Malicious PDF — malware analysis report

Static analysis result for SHA-256 a2b95e22b01b6de7…

MALICIOUS

PDF

43.7 KB Created: 2019-03-30 15:46:51 +03:00 Authoring application: FrameMaker 12.0.2 (via Acrobat Distiller 11.0 (Windows))
MD5: ab66f8f633449bb4b08f2b7f03b8a820 SHA-1: 7baa04642776e889923f677f289f8bb6be55bb97 SHA-256: a2b95e22b01b6de7bd30bdcb9c152ad48ae868e4cdd69ebe1238501e9a6758fd
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious File

The PDF file was flagged by a machine learning classifier as malicious. It contains a large number of embedded external links, identified by the PDF_SEO_LINK_FARM heuristic, pointing to various PDF documents on the gorillawalker.com domain. This suggests a link farm or distribution mechanism for potentially malicious content, rather than a legitimate document. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9171

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-forbidden-rumi-the-suppressed-poems-of-rumi-on-love.pdf
    • http://www.gorillawalker.com/social-security-and-retirement-around-the-world-national-bureau-of.pdf
    • http://www.gorillawalker.com/sinai-gardens-retreats-in-the-sinai-high-mountains.pdf
    • http://www.gorillawalker.com/the-underwriting.pdf
    • http://www.gorillawalker.com/crystalline-olefin-polymers-part-ii-volume-xx-part-ii-high.pdf
    • http://www.gorillawalker.com/introduction-to-2-spinors-in-general-relativity.pdf
    • http://www.gorillawalker.com/vasconselos-a-romance-of-the-new-world.pdf
    • http://www.gorillawalker.com/the-tao-of-detox-the-secrets-of-yang-sheng-dao.pdf
    • http://www.gorillawalker.com/disorders-of-the-vestibular-system.pdf
    • http://www.gorillawalker.com/databases-organizing-information-digital-information-literacy.pdf
    • http://www.gorillawalker.com/2012-exam-review-for-computed-tomography-2-100-sample-questions.pdf
    • http://www.gorillawalker.com/fruit-and-vegetable-carving-art-works-of-chinese-cooking-teacher.pdf
    • http://www.gorillawalker.com/frankenstein-penguin-classics-deluxe-edition.pdf
    • http://www.gorillawalker.com/i-love-santa-christmas-picture-books.pdf
    • http://www.gorillawalker.com/the-vodka-bible.pdf
    • http://www.gorillawalker.com/the-sauptikaparvan-of-the-mahabharata-the-massacre-at-night-oxford.pdf
    • http://www.gorillawalker.com/digital-painting-face-digital-painting-techniques-for-beginners-book-4.pdf
    • http://www.gorillawalker.com/alone-ghost-japanese-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/beyond-the-river-chebar-studies-in-kingship-and-eschatology-in.pdf
    • http://www.gorillawalker.com/pharmaceutical-process-scale-up-third-edition-drugs-and-the-pharmaceutical.pdf
    • http://www.gorillawalker.com/the-complete-blender-cookbook.pdf
    • http://www.gorillawalker.com/buletinul-societii-de-ciine-romanian-edition.pdf
    • http://www.gorillawalker.com/whole-child-whole-parent.pdf
    • http://www.gorillawalker.com/claimed-by-the-falcon-a-sizzling-hot-romance-kindle-edition.pdf
    • http://www.gorillawalker.com/python-cookbook-kindle-edition.pdf
    • http://www.gorillawalker.com/a-baker-s-field-guide-to-christmas-cookies-baker-s.pdf
    • http://www.gorillawalker.com/virtual-memory-source-code-secrets-code-secrets-v2.pdf
    • http://www.gorillawalker.com/housewives-at-play-the-wedding-album-housewifes-at-play.pdf
    • http://www.gorillawalker.com/disfrutar-el-orgasmo-luna-creciente-spanish-edition.pdf
    • http://www.gorillawalker.com/the-wrath-of-the-just-apocalypse-z-book-3-unabridged.pdf
    • http://www.gorillawalker.com/pathfinder-player-companion-bastards-of-golarion.pdf
    • http://www.gorillawalker.com/taking-a-case-to-the-european-court-of-human-rights.pdf
    • http://www.gorillawalker.com/the-interview-research-on-its-anatomy-and-structure.pdf
    • http://www.gorillawalker.com/the-lives-of-the-noble-grecians-and-romans-in-two.pdf
    • http://www.gorillawalker.com/my-body-is-mine.pdf
    • http://www.gorillawalker.com/mastering-gto-restorations-suspension-guide-pontiac-gto-1964-1974.pdf
    • http://www.gorillawalker.com/gurps-special-ops-3ed.pdf
    • http://www.gorillawalker.com/cultural-revolutions-reason-versus-culture-in-philosophy-politics-and-jihad.pdf
    • http://www.gorillawalker.com/the-cat-who-played-post-office.pdf
    • http://www.gorillawalker.com/a-study-of-the-masticatory-systerm-dental-anatomy-and-occlusion.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.