Malicious PDF — malware analysis report

Static analysis result for SHA-256 a396a1a1b15d6e3e…

MALICIOUS

PDF

45.3 KB Created: 2018-11-14 11:19:48 +03:00 Authoring application: Data Dynamics ActiveReports (tm) for .NET
MD5: e109b1e45e41fdf64637916b6a804d33 SHA-1: aaa1bcbf67ff221343442c29882f58e624ec1bd6 SHA-256: a396a1a1b15d6e3e4ba3a5860a3d55e514a77927a7fd65843ce87d4ff80a4712
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links to external URLs, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged this PDF as malicious. The primary function appears to be directing users to a vast collection of other PDF files hosted on www.gorillawalker.com, suggesting a link farm or SEO poisoning attack. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8439

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/backcountry.pdf
    • http://www.gorillawalker.com/healing-ancestral-karma-free-yourself-from-unhealthy-family-patterns-kindle.pdf
    • http://www.gorillawalker.com/journal-of-construction-engineering-and-management-vol-111-no-3.pdf
    • http://www.gorillawalker.com/near-and-distant-neighbors-a-new-history-of-soviet-intelligence.pdf
    • http://www.gorillawalker.com/marmalade-classic-recipes-for-the-ultimate-home-made-preserve.pdf
    • http://www.gorillawalker.com/30-minuten-bewerben-mit-profil-german-edition.pdf
    • http://www.gorillawalker.com/remarks-on-the-foundations-of-mathematics.pdf
    • http://www.gorillawalker.com/the-big-fellow.pdf
    • http://www.gorillawalker.com/101-investment-lessons-from-the-wizards-of-wall-street-the.pdf
    • http://www.gorillawalker.com/insurance-in-private-international-law-a-european-perspective-ha3013-pd.pdf
    • http://www.gorillawalker.com/injunctions.pdf
    • http://www.gorillawalker.com/animal-babies-in-rainforests.pdf
    • http://www.gorillawalker.com/if-looks-could-kill-money-marriage-adultery-and-murder.pdf
    • http://www.gorillawalker.com/workouts-with-weights-simple-routines-you-can-do-at-home.pdf
    • http://www.gorillawalker.com/all-about-cheetahs-mthpl-fact-books-volume-2-paperback.pdf
    • http://www.gorillawalker.com/the-wheels-of-commerce-civilization-and-capitalism-15th-18th-century.pdf
    • http://www.gorillawalker.com/the-art-of-shapeshifting.pdf
    • http://www.gorillawalker.com/twentieth-century-watercolors.pdf
    • http://www.gorillawalker.com/chemistry-and-physics-for-nurse-anesthesia-a-student-centered-approach.pdf
    • http://www.gorillawalker.com/fearproof-your-life-how-to-thrive-in-a-world-addicted.pdf
    • http://www.gorillawalker.com/the-book-of-tea-classics-retold-to-be-read-not.pdf
    • http://www.gorillawalker.com/radikale-theologie-forum-theologische-literaturzeitung-german-edition.pdf
    • http://www.gorillawalker.com/the-power-of-corporate-communication-crafting-the-voice-and-image.pdf
    • http://www.gorillawalker.com/field-work-modern-poems-from-eastern-forests.pdf
    • http://www.gorillawalker.com/word-formation-in-the-roman-sermo-plebeius-an-historical-study.pdf
    • http://www.gorillawalker.com/bridges-over-water-understanding-transboundary-water-conflict-negotiation-and-cooperation.pdf
    • http://www.gorillawalker.com/the-saxophone-handbook-complete-guide-to-tone-technique-performance-maintenance.pdf
    • http://www.gorillawalker.com/a-world-of-rings.pdf
    • http://www.gorillawalker.com/justinguitar-com-ukulele-songbook.pdf
    • http://www.gorillawalker.com/medieval-islamic-historiography-remembering-rebellion.pdf
    • http://www.gorillawalker.com/medieval-and-early-modern-performance-in-the-eastern-mediterranean-late.pdf
    • http://www.gorillawalker.com/donkey-poker-crushing-low-stakes-live-no-limit-hold-em.pdf
    • http://www.gorillawalker.com/the-divided-kingdoms-kindle-edition.pdf
    • http://www.gorillawalker.com/selling-the-invisible-a-field-guide-to-modern-marketing.pdf
    • http://www.gorillawalker.com/robotics-in-genitourinary-surgery.pdf
    • http://www.gorillawalker.com/my-first-dictionary-four-thousand-words-and-meanings-for-young.pdf
    • http://www.gorillawalker.com/top-10-vancouver-victoria-eyewitness-top-10-travel-guides-kindle.pdf
    • http://www.gorillawalker.com/ashes-2011-england-s-record-breaking-series-victory.pdf
    • http://www.gorillawalker.com/the-secret-history-of-chiropractic-d-d-palmer-s-spiritual.pdf
    • http://www.gorillawalker.com/laboratory-safety-for-chemistry-students.pdf
    • http://www.gorillawalker.com/30-minuten-bewerben-mit-profi
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.