Malicious PDF — malware analysis report

Static analysis result for SHA-256 883deb1dce47017a…

MALICIOUS

PDF

48.2 KB Created: 2018-12-14 20:03:36 +03:00 Authoring application: FrameMaker 7.0 (via Acrobat Distiller 5.0.5 (Windows); modified using iText® 5.5.4 ©2000-2014 iText Group NV (AGPL-version))
MD5: 73f127a350ca2806767a78a144c0b02e SHA-1: 52251cf664f102cb524e8ca0bb27f72d8835da3e SHA-256: 883deb1dce47017a6925bf661323820622f66ba99430026c2a97b339ccdccddb
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded external links, identified by the PDF_SEO_LINK_FARM heuristic. These links point to various PDF documents hosted on gorillawalker.com. The ML_NYX_PDF_MALICIOUS heuristic also flagged the document as malicious. The primary attack pattern appears to be a link farm designed to manipulate search engine results or to distribute further malicious content, rather than a direct user-facing lure.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8013

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/offshoring-secrets-building-and-running-a-successful-india-operation.pdf
    • http://www.gorillawalker.com/harcourt-school-publishers-math-practice-workbook-student-edition-grade-5.pdf
    • http://www.gorillawalker.com/key-engineering-materials-volume-2-interdisciplinary-concepts-and-research.pdf
    • http://www.gorillawalker.com/winning-marriage-the-inside-story-of-how-same-sex-couples.pdf
    • http://www.gorillawalker.com/passport-singapore-your-pocket-guide-to-singaporean-business-customs-etiquette.pdf
    • http://www.gorillawalker.com/ben-jonson-in-context-literature-in-context.pdf
    • http://www.gorillawalker.com/symmetric-eigenvalue-problem-prentice-hall-series-in-computational-mathematics.pdf
    • http://www.gorillawalker.com/the-rosary-the-little-summa-reflections-from-sacred-scripture-st.pdf
    • http://www.gorillawalker.com/a-climber-s-guide-to-the-paradise-forks.pdf
    • http://www.gorillawalker.com/figure-drawing-the-structure-anatomy-and-expressive-design-of-human.pdf
    • http://www.gorillawalker.com/phase-diagrams-for-ceramists-volume-viii-high-pressure-systems-phase.pdf
    • http://www.gorillawalker.com/citrus-essentials-cook-west.pdf
    • http://www.gorillawalker.com/advances-in-veterinary-dermatology-proceedings-of-the-seventh-world-congress.pdf
    • http://www.gorillawalker.com/geopolitics-and-the-green-revolution-wheat-genes-and-the-cold.pdf
    • http://www.gorillawalker.com/paleobiology-volume-2-number-2-spring-1976.pdf
    • http://www.gorillawalker.com/billy-joel-piano-man.pdf
    • http://www.gorillawalker.com/los-ingravidos-narrativa-sexto-piso-spanish-edition.pdf
    • http://www.gorillawalker.com/the-art-of-the-short-fiction-film-a-shot-by.pdf
    • http://www.gorillawalker.com/how-do-you-say-evidence-in-spanish-a-pocket-easy.pdf
    • http://www.gorillawalker.com/acquaintance-knowledge-and-logic-new-essays-on-bertrand-russell-s.pdf
    • http://www.gorillawalker.com/scarlet-pimpernel-of-the-vatican.pdf
    • http://www.gorillawalker.com/insiders-and-outsiders-citizenship-and-xenophobia-in-contemporary-southern-africa.pdf
    • http://www.gorillawalker.com/developmental-biology-eighth-edition.pdf
    • http://www.gorillawalker.com/clinical-gynecologic-endocrinology-infertility.pdf
    • http://www.gorillawalker.com/dolphins-and-whales-following-my-passion.pdf
    • http://www.gorillawalker.com/german-battle-tanks-in-color-schiffer-military.pdf
    • http://www.gorillawalker.com/human-social-and-organizational-aspects-of-health-information-systems-premier.pdf
    • http://www.gorillawalker.com/medical-parasitology.pdf
    • http://www.gorillawalker.com/disney-princess-palace-pets-mega-colouring.pdf
    • http://www.gorillawalker.com/occupational-safety-and-health-for-technologists-engineers-and-managers.pdf
    • http://www.gorillawalker.com/straight-to-gay-three-first-time-gay-stories-straight-men.pdf
    • http://www.gorillawalker.com/the-little-book-of-arsenal-over-150-hotshot-quotes-the.pdf
    • http://www.gorillawalker.com/pleyel-ignace-joseph-six-duos-op-23-b-513-518.pdf
    • http://www.gorillawalker.com/crime-culpability-and-remedy-social-philosophy-and-policy.pdf
    • http://www.gorillawalker.com/a-change-for-the-better-a-woman-s-guide-through.pdf
    • http://www.gorillawalker.com/proceedings-of-the-international-coastal-congress-icc-kiel-92-interdisciplinary.pdf
    • http://www.gorillawalker.com/constitutional-law-for-the-criminal-justice-professional.pdf
    • http://www.gorillawalker.com/alabama-afternoons-profiles-and-conversations.pdf
    • http://www.gorillawalker.com/colorado-springs-pueblo-county-colorado-usa-streetfinder-atlas.pdf
    • http://www.gorillawalker.com/identity-and-the-new-psychoanalytic-explorations-of-self-organization-psychological.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.