Malicious PDF — malware analysis report

Static analysis result for SHA-256 8e83b1b6802da136…

MALICIOUS

PDF

44.7 KB Created: 2018-11-26 20:12:25 +03:00 Authoring application: Adobe InDesign CS4 (6.0.6) (via Mac OS X 10.9.1 Quartz PDFContext)
MD5: 134fa49851db3d8f11b443c0b273eb10 SHA-1: a3f4d1018b42e23bea8b2bc418ece0f40fb3601c SHA-256: 8e83b1b6802da136ca89ce16518866833e78987a4b9cded1f873a10f10e1a7bb
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF file was flagged by a machine learning classifier and contains a large number of external links, indicative of a link farm or SEO poisoning attack. The primary heuristic identified 32 external PDF links, with the first being http://www.gorillawalker.com/chilton-s-repair-and-tune-up-guide-blazer-jimmy-1969.pdf. This suggests the document's purpose is to redirect users to potentially malicious or unwanted content hosted on the gorillawalker.com domain.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8173

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/chilton-s-repair-and-tune-up-guide-blazer-jimmy-1969.pdf
    • http://www.gorillawalker.com/electronic-commerce-2012-managerial-and-social-networks-perspectives-7th-edition.pdf
    • http://www.gorillawalker.com/quartet-on-an-intrada-from-the-16th-century-for-4.pdf
    • http://www.gorillawalker.com/crustacea-guide-of-the-world.pdf
    • http://www.gorillawalker.com/blame-it-on-the-dog-a-modern-history-of-the.pdf
    • http://www.gorillawalker.com/eight-ballets-and-madrigals-1598.pdf
    • http://www.gorillawalker.com/i-forgot-to-tell-you-ballet-school-confidential-kindle-edition.pdf
    • http://www.gorillawalker.com/bridgend-maesteg-porthcawl-pencoed-and-pyle-street-atlas-2006.pdf
    • http://www.gorillawalker.com/the-social-impact-of-bomb-destruction.pdf
    • http://www.gorillawalker.com/apples-and-pomegranates-a-family-seder-for-rosh-hashanah-kindle.pdf
    • http://www.gorillawalker.com/smut.pdf
    • http://www.gorillawalker.com/glorious-soups-for-entertaining.pdf
    • http://www.gorillawalker.com/how-odd-of-god-chosen-for-the-curious-vocation-of.pdf
    • http://www.gorillawalker.com/anime-fan-communities-transcultural-flows-and-frictions.pdf
    • http://www.gorillawalker.com/with-dreams-with-dreams-only-of-you-part-one.pdf
    • http://www.gorillawalker.com/singapore-math-grade-5.pdf
    • http://www.gorillawalker.com/conference-on-decision-and-control.pdf
    • http://www.gorillawalker.com/florida-s-fabulous-canoe-and-kayak-trail-guide-williams-winston.pdf
    • http://www.gorillawalker.com/exploring-sephardic-customs-and-traditions.pdf
    • http://www.gorillawalker.com/git-along-little-dogies-songs-and-songmakers-of-the-american.pdf
    • http://www.gorillawalker.com/alfred-rhythm-etudes-tuba.pdf
    • http://www.gorillawalker.com/heroes-return.pdf
    • http://www.gorillawalker.com/the-spirit-of-saint-francis-inspiring-words-from-pope-francis.pdf
    • http://www.gorillawalker.com/black-enterprise-guide-to-technology-for-entrepreneurs.pdf
    • http://www.gorillawalker.com/the-fatal-link-the-connection-between-school-shooters-and-the.pdf
    • http://www.gorillawalker.com/exac-u-stats-simplified-baseball-and-softball-scorebook.pdf
    • http://www.gorillawalker.com/an-imperialist-love-story-desert-romances-and-the-war-on.pdf
    • http://www.gorillawalker.com/christ-in-christian-tradition-volume-two-part-one-the-development.pdf
    • http://www.gorillawalker.com/the-cry-for-myth.pdf
    • http://www.gorillawalker.com/why-ben-carson-is-the-new-ronald-reagan-5-reasons.pdf
    • http://www.gorillawalker.com/sight-size-portraiture.pdf
    • http://www.gorillawalker.com/sex-between-men-an-intimate-history-of-the-sex-lives.pdf
    • http://www.gorillawalker.com/lange-flash-cards-pharmacology.pdf
    • http://www.gorillawalker.com/paradigm-shifts-in-christian-witness-insights-from-anthropology-communication-and.pdf
    • http://www.gorillawalker.com/walking-israel-a-personal-search-for-the-soul-of-a.pdf
    • http://www.gorillawalker.com/spatial-analysis-in-geomorphology.pdf
    • http://www.gorillawalker.com/the-cowboy-s-christmas-family-harlequin-american-romance.pdf
    • http://www.gorillawalker.com/stone-soup-the-first-collection-of-the-syndicated-cartoon.pdf
    • http://www.gorillawalker.com/logic-and-philosophy-a-modern-introduction.pdf
    • http://www.gorillawalker.com/handbook-of-alien-species-in-europe-invading-nature-springer-series.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.