dream.pdf
    • http://www.gorillawalker.com/the-best-of-the-world-s-classics-restricted-to-prose.pdf
    • http://www.gorillawalker.com/great-source-aim-florida-fcat-math-student-edition-grade-8.pdf
    • http://www.gorillawalker.com/the-big-wide-mouthed-toad-frog-and-other-stories.pdf
    • http://www.gorillawalker.com/christmas-with-southern-living-1995.pdf
    • http://www.gorillawalker.com/discovery-snakeopedia-the-complete-guide-to-everything-snakes-plus-lizards.pdf
    • http://www.gorillawalker.com/byrne-s-advanced-technique-in-pool-and-billiards.pdf
    • http://www.gorillawalker.com/the-world-turned-upside-down-the-complex-partnership-between-china.pdf
    • http://www.gorillawalker.com/deliverance-for-amelia.pdf
    • http://www.gorillawalker.com/an-embodied-geography-of-disablement-chronically-ill-women-s-struggles.pdf
    • http://www.gorillawalker.com/il-turco-in-italia-vocal-sc-based-on-crit-edition.pdf
    • http://www.gorillawalker.com/travels-in-syria-and-egypt-during-the-y.pdf
    • http://www.gorillawalker.com/the-other-side-the-decadent-series-book-2-kindle-edition.pdf
    • http://www.gorillawalker.com/the-spelling-teacher-s-lesson-a-day-180-reproducible-activities.pdf
    • http://www.gorillawalker.com/michael-graves-designs-the-art-of-the-everyday-object.pdf
    • http://www.gorillawalker.com/tai-chi-for-seniors-step-by-step-step-by-step.pdf
    • http://www.gorillawalker.com/the-truth-about-genetically-modified-foods-an-interview-with-greg.pdf
    • http://www.gorillawalker.com/numerical-differential-protection-principles-and-applications.pdf
    • http://www.gorillawalker.com/josef-dietzgens-s-mtliche-schriften-band-ii-das-akquisit-der.pdf
    • http://www.gorillawalker.com/writing-windows-vxds-and-device-drivers-book-and-disk.pdf
    • http://www.gorillawalker.com/ispeek-for-elderly-care-1-800-picture-communication-symbols.pdf
    • http://www.gorillawalker.com/sotheby-s-new-york-dance-theater-opera-music-hall-costume.pdf
    • http://www.gorillawalker.com/baby-apes-it-s-fun-to-learn-about-baby-animals.pdf
    • http://www.gorillawalker.com/sudoku-pro-2007-calendar.pdf
    • http://www.gorillawalker.com/hobbs-brockunier-and-co-glass-identification-and-value-guide.pdf
    • http://www.gorillawalker.com/the-irresistible-church-12-traits-of-a-church-heaven-applauds.pdf
    • http://www.gorillawalker.com/new-light-on-immortality.pdf
    • http://www.gorillawalker.com/50-haiku-issue-3.pdf
    • http://www.gorillawalker.com/the-happy-lawyer-making-a-good-life-in-the-law.pdf
    • http://www.gorillawalker.com/hot-copy-classic-gay-erotica-from-the-magazine-era.pdf
    • http://www.gorillawalker.com/poesie-u-foscolo-rli-classici-italian-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/across-the-battlefield-conflict-anthology-book-1-kindle-edition.pdf
    • http://www.gorillawalker.com/start-the-game-galactogon-b
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.