Malicious PDF — malware analysis report

Static analysis result for SHA-256 8bd697706421d699…

MALICIOUS

PDF

42.4 KB Created: 2019-03-17 11:02:49 +03:00 Authoring application: iBooks Author (via Mac OS X 10.9.3 Quartz PDFContext)
MD5: 57d746bea0a0d148d8e937bd67b64259 SHA-1: 7c2ade72421af50d812214a76b4224f5454ce1df SHA-256: 8bd697706421d69926ebba439935380728d9b1345428a9907ad2778ec1f052dc
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF contains a large number of embedded links pointing to external PDF files on the domain 'gorillawalker.com'. This heuristic, combined with the ML classifier's high confidence, suggests a link-farming or redirection tactic. No scripts were extracted, and the document body was unreadable, limiting further analysis of the specific lure.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9027

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-gas-we-pass-the-story-of-farts.pdf
    • http://www.gorillawalker.com/the-medical-secretary-terminology-and-transcription-with-previews-in-gregg.pdf
    • http://www.gorillawalker.com/c-programming-in-the-berkeley-unix-environment.pdf
    • http://www.gorillawalker.com/dolly-parton-real-love-piano-vocal-chords.pdf
    • http://www.gorillawalker.com/anger-wisdom-for-cooling-the-flames.pdf
    • http://www.gorillawalker.com/cinderella-the-junior-novel.pdf
    • http://www.gorillawalker.com/agent-gemini-harlequin-romantic-suspense.pdf
    • http://www.gorillawalker.com/for-love-of-mitch-hill-creek-texas-series-3-love.pdf
    • http://www.gorillawalker.com/whatever-wanda-shine-bright-kids-series.pdf
    • http://www.gorillawalker.com/i-cured-my-chronic-fatigue-so-can-you-kindle-edition.pdf
    • http://www.gorillawalker.com/top-10-of-everything-2013-top-ten-of-everything.pdf
    • http://www.gorillawalker.com/malala-a-hero-for-all-step-into-reading.pdf
    • http://www.gorillawalker.com/maghella-n-9-la-principessa-sul-pisello-italian-edition.pdf
    • http://www.gorillawalker.com/12-concerti-a-cinque-op-9-oboe-concerto-in-d.pdf
    • http://www.gorillawalker.com/submitting-to-his-lordship-kindle-edition.pdf
    • http://www.gorillawalker.com/enchanted-childhood-the-magical-world-of-lisa-jane-childrens-photography.pdf
    • http://www.gorillawalker.com/algebra-success-in-20-minutes-a-day.pdf
    • http://www.gorillawalker.com/focus-desarrollar-la-atenci-n-para-alcanzar-la-excelencia-spanish.pdf
    • http://www.gorillawalker.com/poetaster-revels-plays.pdf
    • http://www.gorillawalker.com/life-in-the-spirit.pdf
    • http://www.gorillawalker.com/daughters-of-seclusion-the-revelation-of-the-ibibio-fattened-bride.pdf
    • http://www.gorillawalker.com/the-coffin-quilt-the-feud-between-the-hatfields-and-the.pdf
    • http://www.gorillawalker.com/always-remember-you-are-loved-a-child-s-curiosity-about.pdf
    • http://www.gorillawalker.com/maimonides-vida-y-ensenanzas-del-gran-filosofo-judio-spanish-edition.pdf
    • http://www.gorillawalker.com/pequena-historia-de-gaudi-short-story-of-gaudi-pequenas-historias.pdf
    • http://www.gorillawalker.com/essential-library-of-world-war-ii-set.pdf
    • http://www.gorillawalker.com/gun-to-the-head-marketing.pdf
    • http://www.gorillawalker.com/8-variations-on-an-original-theme-d-813-arrangement-for.pdf
    • http://www.gorillawalker.com/cowboys-and-pearls-loving-in-silver-5-siren-publishing-menage.pdf
    • http://www.gorillawalker.com/waiting-wives-the-story-of-schilling-manor-home-front-to.pdf
    • http://www.gorillawalker.com/connect-access-card-for-educational-psychology.pdf
    • http://www.gorillawalker.com/the-tractor-in-the-haystack-great-stories-of-tractor-archaeology.pdf
    • http://www.gorillawalker.com/men-on-strike-why-men-are-boycotting-marriage-fatherhood-and.pdf
    • http://www.gorillawalker.com/the-man-who-changed-how-boys-and-toys-were-made.pdf
    • http://www.gorillawalker.com/nature-art-with-chiura-obata-naturalist-s-apprentice.pdf
    • http://www.gorillawalker.com/top-performance-how-to-develop-excellence-in-yourself-and-others.pdf
    • http://www.gorillawalker.com/small-stage-sets-on-tour-a-practical-guide-to-portable.pdf
    • http://www.gorillawalker.com/where-the-writer-meets-the-road-a-collection-of-articles.pdf
    • http://www.gorillawalker.com/the-informationist-a-vanessa-michael-munroe-novel.pdf
    • http://www.gorillawalker.com/turtle-night-at-playa-grande-kindle-edition.pdf
    • http://www.gorillawalker.com/for-love-of-m
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.