Malicious PDF — malware analysis report

Static analysis result for SHA-256 821cca349cc066d0…

MALICIOUS

PDF

44.8 KB Created: 2018-12-15 20:09:28 +03:00 Authoring application: - (via Acrobat Distiller 3.0 for Power Macintosh)
MD5: bbafb9fa1355773e6144eb396c25ba4b SHA-1: 465d16b19dff72eb8cb8e0219446b518f76cec50 SHA-256: 821cca349cc066d081e302f9dcf32e1c0a18c32ca4d08d2a78d5c560aa9a16e7
100 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded external links, identified as a 'link farm' by heuristics. The presence of a 'SE_DOWNLOAD_BUTTON' heuristic suggests these links are presented as download calls-to-action to trick users into visiting them. While no scripts were explicitly extracted, the PDF structure and link farm indicate a likely attempt to direct users to malicious or unwanted content hosted on the `gorillawalker.com` domain.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8173

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
    Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/step-by-step-reading-pentacam-topography.pdf
    • http://www.gorillawalker.com/nirvana-the-biography.pdf
    • http://www.gorillawalker.com/microeconomics-principles-and-policy.pdf
    • http://www.gorillawalker.com/seaside-nights-love-in-bloom-seaside-summers.pdf
    • http://www.gorillawalker.com/why-we-fight.pdf
    • http://www.gorillawalker.com/by-ralph-reitan-neuroanatomy-and-neuropathology-a-clinical-guide-for.pdf
    • http://www.gorillawalker.com/ballroom-love-to-dance.pdf
    • http://www.gorillawalker.com/nelson-phonics-spelling-and-handwriting-pupil-book-red-1.pdf
    • http://www.gorillawalker.com/strasburger-tratado-de-botanica-spanish-edition.pdf
    • http://www.gorillawalker.com/como-alcanzar-u-1-millon-de-dolares-transando-online-cfds.pdf
    • http://www.gorillawalker.com/entre-mecs-histoire-courte-rotique-t-6-french-edition.pdf
    • http://www.gorillawalker.com/the-lost-keys-of-freemasonry-original-text-with-additional-1923.pdf
    • http://www.gorillawalker.com/social-media-mastery-updated-for-2015-75-tips-to-help.pdf
    • http://www.gorillawalker.com/what-s-it-worth-1983-price-guide-hummels.pdf
    • http://www.gorillawalker.com/noisy-funfair-noisy-books.pdf
    • http://www.gorillawalker.com/final-diagnosis-signet.pdf
    • http://www.gorillawalker.com/belle-of-batoche-orca-young-readers.pdf
    • http://www.gorillawalker.com/new-crafts-basketwork-25-practical-basket-making-projects-for-every.pdf
    • http://www.gorillawalker.com/a-retrospective-on-the-bretton-woods-system-lessons-for-international.pdf
    • http://www.gorillawalker.com/introduction-to-microdisplays.pdf
    • http://www.gorillawalker.com/the-private-gardens-of-england.pdf
    • http://www.gorillawalker.com/what-s-happening-to-me-girls-edition.pdf
    • http://www.gorillawalker.com/prehistoric-europe-theory-and-practice.pdf
    • http://www.gorillawalker.com/down-south-a-collection-of-recipes-from-my-mother.pdf
    • http://www.gorillawalker.com/bloom-s-how-to-write-about-john-steinbeck-bloom-s.pdf
    • http://www.gorillawalker.com/semblanza-de-mart.pdf
    • http://www.gorillawalker.com/bech-un-libro-andanzas-andanzas-adventures-spanish-edition.pdf
    • http://www.gorillawalker.com/the-american-story-penguin-academics-series-volume-2-5th-edition.pdf
    • http://www.gorillawalker.com/george-r-r-martin-s-a-game-of-thrones-5.pdf
    • http://www.gorillawalker.com/antitrust-law-and-economics-in-a-nutshell.pdf
    • http://www.gorillawalker.com/kit-carson-and-the-wild-frontier.pdf
    • http://www.gorillawalker.com/gps-global-personal-social-valores-para-un-mundo-en-transformacion.pdf
    • http://www.gorillawalker.com/mentor-me-ga-t-e-a-formula-to-fulfill-your.pdf
    • http://www.gorillawalker.com/to-protect-serve-volume-1.pdf
    • http://www.gorillawalker.com/zebra-who-was-sad-when-i-was.pdf
    • http://www.gorillawalker.com/thrice-greatest-hermes-studies-in-hellenistic-theosophy-and-gnosis-being.pdf
    • http://www.gorillawalker.com/safe-efficient-regular-and-seamless-air-traffic-management.pdf
    • http://www.gorillawalker.com/congenital-club-foot-its-nature-and-treatment-with-special-reference.pdf
    • http://www.gorillawalker.com/between-a-rock-and-a-hard-place-public-theology-in.pdf
    • http://www.gorillawalker.com/venture-capital-handbook-an-entrepreneur-s-guide-to-raising-venture.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.