Malicious PDF — malware analysis report

Static analysis result for SHA-256 97320e06ecd8d078…

MALICIOUS

PDF

44.7 KB Created: 2018-12-15 08:35:36 +03:00 Authoring application: Arbortext 5.4 (via PDFlib+PDI 7.0.4 (Win32))
MD5: 7c34a0c7a3b6bbf3207aea66c9405765 SHA-1: 0244c89b10b9a4388f889dc741b7c6cda696dd58 SHA-256: 97320e06ecd8d078330da0325a7adac921836ae8b11e743e33940c0ffd763140
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF contains a large number of embedded links to external PDF files, a technique often used for SEO manipulation or to distribute malicious content. The ML classifier also flagged this PDF as malicious. The primary attack pattern involves directing users to a link farm hosted on www.gorillawalker.com.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8683

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/beatmungsformen-zak-1989-anaesthesiologie-und-intensivmedizin-anaesthesiology-and-intensive-care.pdf
    • http://www.gorillawalker.com/a-little-bit-of-golfing-wit-little-bit-of-summersdale.pdf
    • http://www.gorillawalker.com/pregos-bem-fixados-portuguese-edition.pdf
    • http://www.gorillawalker.com/house-guests-house-pests-a-natural-history-of-animals-in.pdf
    • http://www.gorillawalker.com/crazy-english-pre-intermediate-intermediate.pdf
    • http://www.gorillawalker.com/philosophical-genealogy-volume-ii-an-epistemological-reconstruction-of-nietzsche-and.pdf
    • http://www.gorillawalker.com/e1-organisational-management-cima-exam-practice-kit.pdf
    • http://www.gorillawalker.com/lapidary-journal-for-gem-cutters-collectors-and-jewelers-vol-52.pdf
    • http://www.gorillawalker.com/a-new-forum-for-security-solid-security-has-been-part.pdf
    • http://www.gorillawalker.com/the-invisible-a-ryan-kealey-thriller.pdf
    • http://www.gorillawalker.com/jade-remedies-a-chinese-herbal-reference-for-the-west-vol.pdf
    • http://www.gorillawalker.com/8-for-the-years-battling-brain-cancer-do-not-forget.pdf
    • http://www.gorillawalker.com/junior-worldmark-encyclopedia-of-the-mexican-states-gale-non-series.pdf
    • http://www.gorillawalker.com/sorted-the-good-psychopath-s-guide-to-bossing-your-life.pdf
    • http://www.gorillawalker.com/christmas-eve-scribble-sing.pdf
    • http://www.gorillawalker.com/patent-prosecution-7th-edition.pdf
    • http://www.gorillawalker.com/port-hope-simpson-off-the-beaten-path-newfoundland-and-labrador.pdf
    • http://www.gorillawalker.com/the-collected-works-of-theodore-parker-volume-3-discourses-of.pdf
    • http://www.gorillawalker.com/fodor-s-peru-with-machu-picchu-the-inca-trail-full.pdf
    • http://www.gorillawalker.com/tales-from-the-cherokee-hills.pdf
    • http://www.gorillawalker.com/ap-ros-d-natoires-la-cerise-sur-le-g-teau.pdf
    • http://www.gorillawalker.com/puppy-gets-stuck-mp3-audio-unabridged-digital.pdf
    • http://www.gorillawalker.com/introductory-digital-image-processing-a-remote-sensing-perspective-4th-edition.pdf
    • http://www.gorillawalker.com/esoteric-cosmology-kindle-edition.pdf
    • http://www.gorillawalker.com/birds-nests-eggs-take-along-guides.pdf
    • http://www.gorillawalker.com/juices-smoothies-and-shakes-mini-cookbook-series.pdf
    • http://www.gorillawalker.com/russian-foreign-policy-the-return-of-great-power-politics.pdf
    • http://www.gorillawalker.com/los-tuneles-de-la-mente-biblioteca-de-bolsillo-spanish-edition.pdf
    • http://www.gorillawalker.com/rafting-on-the-alleghany-and-ohio-1844-the-pennsylvania-magazine.pdf
    • http://www.gorillawalker.com/letters-to-her-soldier.pdf
    • http://www.gorillawalker.com/promoting-a-global-community-through-multicultural-children-s-literature-through.pdf
    • http://www.gorillawalker.com/dealing-with-difficult-people-in-a-week.pdf
    • http://www.gorillawalker.com/amy-winehouse-the-biography-1983-2011-paperback-common.pdf
    • http://www.gorillawalker.com/mussolini-s-roman-empire.pdf
    • http://www.gorillawalker.com/various-piano-works-including-complete-bagatelles-kalmus-edition.pdf
    • http://www.gorillawalker.com/21st-century-adult-cancer-sourcebook-chronic-myeloproliferative-disorders-chronic-myelogenous.pdf
    • http://www.gorillawalker.com/tarascon-emergency-department-quick-reference-guide.pdf
    • http://www.gorillawalker.com/hepatitis-a-now-what-kindle-edition.pdf
    • http://www.gorillawalker.com/meditation-and-contemplation-an-ignatian-guide-to-praying-with-scripture.pdf
    • http://www.gorillawalker.com/path-of-peace-advent-sunday-2-bulletin-2015-large-pkg.pdf
    • http://www.gorillawalker.com/e1-organisational-management-cim
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.