Malicious PDF — malware analysis report

Static analysis result for SHA-256 a37357c14dcf5d3a…

MALICIOUS

PDF

42.4 KB Created: 2019-03-17 10:08:05 +03:00 Authoring application: Adobe InDesign CC (Macintosh) (via Adobe PDF Library 11.0)
MD5: 4f4c9495df4ea6e53771ba6e9449185b SHA-1: d43cb824cfa66cfb4c76620b4d8b01f57c59e0b5 SHA-256: a37357c14dcf5d3a95022ea8db916c6c261f4a6b4e9b42c0224f5bc28f679871
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF was flagged by a machine learning classifier and a critical heuristic for containing a large number of external links to other PDF files hosted on the same domain. This pattern is often used for SEO manipulation or to distribute a variety of malicious documents. The document body contains numerous URLs pointing to PDFs on www.gorillawalker.com, suggesting a link farm or content distribution strategy.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8591

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/d-as-de-infancia.pdf
    • http://www.gorillawalker.com/social-and-cultural-life-in-medieval-andhra.pdf
    • http://www.gorillawalker.com/the-new-asceticism-sexuality-gender-and-the-quest-for-god.pdf
    • http://www.gorillawalker.com/hearing-senses-smart-apple.pdf
    • http://www.gorillawalker.com/straight-answers-answers-to-100-questions-about-the-catholic-faith.pdf
    • http://www.gorillawalker.com/the-manager-s-pocket-guide-to-using-consultants-manager-s.pdf
    • http://www.gorillawalker.com/a-heartbeat-from-heaven.pdf
    • http://www.gorillawalker.com/dublin-carol.pdf
    • http://www.gorillawalker.com/my-long-lost-step-a-tease-no-longer-older-man.pdf
    • http://www.gorillawalker.com/sicily-berlitz-pocket-guides.pdf
    • http://www.gorillawalker.com/war-paint.pdf
    • http://www.gorillawalker.com/heroes-and-heroines-of-greece-and-rome.pdf
    • http://www.gorillawalker.com/drawing-and-rendering-for-theatre-a-practical-course-for-scenic.pdf
    • http://www.gorillawalker.com/rand-mcnally-schoolhouse-beginner-s-world-atlas.pdf
    • http://www.gorillawalker.com/persons-and-things-from-the-body-s-point-of-view.pdf
    • http://www.gorillawalker.com/simply-jesus-a-fresh-look-at-the-christmas-story.pdf
    • http://www.gorillawalker.com/the-completelandlord-com-ultimate-landlord-handbook.pdf
    • http://www.gorillawalker.com/h2o-the-novel-the-eternal-elements.pdf
    • http://www.gorillawalker.com/the-boy-most-likely-to.pdf
    • http://www.gorillawalker.com/the-reach-of-rome-a-journey-through-the-lands-of.pdf
    • http://www.gorillawalker.com/african-american-criminologists-1970-1996-an-annotated-bibliography-bibliographies-and.pdf
    • http://www.gorillawalker.com/the-real-atlas-of-the-bible-a-complete-and-illustrated.pdf
    • http://www.gorillawalker.com/the-great-american-trailer-park-musical-acting-edition.pdf
    • http://www.gorillawalker.com/queen-victoria-s-little-wars.pdf
    • http://www.gorillawalker.com/the-ideals-of-the-east-with-special-reference-to-the.pdf
    • http://www.gorillawalker.com/captive-role-play.pdf
    • http://www.gorillawalker.com/organotin-chemistry-journal-of-organometallic-chemistry-library.pdf
    • http://www.gorillawalker.com/john-osborne-the-many-lives-of-the-angry-young-man.pdf
    • http://www.gorillawalker.com/an-unauthorized-guide-to-debbie-macomber-a-short-biography-about.pdf
    • http://www.gorillawalker.com/glencoe-world-geography.pdf
    • http://www.gorillawalker.com/aggregates-in-nafta-to-2015-market-databook-download-pdf-digital.pdf
    • http://www.gorillawalker.com/noah-s-ark-chronicles-of-kassouk.pdf
    • http://www.gorillawalker.com/human-body-perception-from-the-inside-out-oxford-series-in.pdf
    • http://www.gorillawalker.com/artichoke-tales.pdf
    • http://www.gorillawalker.com/jacks-swimming-secrets-for-kids-4-streamline-kindle-edition.pdf
    • http://www.gorillawalker.com/caro-kann-defence-advance-variation-and-gambit-system-batsford-chess.pdf
    • http://www.gorillawalker.com/geologic-trip-across-tennessee-interstate-40-outdoor-tennessee-series.pdf
    • http://www.gorillawalker.com/home-health-aide-on-the-go-in-service-lessons-volume.pdf
    • http://www.gorillawalker.com/the-tibetan-book-of-the-dead-awakening-upon-dying.pdf
    • http://www.gorillawalker.com/books-9787811304930-genuine-five-secondary-vocational-education-planning-materials-economic.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.