Malicious PDF — malware analysis report

Static analysis result for SHA-256 95758fb773859d3e…

MALICIOUS

PDF

43.6 KB Created: 2018-11-30 20:10:44 +03:00 Authoring application: - (via Acrobat Distiller 7.0.5 (Windows))
MD5: 236c793a30237be6b6cf5b4ad34691f0 SHA-1: 786c02a50f765def189cdba94774fc413dac6bac SHA-256: 95758fb773859d3e58ef2376f7e02a90f46a9a1df940108e5c7329d0ab3eea54
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links pointing to external PDF files on the domain 'gorillawalker.com'. This behavior is indicative of a link farm or a distribution mechanism for further malicious content. The ML classifier also flagged this PDF as malicious with a high probability. No scripts were extracted, and the document body was unreadable, limiting the analysis to the embedded URLs and heuristics.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8859

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/ghosts-of-atlanta-the-haunted-locations-of-atlanta-georgia-kindle.pdf
    • http://www.gorillawalker.com/trying-to-save-piggy-sneed.pdf
    • http://www.gorillawalker.com/caught-by-my-coach-in-the-locker-room-a-rough.pdf
    • http://www.gorillawalker.com/frog-and-toad-storybook-treasury-i-can-read-book-2.pdf
    • http://www.gorillawalker.com/the-first-wife.pdf
    • http://www.gorillawalker.com/the-algae.pdf
    • http://www.gorillawalker.com/a-chocolate-christmas-christmas-at-home.pdf
    • http://www.gorillawalker.com/services-marketing-3rd-edition.pdf
    • http://www.gorillawalker.com/modern-refrigeration-and-air-conditioning-by-althouse-andrew-d-published.pdf
    • http://www.gorillawalker.com/los-suegros-la-gu-a-chapman-para-los-suegros-los.pdf
    • http://www.gorillawalker.com/astronomy-journey-to-the-cosmic-frontier-volume-1-solar-system.pdf
    • http://www.gorillawalker.com/intravenous-immunoglobulin.pdf
    • http://www.gorillawalker.com/roots-and-routes-of-democracy-and-extremism.pdf
    • http://www.gorillawalker.com/model-categories-and-their-localizations-mathematical-surveys-and-monographs-no.pdf
    • http://www.gorillawalker.com/vector-mechanics-for-engineers-statics-7th-edition.pdf
    • http://www.gorillawalker.com/isabelle-graw-high-price-art-between-the-market-and-celebrity.pdf
    • http://www.gorillawalker.com/a-girl-s-guide-to-vampires-dark-ones-series.pdf
    • http://www.gorillawalker.com/design-and-optimization-of-thermal-systems-second-edition-mechanical-engineering.pdf
    • http://www.gorillawalker.com/the-old-bunch.pdf
    • http://www.gorillawalker.com/leisure-for-leisure.pdf
    • http://www.gorillawalker.com/technical-drawing-workbook-to-accompany-goetsch-technical-drawing.pdf
    • http://www.gorillawalker.com/jasmine-and-maddie.pdf
    • http://www.gorillawalker.com/the-gadamer-reader-a-bouquet-of-the-later-writings-topics.pdf
    • http://www.gorillawalker.com/holt-mcdougal-biology-virginia-interactive-reader.pdf
    • http://www.gorillawalker.com/manual-del-retrato-fotografico-capture-the-portrait-como-conseguir-las.pdf
    • http://www.gorillawalker.com/winning-the-inside-game-the-handbook-of-advocacy-strategies.pdf
    • http://www.gorillawalker.com/keep-on-pushing-black-power-music-from-blues-to-hip.pdf
    • http://www.gorillawalker.com/nursing-the-president.pdf
    • http://www.gorillawalker.com/straight-a-s-in-psychiatric-and-mental-health-nursing-straight.pdf
    • http://www.gorillawalker.com/5-spanish-dances-op-12-selections-nos-1-3-4.pdf
    • http://www.gorillawalker.com/guilin-canton-guangdong-china-guides-series.pdf
    • http://www.gorillawalker.com/rhino-hunt-boys-will-be-boys-girls-will-be-vengeful.pdf
    • http://www.gorillawalker.com/insider-s-guide-to-academic-planning.pdf
    • http://www.gorillawalker.com/the-blue-book-of-freedom-audio-cd.pdf
    • http://www.gorillawalker.com/fever-trees-of-borneo.pdf
    • http://www.gorillawalker.com/code-of-federal-regulations-title-46-shipping-pt-200-499.pdf
    • http://www.gorillawalker.com/totally-taboo-a-forbidden-love.pdf
    • http://www.gorillawalker.com/terence-the-mother-in-law-latin-and-english-edition.pdf
    • http://www.gorillawalker.com/boardwalk-gangster-the-real-lucky-luciano.pdf
    • http://www.gorillawalker.com/the-spinal-cord-injury-handbook-for-patients-and-families.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.