Malicious PDF — malware analysis report

Static analysis result for SHA-256 a1e8a0502d3f2911…

MALICIOUS

PDF

40.8 KB Created: 2019-03-17 07:10:56 +03:00 Authoring application: QuarkXPress: pictwpstops filter 1.0 (via Acrobat Distiller 6.0 for Macintosh)
MD5: 569d0de96cf52c724caeb96691d192b1 SHA-1: 0f2c0eb4e49fccbd9a8b7d29f5df8f225470f71e SHA-256: a1e8a0502d3f291187419bdd81853f5e1400bdc237d615563b59670582301eea
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF file contains a large number of embedded links to external PDF documents, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged the document as malicious. The primary attack pattern appears to be a link farm designed to drive traffic to a large collection of documents hosted on www.gorillawalker.com, potentially for SEO manipulation or to host malicious content disguised as legitimate files.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/200-division-worksheets-with-4-digit-dividends-1-digit-divisors.pdf
    • http://www.gorillawalker.com/the-ice-palace-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/ideas-simples-que-te-har.pdf
    • http://www.gorillawalker.com/chameleon-sees-colors.pdf
    • http://www.gorillawalker.com/markets-for-clean-air-the-u-s-acid-rain-program.pdf
    • http://www.gorillawalker.com/m-is-for-mayflower-a-massachusetts-alphabet-discover-america-state.pdf
    • http://www.gorillawalker.com/reflective-teaching-in-higher-education-evidence-informed-professional-practice.pdf
    • http://www.gorillawalker.com/oliver-s-milk-shake.pdf
    • http://www.gorillawalker.com/errol-fidel-and-the-cuban-rebel-girls.pdf
    • http://www.gorillawalker.com/mirrors-of-time.pdf
    • http://www.gorillawalker.com/lockwood-co-the-hollow-boy.pdf
    • http://www.gorillawalker.com/the-fourth-wish.pdf
    • http://www.gorillawalker.com/suburban-classic.pdf
    • http://www.gorillawalker.com/dogmatic-canons-and-decrees-authorized-translations-of-the-dogmatic-decrees.pdf
    • http://www.gorillawalker.com/schwarz-christoffel-mapping-cambridge-monographs-on-applied-and-computational-mathematics.pdf
    • http://www.gorillawalker.com/the-papers-of-james-madison-vol-7-25-october-1813.pdf
    • http://www.gorillawalker.com/53-and-a-half-things-that-changed-the-world-and.pdf
    • http://www.gorillawalker.com/my-fun-chinese-mfc-i-can-write-2-english-and.pdf
    • http://www.gorillawalker.com/aanbestedingsregelingen-advies-dutch-edition.pdf
    • http://www.gorillawalker.com/your-favorite-food-part-2-and-virgin-diet-vitamix-recipes.pdf
    • http://www.gorillawalker.com/the-ministry-life-101-tips-for-ministers-spouses-paperback.pdf
    • http://www.gorillawalker.com/let-it-be-piano-vocal-sheet-music.pdf
    • http://www.gorillawalker.com/myth-and-magic-art-according-to-the-inklings-cormare.pdf
    • http://www.gorillawalker.com/cheating-gay-lizard-monster-homo-beast-erotica.pdf
    • http://www.gorillawalker.com/annual-report-british-scientific-instrument-research-association.pdf
    • http://www.gorillawalker.com/child-s-conception-of-number.pdf
    • http://www.gorillawalker.com/down-there-sexual-and-reproductive-health-the-wise-woman-way.pdf
    • http://www.gorillawalker.com/sudbury-long-melford-and-lavenham-through-time.pdf
    • http://www.gorillawalker.com/the-dark-side-of-organizational-behavior.pdf
    • http://www.gorillawalker.com/will-power-how-to-act-shakespeare-in-21-days-applause.pdf
    • http://www.gorillawalker.com/circular-v-24.pdf
    • http://www.gorillawalker.com/high-stakes-vegas-vampires-book-1.pdf
    • http://www.gorillawalker.com/the-role-of-internal-competition-in-knowledge-creation-an-empirical.pdf
    • http://www.gorillawalker.com/the-yezidis-a-study-in-survival.pdf
    • http://www.gorillawalker.com/shoulder-pathophysiology-rehabilitation-and-treatment-aspen-s-orthopedic-physical-therapy.pdf
    • http://www.gorillawalker.com/the-butterflies-of-berkshire-buckinghamshire-and-oxfordshire.pdf
    • http://www.gorillawalker.com/star-wars-escape-from-darth-vader-world-of-reading-level.pdf
    • http://www.gorillawalker.com/anne-s-house-of-dreams.pdf
    • http://www.gorillawalker.com/schubert-variations-piano-sheet-music.pdf
    • http://www.gorillawalker.com/erisa-fiduciary-answer-book-2002-supplement.pdf
    • http://www.gorillawalker.com/mirrors-of-time
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.