Malicious PDF — malware analysis report

Static analysis result for SHA-256 a027289e4089b774…

MALICIOUS

PDF

43.3 KB Created: 2018-12-15 08:53:50 +03:00 Authoring application: - (via Acrobat Distiller 7.0.5 (Windows))
MD5: e366ec11ce80dc2fedf2a66641edfe52 SHA-1: a74198aed842f6c857421c15e451e38eba9cbabf SHA-256: a027289e4089b7744b45eb583d12ead2ffdca805c2c1458329c15d26055ca57a
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF document contains a large number of embedded links pointing to external PDF files, a technique often used for SEO manipulation or to distribute further malicious content. The ML classifier also flagged this PDF as malicious. The primary attack pattern involves directing users to a link farm hosted on www.gorillawalker.com.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8683

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-end-of-sanity-social-and-cultural-madness-in-america.pdf
    • http://www.gorillawalker.com/guns-of-arizona-a-land-where-legends-are-made-arizona.pdf
    • http://www.gorillawalker.com/the-36-hour-day-a-family-guide-to-caring-for.pdf
    • http://www.gorillawalker.com/the-oxford-handbook-of-state-and-local-government-oxford-handbooks.pdf
    • http://www.gorillawalker.com/the-interpretation-of-dreams-the-complete-and-definitive-text.pdf
    • http://www.gorillawalker.com/life-in-the-mouse-house-memoir-of-a-disney-story.pdf
    • http://www.gorillawalker.com/a-history-of-the-jews-from-earliest-times-through-the.pdf
    • http://www.gorillawalker.com/adobe-photoshop-elements-5-0-classroom-in-a-book.pdf
    • http://www.gorillawalker.com/strip-poker-3-taboo-erotica.pdf
    • http://www.gorillawalker.com/one-man-caravan-incredible-journeys-books.pdf
    • http://www.gorillawalker.com/three-times-dead-kindle-edition.pdf
    • http://www.gorillawalker.com/sign-structures-and-foundations-a-guide-for-designers-and-estimators.pdf
    • http://www.gorillawalker.com/a-beginner-s-guide-to-bow-hunting-kindle-edition.pdf
    • http://www.gorillawalker.com/the-pleasures-of-id-psyche-series-book-1.pdf
    • http://www.gorillawalker.com/perspectives-on-culture-values-and-justice.pdf
    • http://www.gorillawalker.com/the-iron-men-of-metz-reflections-of-combat-with-the.pdf
    • http://www.gorillawalker.com/play-bridge-in-4-hours.pdf
    • http://www.gorillawalker.com/bitcoin-la-moneda-del-futuro-qu.pdf
    • http://www.gorillawalker.com/pi-the-great-work.pdf
    • http://www.gorillawalker.com/dead-or-alive-understanding-viable-but-not-culturable-microbes-in.pdf
    • http://www.gorillawalker.com/manual-of-small-animal-infectious-diseases.pdf
    • http://www.gorillawalker.com/advanced-analytical-procedures-in-chemistry-volume-iii.pdf
    • http://www.gorillawalker.com/official-sat-study-guide-2016-edition.pdf
    • http://www.gorillawalker.com/the-last-good-man.pdf
    • http://www.gorillawalker.com/nursery-rhyme-jazz-baby-loves-jazz.pdf
    • http://www.gorillawalker.com/my-weird-school-3-mrs-roopy-is-loopy.pdf
    • http://www.gorillawalker.com/the-legacy-of-alexander-politics-warfare-and-propaganda-under-the.pdf
    • http://www.gorillawalker.com/an-analysis-of-group-life-insurance-the-s-s-huebner.pdf
    • http://www.gorillawalker.com/messages-of-life-from-death-row.pdf
    • http://www.gorillawalker.com/bold-composer-astory-about-ludwig-van-beethoven-a-creative-minds.pdf
    • http://www.gorillawalker.com/origination-of-organismal-form-beyond-the-gene-in-developmental-and.pdf
    • http://www.gorillawalker.com/construction-dispute-resolution-2015-ed-navigating-the-adr-process-drafting.pdf
    • http://www.gorillawalker.com/the-land-of-stories-the-wishing-spell-unabridged-audible-audio.pdf
    • http://www.gorillawalker.com/games-of-wonder.pdf
    • http://www.gorillawalker.com/rob-a-true-story-of-inspiration-courage-and-love.pdf
    • http://www.gorillawalker.com/the-physics-and-engineering-of-solid-state-lasers-spie-tutorial.pdf
    • http://www.gorillawalker.com/voices-of-freedom-english-and-civics-for-u-s-citizenship.pdf
    • http://www.gorillawalker.com/vitalism-the-history-of-herbalism-homeopathy-and-flower-essences.pdf
    • http://www.gorillawalker.com/the-lives-of-the-kings-and-queens-of-england-heraldic.pdf
    • http://www.gorillawalker
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.