Malicious PDF — malware analysis report

Static analysis result for SHA-256 7ed41e25574f3894…

MALICIOUS

PDF

44.7 KB Created: 2018-12-28 08:55:01 +03:00 Authoring application: Adobe InDesign CS4 (6.0.6) (via Adobe PDF Library 9.0)
MD5: 8f70ec02d29a9753a8176bdb161a0fea SHA-1: c6f128baf4cff4363006556e2186325b756989ef SHA-256: 7ed41e25574f3894cee3e8af7ab55d8b14b7caa4de2d3754c1b2b342b2b8e264
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF was flagged for containing a large number of external links, constituting a link farm. The embedded URLs point to various PDF documents on the domain www.gorillawalker.com. This suggests a tactic to drive traffic to a large collection of content, potentially for SEO manipulation or to host malicious payloads disguised as legitimate documents. No scripts were extracted, and the document body was unreadable.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8173

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/whole-gospel-whole-world-the-foreign-mission-board-of-the.pdf
    • http://www.gorillawalker.com/dark-marco-vol-2-kindle-edition.pdf
    • http://www.gorillawalker.com/bridge-builders.pdf
    • http://www.gorillawalker.com/dictionary-of-physical-education-and-sports-science.pdf
    • http://www.gorillawalker.com/ancient-ryukyu-an-archaeological-study-of-island-communities.pdf
    • http://www.gorillawalker.com/la-buena-botella-haciendo-cerveza-en-casa-spanish-edition-kindle.pdf
    • http://www.gorillawalker.com/welding-principles-and-applications-study-guide-lab-manual.pdf
    • http://www.gorillawalker.com/digital-radiography.pdf
    • http://www.gorillawalker.com/examples-explanations-federal-income-taxation-6th-edition.pdf
    • http://www.gorillawalker.com/how-to-cheat-in-photoshop-elements-7-creating-stunning-photomontages.pdf
    • http://www.gorillawalker.com/planning-and-making-crowns-and-bridges.pdf
    • http://www.gorillawalker.com/lone-wolf-cub-volume-13.pdf
    • http://www.gorillawalker.com/shsat-test-strategy-winning-multiple-choice-strategies-for-the-shsat.pdf
    • http://www.gorillawalker.com/yamaha-xj900s-diversion-service-and-repair-manual-1994-2000-haynes.pdf
    • http://www.gorillawalker.com/developing-a-quality-curriculum.pdf
    • http://www.gorillawalker.com/hunter-once-upon-a-time-book-1.pdf
    • http://www.gorillawalker.com/atlas-geograficzny-polish-edition.pdf
    • http://www.gorillawalker.com/grafologia-cientifica-practica-scientific-graphology-practice-spanish-edition.pdf
    • http://www.gorillawalker.com/the-calculus-of-selfishness-princeton-series-in-theoretical-and-computational.pdf
    • http://www.gorillawalker.com/the-helicopter-pilot-s-manual-volume-2-powerplants-instruments-and.pdf
    • http://www.gorillawalker.com/handbook-of-research-on-distributed-medical-informatics-and-e-health.pdf
    • http://www.gorillawalker.com/coaching-modelle-zur-diffusion-einer-sozialen-innovation-in-der-personalentwicklung.pdf
    • http://www.gorillawalker.com/esidarap-the-end-of-magic.pdf
    • http://www.gorillawalker.com/models-for-quantifying-risk-fourth-edition-actex-academic-series.pdf
    • http://www.gorillawalker.com/carrie-underwood-blown-away-piano-vocal-guitar.pdf
    • http://www.gorillawalker.com/mastery-the-keys-to-success-and-long-term-fulfillment-by.pdf
    • http://www.gorillawalker.com/rommel-in-his-own-words.pdf
    • http://www.gorillawalker.com/histoire-de-nicolas-i-roy-du-paraguai-et-empereur-des.pdf
    • http://www.gorillawalker.com/tattered-lace-a-mystery-novel.pdf
    • http://www.gorillawalker.com/the-essential-luther-a-reader-on-scripture-redemption-and-society.pdf
    • http://www.gorillawalker.com/sing-of-the-earth-and-sky.pdf
    • http://www.gorillawalker.com/how-to-be-an-all-star-residency-match-applicant-from.pdf
    • http://www.gorillawalker.com/bread-by-mother-earth-news-our-favorite-recipes-for-artisan.pdf
    • http://www.gorillawalker.com/the-supreme-moderator-of-clerical-exempt-religious-institutes.pdf
    • http://www.gorillawalker.com/practical-chemistry-for-caribbean-examinations-council.pdf
    • http://www.gorillawalker.com/easy-to-remember-the-great-american-songwriters-and-their-songs.pdf
    • http://www.gorillawalker.com/how-can-gang-violence-be-prevented-at-issue.pdf
    • http://www.gorillawalker.com/stoking-the-fire-of-democracy-our-generation-s-introduction-to.pdf
    • http://www.gorillawalker.com/the-significance-of-n-nitrosation-of-drugs-drug-development-and.pdf
    • http://www.gorillawalker.com/landscript-03-topology-topical-thoughts-on-the-contemporary-landscape.pdf
    • http://www.gorillawalker.com/welding-principles-and-applications-study-gui
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.