Malicious PDF — malware analysis report

Static analysis result for SHA-256 8c7b9d34b4d06d7e…

MALICIOUS

PDF

45.6 KB Created: 2018-12-02 10:59:47 +03:00 Authoring application: Acrobat PDFMaker 11 for Word (via Adobe PDF Library 11.0)
MD5: 06f6ad4192d21124b2e5787043437d79 SHA-1: 6d473163a726ce8e8208a6734deb5911e47b308e SHA-256: 8c7b9d34b4d06d7e4eb5c8b70f539c04ba2402b86c8018932f3d09f7e20296c7
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF contains a large number of embedded links pointing to external PDF files, a technique often used for SEO poisoning or to distribute malicious content. The ML classifier also flagged this PDF as malicious. The primary attack pattern involves directing users to a link farm hosted on www.gorillawalker.com.

Machine Learning

  • Nyx PDF Classifier malicious score 0.7914

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-path-to-self-realization-using-the-mystic-sounds-of.pdf
    • http://www.gorillawalker.com/the-complete-civil-war-road-trip-guide-10-weekend-tours.pdf
    • http://www.gorillawalker.com/blood-rites-origins-and-history-of-the-passions-of-war.pdf
    • http://www.gorillawalker.com/france-insurance-market-outlook-to-2015-download-pdf-digital.pdf
    • http://www.gorillawalker.com/noon-a-novel.pdf
    • http://www.gorillawalker.com/the-2009-import-and-export-market-for-blankets-and-traveling.pdf
    • http://www.gorillawalker.com/luminescence-biotechnology-instruments-and-applications.pdf
    • http://www.gorillawalker.com/offenbarungen-der-schwester-mechthild-von-magdeburg-german-edition.pdf
    • http://www.gorillawalker.com/ergonomics-mw-vol-3-psych-mech.pdf
    • http://www.gorillawalker.com/rally-navigation-a-foulis-motoring-book.pdf
    • http://www.gorillawalker.com/paganini-etudes-kalmus-edition.pdf
    • http://www.gorillawalker.com/half-pint-homestead-6-tray-expandable-hydroponic-fodder-system-plans.pdf
    • http://www.gorillawalker.com/marketing-2-0-bridging-the-gap-between-seller-and-buyer.pdf
    • http://www.gorillawalker.com/the-life-of-a-knight-medieval-world.pdf
    • http://www.gorillawalker.com/the-talisman-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/working-in-wood.pdf
    • http://www.gorillawalker.com/more-science-for-you-112-illustrated-experiments.pdf
    • http://www.gorillawalker.com/a-social-history-of-english-rugby-union.pdf
    • http://www.gorillawalker.com/kynurenine-and-serotonin-pathways-progress-in-tryptophan-research-advances-in.pdf
    • http://www.gorillawalker.com/offices-architecture-in-focus.pdf
    • http://www.gorillawalker.com/the-apocalypse-deal-kindle-edition.pdf
    • http://www.gorillawalker.com/folens-physical-education-gymnastics-flip-guide-physical-education-series.pdf
    • http://www.gorillawalker.com/best-resumes-for-college-students-and-new-grads-jump-start.pdf
    • http://www.gorillawalker.com/messianic-feast-of-tabernacles-sukkot-haggadah-kindle-edition.pdf
    • http://www.gorillawalker.com/pediatric-drug-formulations-nahata-pediatric-drug-formulations.pdf
    • http://www.gorillawalker.com/fermentation-products-to-reach-17-8-billion-an-article-from.pdf
    • http://www.gorillawalker.com/my-wicked-gladiators-kindle-edition.pdf
    • http://www.gorillawalker.com/the-case-for-creationism.pdf
    • http://www.gorillawalker.com/the-worldwide-crisis-in-fisheries-economic-models-and-human-behavior.pdf
    • http://www.gorillawalker.com/mr-darcy-vampyre.pdf
    • http://www.gorillawalker.com/check-your-english-vocabulary-for-computers-and-information-technology-all.pdf
    • http://www.gorillawalker.com/aristotle-and-logical-theory.pdf
    • http://www.gorillawalker.com/jsp-examples-and-best-practices-expert-s-voice.pdf
    • http://www.gorillawalker.com/a-reason-to-stay.pdf
    • http://www.gorillawalker.com/pearson-baccalaureate-history-causes-and-effects-of-20th-century-wars.pdf
    • http://www.gorillawalker.com/new-risks-new-welfare-the-transformation-of-the-european-welfare.pdf
    • http://www.gorillawalker.com/an-introduction-to-commercial-property-finance-development-and-investment.pdf
    • http://www.gorillawalker.com/catholic-girls-don-t-do-that.pdf
    • http://www.gorillawalker.com/testament-a-priest-s-dying-confession-the-godless-heritage-series.pdf
    • http://www.gorillawalker.com/life-begins-at-incorporation.pdf
    • http://www.gorillawalker.com/the-2009-import-and-export-market-for-blank
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.