Malicious PDF — malware analysis report

Static analysis result for SHA-256 9a011b41c21d044e…

MALICIOUS

PDF

44.0 KB Created: 2018-11-26 21:55:30 +03:00 Authoring application: Adobe InDesign CS4 (6.0.6) (via Adobe PDF Library 9.0)
MD5: de61a84dd0d21ae1026c626fe8e96e56 SHA-1: 9f2475f3f932ccfbe52d9c695cde779dcc6af84e SHA-256: 9a011b41c21d044e499c514f23b0b3cd216bf3a0916b92a3e15f181fe75ef433
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF was flagged by a machine learning classifier as malicious and contains a large number of external links, indicating a link farm or SEO poisoning attempt. The embedded URLs point to various PDF documents hosted on gorillawalker.com, suggesting a coordinated effort to distribute content or lure users to specific sites. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8683

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/ab-bookman-s-yearbook-1986-the-specialist-book-world-annual.pdf
    • http://www.gorillawalker.com/tainted-g-street-chronicles-presents.pdf
    • http://www.gorillawalker.com/biken-schwarzwald-22-mtb-touren-rund-um-freiburg-feldberg-und.pdf
    • http://www.gorillawalker.com/bruno-my-story.pdf
    • http://www.gorillawalker.com/el-manual-del-buen-corredor-fuera-de-colecci.pdf
    • http://www.gorillawalker.com/a-violent-conscience-essays-on-the-fiction-of-james-lee.pdf
    • http://www.gorillawalker.com/transforming-trauma-a-guide-to-understanding-and-treating-adult-survivors.pdf
    • http://www.gorillawalker.com/critical-theory-a-very-short-introduction-very-short-introductions.pdf
    • http://www.gorillawalker.com/fundamentals-of-matrix-computations.pdf
    • http://www.gorillawalker.com/magnificent-journey-religion-as-lock-on-the-past-or-engine.pdf
    • http://www.gorillawalker.com/african-american-art-2011-wall-calendar.pdf
    • http://www.gorillawalker.com/the-truth-about-hillary-what-she-knew-when-she-knew.pdf
    • http://www.gorillawalker.com/the-perricone-weight-loss-diet-a-simple-3-part-plan.pdf
    • http://www.gorillawalker.com/how-to-speak-and-write-correctly-text-only-by-j.pdf
    • http://www.gorillawalker.com/the-unicorn-cards.pdf
    • http://www.gorillawalker.com/el-padrino-la-venganza-spanish-edition.pdf
    • http://www.gorillawalker.com/intelligent-systems-in-oil-field-development-under-uncertainty-studies-in.pdf
    • http://www.gorillawalker.com/policewomen-who-made-history-breaking-through-the-ranks.pdf
    • http://www.gorillawalker.com/kirby-the-disgruntled-tree-a-story-about-contentment.pdf
    • http://www.gorillawalker.com/denmark-international-road-maps-with-separate-index-1-400-000.pdf
    • http://www.gorillawalker.com/concerto-for-violoncello-and-orchestra-cello-and-piano-reduction.pdf
    • http://www.gorillawalker.com/authentic-love.pdf
    • http://www.gorillawalker.com/international-energy-policy-the-arctic-and-the-law-of-the.pdf
    • http://www.gorillawalker.com/silent-night-2-fear-street-superchillers-kindle-edition.pdf
    • http://www.gorillawalker.com/1-2-helping-hands-help-has-risen-in-the-beginning.pdf
    • http://www.gorillawalker.com/sister-parish-design-on-decorating.pdf
    • http://www.gorillawalker.com/franz-liszt-die-hunnenschlacht-kampf-der-kulturen-in-der-sinfonischen.pdf
    • http://www.gorillawalker.com/essential-oils-a-basic-guide.pdf
    • http://www.gorillawalker.com/music-minus-one-flute-flute-guitar-duets-vol-i-book.pdf
    • http://www.gorillawalker.com/crimp-on-by-the-true-story-of-a-most-unlikely.pdf
    • http://www.gorillawalker.com/not-all-in-the-mind-food-allergies.pdf
    • http://www.gorillawalker.com/cal-97-wild-horses.pdf
    • http://www.gorillawalker.com/conscious-community-a-guide-to-inner-work.pdf
    • http://www.gorillawalker.com/the-stoa-of-attalos-ii-in-athens-agora-picture-book.pdf
    • http://www.gorillawalker.com/handbook-of-coastal-engineering.pdf
    • http://www.gorillawalker.com/the-tyndale-code-an-action-packed-christian-fiction-novella-an.pdf
    • http://www.gorillawalker.com/lean-manufacturing-a-plant-floor-guide.pdf
    • http://www.gorillawalker.com/performance-benchmarking-measuring-and-managing-performance-management-for-professionals.pdf
    • http://www.gorillawalker.com/russian-myths-legendary-past.pdf
    • http://www.gorillawalker.com/safe-as-houses-a-historical-analysis-of-property-prices.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.