Malicious PDF — malware analysis report

Static analysis result for SHA-256 9e1ae5d6fe8dc981…

MALICIOUS

PDF

43.8 KB Created: 2018-11-30 20:56:58 +03:00 Authoring application: Adobe InDesign CS4 (6.0.6) (via Mac OS X 10.9.1 Quartz PDFContext)
MD5: 4830f9acff6a878075ade3e6c19ec2a9 SHA-1: 1afe776a31c8fa03727962d2e44608a81713c577 SHA-256: 9e1ae5d6fe8dc981bdb15beb98d29128e6406b8560f27fd0bead6471f4d1bd4d
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged the document as malicious. The embedded URLs are likely used to direct users to a large collection of documents hosted on gorillawalker.com, potentially for SEO manipulation or to serve as a distribution point for further malicious content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9007

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/worldview-the-history-of-a-concept.pdf
    • http://www.gorillawalker.com/energy-law-in-india-second-edition.pdf
    • http://www.gorillawalker.com/the-theory-of-magnetism-made-simple-an-introduction-to-physical.pdf
    • http://www.gorillawalker.com/die-meistersinger-von-n-rnberg-wwv-96-selections-for-theatre.pdf
    • http://www.gorillawalker.com/st-john-bosco-and-saint-dominic-savio-vision-books-s.pdf
    • http://www.gorillawalker.com/dreams-a-portal-to-the-source.pdf
    • http://www.gorillawalker.com/the-handholder-s-handbook-a-guide-for-caregivers-of-people.pdf
    • http://www.gorillawalker.com/irish-american-landmarks-a-traveler-s-guide-visible-ink-press.pdf
    • http://www.gorillawalker.com/mount-hood-south-side-route.pdf
    • http://www.gorillawalker.com/the-systematic-theology-of-john-brown-of-haddington.pdf
    • http://www.gorillawalker.com/collector-s-encyclopedia-of-barbie-doll-exclusives-and-more-identification.pdf
    • http://www.gorillawalker.com/yellow-line-orca-soundings.pdf
    • http://www.gorillawalker.com/next-series-microsoft-office-365-the-next.pdf
    • http://www.gorillawalker.com/tangled-loyalties-the-life-and-times-of-ilya-ehrenburg.pdf
    • http://www.gorillawalker.com/inventing-indigenous-knowledge-archaeology-rural-development-and-the-raised-field.pdf
    • http://www.gorillawalker.com/get-into-medical-school-600-ukcat-practice-questions-includes-full.pdf
    • http://www.gorillawalker.com/inserts-for-liturgy-of-the-hours.pdf
    • http://www.gorillawalker.com/espresso-seduction-billionaire-rags-to-riches-book-1-kindle-edition.pdf
    • http://www.gorillawalker.com/thomas-jefferson-s-qur-an-islam-and-the-founders.pdf
    • http://www.gorillawalker.com/cult-of-the-will-nervousness-and-german-modernity.pdf
    • http://www.gorillawalker.com/sacred-suicide-ashgate-new-religions.pdf
    • http://www.gorillawalker.com/30-dolci-squisiti-italian-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/the-happiest-people-on-earth-the-long-awaited-personal-story.pdf
    • http://www.gorillawalker.com/homage-to-catalonia.pdf
    • http://www.gorillawalker.com/the-law-of-ship-mortgages-lloyd-s-shipping-law-library.pdf
    • http://www.gorillawalker.com/the-musicians-hand-a-clinical-guide.pdf
    • http://www.gorillawalker.com/in-love-abiding-responding-to-the-dying-and-the-bereaved.pdf
    • http://www.gorillawalker.com/second-nature-brain-science-and-human-knowledge.pdf
    • http://www.gorillawalker.com/wildflowers-of-sequoia-and-kings-canyon-national-parks.pdf
    • http://www.gorillawalker.com/meeresstille.pdf
    • http://www.gorillawalker.com/hot-ics-for-the-electronics-hobbyist.pdf
    • http://www.gorillawalker.com/national-geographic-september-1987-vol-172-no-3.pdf
    • http://www.gorillawalker.com/bulgaria-world-bibliographical-series.pdf
    • http://www.gorillawalker.com/drawing-for-the-artistically-undiscovered-klutz.pdf
    • http://www.gorillawalker.com/the-kalevala-oxford-world-s-classics-kindle-edition.pdf
    • http://www.gorillawalker.com/the-fundamentals-of-style-an-illustrated-guide-to-dressing-well.pdf
    • http://www.gorillawalker.com/adding-neurotherapy-to-your-practice-clinician-s-guide-to-the.pdf
    • http://www.gorillawalker.com/god-s-secret-formula-deciphering-the-riddle-of-the-universe.pdf
    • http://www.gorillawalker.com/social-networks-and-health-models-methods-and-applications.pdf
    • http://www.gorillawalker.com/nonfiction-for-high-school-a-sentence-composing-approach.pdf
    • http://www.gorillawalker.com/the-handholder-
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.