Malicious PDF — malware analysis report

Static analysis result for SHA-256 86f856457bc8161d…

MALICIOUS

PDF

46.0 KB Created: 2018-12-15 20:10:34 +03:00 Authoring application: Acrobat PDFMaker 11 for Word (via Acrobat Distiller 11.0 (Windows))
MD5: b3b68c6bc5a631372a3fd5aa001bf2ab SHA-1: cf5421c7e97b23fe5a747223eda16b7fe08a2489 SHA-256: 86f856457bc8161de04b11a77fafbf0b10124aec471ece9ee4642ae27968d465
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged the document as malicious. The primary attack pattern appears to be SEO manipulation or a link farm designed to drive traffic to the `gorillawalker.com` domain, potentially as a distribution point for further malicious content or to inflate search engine rankings.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8634

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/law-reports-entertainment-and-media-law-reports-volume-10-issue.pdf
    • http://www.gorillawalker.com/old-families-of-louisiana.pdf
    • http://www.gorillawalker.com/trick-and-treat-how-healthy-eating-is-making-us-ill.pdf
    • http://www.gorillawalker.com/tobacco-teen-issues.pdf
    • http://www.gorillawalker.com/la-rosa-de-los-vientos-antologia-poetica-cucana-spanish-edition.pdf
    • http://www.gorillawalker.com/walt-disney-and-the-quest-for-community-design-the-built.pdf
    • http://www.gorillawalker.com/showcase-presents-sgt-rock-vol-1.pdf
    • http://www.gorillawalker.com/i-carry-my-mother.pdf
    • http://www.gorillawalker.com/drawing-in-the-dust.pdf
    • http://www.gorillawalker.com/the-amber-book-ake-dahlstrom-and-leif-brost.pdf
    • http://www.gorillawalker.com/dragonfly-genera-of-the-new-world-an-illustrated-and-annotated.pdf
    • http://www.gorillawalker.com/international-nuclear-diplomacy-and-india.pdf
    • http://www.gorillawalker.com/fourier-analysis-and-boundary-value-problems.pdf
    • http://www.gorillawalker.com/the-roads-of-oklahoma.pdf
    • http://www.gorillawalker.com/balinese-gamelan-music-downloadable-audio-included.pdf
    • http://www.gorillawalker.com/eine-faust-ouvert-re-wwv-59-revised-version-full-score.pdf
    • http://www.gorillawalker.com/a-companion-to-english-renaissance-literature-and-culture.pdf
    • http://www.gorillawalker.com/san-manuel-bueno-martir-saint-manuel-bueno-martyr-nueva-biblioteca.pdf
    • http://www.gorillawalker.com/genetic-algorithms-data-structures-evolution-programs-kindle-edition.pdf
    • http://www.gorillawalker.com/a-month-of-sundays-making-sense-of-things.pdf
    • http://www.gorillawalker.com/bicycling-the-blue-ridge-fourth-edition.pdf
    • http://www.gorillawalker.com/quirky-qwerty-the-story-of-the-keyboard-your-fingertips.pdf
    • http://www.gorillawalker.com/oral-and-maxillofacial-pathology-3e-neville-oral-and-maxillofacial-pathology.pdf
    • http://www.gorillawalker.com/the-dangerous-act-of-loving-your-neighbor-seeing-others-through.pdf
    • http://www.gorillawalker.com/johann-strauss-and-vienna-operetta-and-the-politics-of-popular.pdf
    • http://www.gorillawalker.com/the-unity-of-mind-brain-and-world-current-perspectives-on.pdf
    • http://www.gorillawalker.com/the-easy-way-to-lose-weight.pdf
    • http://www.gorillawalker.com/from-dark-night-to-gentle-surrender-on-the-ethics-and.pdf
    • http://www.gorillawalker.com/baby-animal-shaped-board-books-lucy-the-lamb-cathy-the.pdf
    • http://www.gorillawalker.com/cocina-cubana-dulces-y-postres-170-recetas-tradicionales-cubanas-spanish.pdf
    • http://www.gorillawalker.com/an-introduction-to-the-physics-and-chemistry-of-petroleum.pdf
    • http://www.gorillawalker.com/physician-assistant-guide-to-clinical-practice-3rd-edition-unknown-binding.pdf
    • http://www.gorillawalker.com/scream-of-eagles-the-creation-of-top-gun.pdf
    • http://www.gorillawalker.com/the-elements-of-networking-style-and-other-essays-animadversions-on.pdf
    • http://www.gorillawalker.com/the-perinatal-cardiology-handbook-mobile-medicine-series-1e.pdf
    • http://www.gorillawalker.com/clean-coal-engineering-technology.pdf
    • http://www.gorillawalker.com/woven-and-graphic-art-of-anni-albers.pdf
    • http://www.gorillawalker.com/unequal-childhoods-class-race-and-family-life-1st-first-edition.pdf
    • http://www.gorillawalker.com/the-volvo-experience-alternatives-to-lean-production-in-the-swedish.pdf
    • http://www.gorillawalker.com/steck-vaughn-workforce-building-success-student-workbook-writing.pdf
    • http://www.gorillawalker.com/the-amber-book-ake-dahlstrom-and-leif-brost.p
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.