Malicious PDF — malware analysis report

Static analysis result for SHA-256 7e025fbf8349f420…

MALICIOUS

PDF

44.3 KB Created: 2019-04-02 22:43:36 +03:00 Authoring application: QuarkXPress(R) 8.0
MD5: a7aab918d4af38ee37c41f77022c42c9 SHA-1: 38e1a6a6ce2c3753f193a3d48a9ea29a0ab0a5e1 SHA-256: 7e025fbf8349f420ded676af69a4e1866ce5ad2d97790d6e7ea70dceaf7ca441
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links pointing to external PDFs on the domain www.gorillawalker.com. This behavior is indicative of a link farm, often used for SEO manipulation or to distribute malicious content. The ML classifier also flagged this PDF as malicious with a high score. No scripts were extracted, and the document body was unreadable, but the heuristic firings strongly suggest a malicious intent related to link distribution.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8642

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/a-tax-guide-4-foreigners-investing-working-or-living-in.pdf
    • http://www.gorillawalker.com/living-wild-kangaroos.pdf
    • http://www.gorillawalker.com/rugose-coral-genera.pdf
    • http://www.gorillawalker.com/lexi-comp-s-pediatric-dosage-handbook-with-international-trade-names.pdf
    • http://www.gorillawalker.com/peter-eisenman-diagram-diaries-universe-architecture-series.pdf
    • http://www.gorillawalker.com/secrets-of-screen-acting-theatre-arts-book.pdf
    • http://www.gorillawalker.com/halloween-party-recipes-anyone-can-learn-kindle-edition.pdf
    • http://www.gorillawalker.com/madison-bumgarner-the-inspirational-story-of-baseball-superstar-madison-bumgarner.pdf
    • http://www.gorillawalker.com/weight-watchers-cook-smart-easy-everyday-published-by-simon-schuster.pdf
    • http://www.gorillawalker.com/a-year-in-the-middle-east-expeditions-in-iran-and.pdf
    • http://www.gorillawalker.com/an-anthology-of-elizabethan-poetry.pdf
    • http://www.gorillawalker.com/us-army-technical-manual-tm-55-8115-202-10-hr.pdf
    • http://www.gorillawalker.com/the-structure-of-proof-with-logic-and-set-theory.pdf
    • http://www.gorillawalker.com/the-terra-cotta-army-china-146-s-first-emperor-and.pdf
    • http://www.gorillawalker.com/the-high-blood-pressure-hoax-by-rogers-sherry-a-1st.pdf
    • http://www.gorillawalker.com/manual-of-chess-combinations-vol-1a.pdf
    • http://www.gorillawalker.com/pigs-picnic.pdf
    • http://www.gorillawalker.com/cinco-de-mouse-o.pdf
    • http://www.gorillawalker.com/kabir-seven-hundred-sayings.pdf
    • http://www.gorillawalker.com/a-history-of-the-development-of-the-united-states-gymnastics.pdf
    • http://www.gorillawalker.com/can-t-stop-won-t-stop-a-history-of-the.pdf
    • http://www.gorillawalker.com/the-library-pr-handbook-high-impact-communications.pdf
    • http://www.gorillawalker.com/entrepreneurship-new-venture-creation.pdf
    • http://www.gorillawalker.com/skin-care-secrets-you-wish-you-knew-beat-acne-and.pdf
    • http://www.gorillawalker.com/religion-pluralism-and-public-life.pdf
    • http://www.gorillawalker.com/appeasing-fascism.pdf
    • http://www.gorillawalker.com/digital-watermarking-and-steganography-fundamentals-and-techniques.pdf
    • http://www.gorillawalker.com/la-metaura-d-aristotile-volgarizzamento-fiorentino-anonimo-del-xiv-secolo.pdf
    • http://www.gorillawalker.com/a-renaissance-tapestry-the-gonzaga-of-mantua.pdf
    • http://www.gorillawalker.com/the-highly-effective-detective-crosses-the-line-a-mystery.pdf
    • http://www.gorillawalker.com/allergies-and-candida-with-the-physicist-s-rapid-solution.pdf
    • http://www.gorillawalker.com/the-vikings-technology-in-the-time-of.pdf
    • http://www.gorillawalker.com/physical-characteristics-of-comets.pdf
    • http://www.gorillawalker.com/travel-journal-thailand.pdf
    • http://www.gorillawalker.com/delhi-ka-khaana.pdf
    • http://www.gorillawalker.com/davenport-s-dream-21st-century-reflections-on-heredity-and-eugenics.pdf
    • http://www.gorillawalker.com/wolves-2015.pdf
    • http://www.gorillawalker.com/i-married-a-soldier.pdf
    • http://www.gorillawalker.com/black-body-theory-and-the-quantum-discontinuity-1894-1912.pdf
    • http://www.gorillawalker.com/chicagoisms-the-city-as-catalyst-for-architectural-speculation.pdf
    • http://www.gorillawalker.com/lexi-comp-s-pediatric-dosage-handbook-with-internation
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.