Malicious PDF — malware analysis report

Static analysis result for SHA-256 8da2d4600d6263a9…

MALICIOUS

PDF

43.5 KB Created: 2018-12-14 20:02:48 +03:00 Authoring application: FrameMaker 7.1 (via Acrobat Distiller 7.0.5 (Windows))
MD5: 3f053aa7df9c59fc8c5e04d52ce88c75 SHA-1: 90147c4ad2f44226b1ff0eb7785b7ecfb7a03613 SHA-256: 8da2d4600d6263a9b5fdf82b4bdd7d09037eb51ecb48dabc0add5bd32b0fca2a
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged this PDF as malicious. The primary attack pattern appears to be a link farm designed to drive traffic to a large collection of documents hosted on www.gorillawalker.com.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9007

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/happy-hanukkah-curious-george-tabbed-board-book.pdf
    • http://www.gorillawalker.com/with-more-passion.pdf
    • http://www.gorillawalker.com/new-testament-and-the-church-the-library-of-new-testament.pdf
    • http://www.gorillawalker.com/erotic-selfies-set-1-selfies-of-naked-ladies.pdf
    • http://www.gorillawalker.com/queen-rider-kindle-edition.pdf
    • http://www.gorillawalker.com/safety-and-health-for-engineers-industrial-health-safety.pdf
    • http://www.gorillawalker.com/solution-focused-treatment-of-domestic-violence-offenders-accountability-for-change.pdf
    • http://www.gorillawalker.com/the-broken-coast.pdf
    • http://www.gorillawalker.com/science-year-3.pdf
    • http://www.gorillawalker.com/jesus-the-son-of-man-his-words-and-his-deeds.pdf
    • http://www.gorillawalker.com/baby-on-the-way-let-nutrition-guide-your-day-healthy.pdf
    • http://www.gorillawalker.com/retooling-on-the-run.pdf
    • http://www.gorillawalker.com/north-american-women-artists-of-the-twentieth-century-a-biographical.pdf
    • http://www.gorillawalker.com/holt-geometry-student-edition-cd-rom-set-of-25-2004.pdf
    • http://www.gorillawalker.com/atkins-answer-on-two-vhs-video-set-1-why-it.pdf
    • http://www.gorillawalker.com/disaster-spiritual-care-practical-clergy-responses-to-community-regional-and.pdf
    • http://www.gorillawalker.com/alfred-00-904905-inspiring-drummers-series-common-ground.pdf
    • http://www.gorillawalker.com/courageous-training-bold-actions-for-business-results-bk-business.pdf
    • http://www.gorillawalker.com/open-heavens-prayers-for-fertility-pregnancy-open-heavens-prayers-series.pdf
    • http://www.gorillawalker.com/business-plan-trucking-2015-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/fall-family-friends-cookbook-gooseberry-patch.pdf
    • http://www.gorillawalker.com/merchant-prince-of-the-sandalwood-mountains-afong-and-the-chinese.pdf
    • http://www.gorillawalker.com/ah-segnar-invano-io-tento-no-17-from-tancredi-act.pdf
    • http://www.gorillawalker.com/lough-allen-irish-discoverer-maps.pdf
    • http://www.gorillawalker.com/a-concise-history-of-russia-cambridge-concise-histories.pdf
    • http://www.gorillawalker.com/cape-cod-popout-map-pop-up-street-map-of-cape.pdf
    • http://www.gorillawalker.com/anni-albers-on-weaving.pdf
    • http://www.gorillawalker.com/teaching-and-supporting-children-with-special-educational-needs-and-disabilities.pdf
    • http://www.gorillawalker.com/mortgages-webster-s-specialty-crossword-puzzles.pdf
    • http://www.gorillawalker.com/meats-and-meat-dishes-from-amish-and-mennonite-kitchens.pdf
    • http://www.gorillawalker.com/ana-s-forbidden-fantasy-a-shared-wife-threesome.pdf
    • http://www.gorillawalker.com/the-kennedy-brothers-the-rise-and-fall-of-jack-and.pdf
    • http://www.gorillawalker.com/hands-of-stone-the-life-and-legend-of-roberto-duran.pdf
    • http://www.gorillawalker.com/baking-for-profit-starting-a-small-bakery.pdf
    • http://www.gorillawalker.com/handbook-of-physical-measurements-oxford-handbook-series.pdf
    • http://www.gorillawalker.com/american-countercultures-an-encyclopedia-of-political-social-religious-and-artistic.pdf
    • http://www.gorillawalker.com/raising-up-young-heroes-developing-a-revolutionary-youth-ministry.pdf
    • http://www.gorillawalker.com/earth-fire-and-sea-god-s-story-in-genesis.pdf
    • http://www.gorillawalker.com/virtual-private-networks-for-dummies.pdf
    • http://www.gorillawalker.com/beyond-contributory-pensions-fourteen-experiences-with-coverage-expansion-in-latin.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.