Malicious PDF — malware analysis report

Static analysis result for SHA-256 8dba0519520159b0…

MALICIOUS

PDF

43.2 KB Created: 2018-12-15 08:53:04 +03:00 Authoring application: - (via Acrobat Distiller 7.0.5 (Windows))
MD5: 600f278bd5da5c9fa608a8d4ed68099f SHA-1: 6f563c7662e930513464e4fa58927dd3b652cc3c SHA-256: 8dba0519520159b0bb8d59d8f0cc23bc8e3e2d8ec6341a723194d9df2ac008fb
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1059.001 PowerShell

The PDF file was flagged by a machine learning classifier as malicious. Static analysis revealed a large number of embedded URLs pointing to external PDF files hosted on the domain 'www.gorillawalker.com'. This suggests a link farm or SEO manipulation tactic, potentially used to distribute malware or phish for information. No scripts were extracted, and the document body was unreadable.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9171

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/hiv-aids-and-the-social-consequences-of-untamed-biomedicine-anthropological.pdf
    • http://www.gorillawalker.com/stress-and-the-healthy-family-how-healthy-families-handle-the.pdf
    • http://www.gorillawalker.com/trattato-d-amore-italian-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/appeal-of-fascism-creeping-right-handed-trap-of-terrorism-kadokawa.pdf
    • http://www.gorillawalker.com/the-wars-of-the-roses-the-fall-of-the-plantagenets.pdf
    • http://www.gorillawalker.com/eagles-complete-vol-1.pdf
    • http://www.gorillawalker.com/field-guide-to-north-american-truffles-hunting-identifying-and-enjoying.pdf
    • http://www.gorillawalker.com/the-paran-with-incidents-of-the-paraguayan-war-and-south.pdf
    • http://www.gorillawalker.com/your-father-has-alzheimer-s-a-guide-to-baby-boomers.pdf
    • http://www.gorillawalker.com/loose-change-three-women-of-the-sixties.pdf
    • http://www.gorillawalker.com/beat-reflux-all-natural-cure-kindle-edition.pdf
    • http://www.gorillawalker.com/air-quality-assessment-and-management-a-practical-guide-clay-s.pdf
    • http://www.gorillawalker.com/the-g-factor-general-intelligence-and-its-implications.pdf
    • http://www.gorillawalker.com/understanding-the-social-world-of-the-new-testament.pdf
    • http://www.gorillawalker.com/star-trek-costumes-five-decades-of-fashion-from-the-final.pdf
    • http://www.gorillawalker.com/the-processing-of-information-and-structure.pdf
    • http://www.gorillawalker.com/atlas-of-radiologic-measurement-7e.pdf
    • http://www.gorillawalker.com/recovery-2-day-south-pass.pdf
    • http://www.gorillawalker.com/hospital-billing-completing-ub-04-claims-2nd-second-edition.pdf
    • http://www.gorillawalker.com/first-book-of-flight-a-child-s-history-of-aviation.pdf
    • http://www.gorillawalker.com/historic-gloucester.pdf
    • http://www.gorillawalker.com/natural-hemorrhoids-remedies-how-to-cure-hemorrhoids-fast-and-naturally.pdf
    • http://www.gorillawalker.com/britain-s-retreat-from-empire-in-east-asia-1905-1980.pdf
    • http://www.gorillawalker.com/the-versailles-treaty-and-its-legacy-the-failure-of-the.pdf
    • http://www.gorillawalker.com/bankruptcy-law-principles-policies-and-practice-2015-loose-leaf-version.pdf
    • http://www.gorillawalker.com/family-practice-guidelines.pdf
    • http://www.gorillawalker.com/more-prayers-first-book.pdf
    • http://www.gorillawalker.com/the-gringo-s-guide-to-acapulco-3rd-edition.pdf
    • http://www.gorillawalker.com/chartered-institute-of-taxation-tax-treaties-and-controlled-foreign-company.pdf
    • http://www.gorillawalker.com/marina-und-der-68er-german-edition.pdf
    • http://www.gorillawalker.com/villages-of-edinburgh-an-illustrated-guide-volume-1.pdf
    • http://www.gorillawalker.com/finding-words-for-worship-a-guide-for-leaders.pdf
    • http://www.gorillawalker.com/adivina-cuanto-te-quiero-spanish-edition.pdf
    • http://www.gorillawalker.com/the-guitar-practice-journal-organise-your-practice-track-your-progress.pdf
    • http://www.gorillawalker.com/books-for-kids-frog-and-are-friends-bedtime-stories-for.pdf
    • http://www.gorillawalker.com/roman-britain-a-sourcebook-routledge-sourcebooks-for-the-ancient-world.pdf
    • http://www.gorillawalker.com/live-children-s-curriculum-year-2-pack-getting-kids-into.pdf
    • http://www.gorillawalker.com/from-a-mess-to-a-miracle.pdf
    • http://www.gorillawalker.com/jesus-calls-us-keyboard-bk2-moderate.pdf
    • http://www.gorillawalker.com/awakened-love-amish-of-webster-county-v3-amish-of-webster.pdf
    • http://www.gorillawalker.com/field-guide-to-north-american-truffles-hunting-ident
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.