Malicious PDF — malware analysis report

Static analysis result for SHA-256 a4b1fea61b221174…

MALICIOUS

PDF

45.7 KB Created: 2018-11-26 08:30:48 +03:00 Authoring application: QuarkXPress¢â: LaserWriter 8 KH-8.7.1 (via Acrobat Distiller 4.05 for Macintosh)
MD5: 464e0f0548011cf640eaaa95308b62f2 SHA-1: b73ef16abd34152558e9575878b9034c9ebbcdf5 SHA-256: a4b1fea61b22117451a420ed25a40a1ae2aced6a71a23d021f36c09b4e09f00f
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 User Execution: Malicious Link

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged the document as malicious. The primary attack pattern appears to be a link farm designed to drive traffic to a large collection of documents hosted on gorillawalker.com, likely for SEO manipulation or to distribute further malicious content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8634

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/lifeline-of-the-confederacy-blockade-running-during-the-civil-war.pdf
    • http://www.gorillawalker.com/lovecraft-la-antologia-antologias-spanish-edition.pdf
    • http://www.gorillawalker.com/six-irish-poets-austin-clarke-richard-kell-thomas-kinsella-john.pdf
    • http://www.gorillawalker.com/auto-transmission-and-transaxle.pdf
    • http://www.gorillawalker.com/season-of-strangers.pdf
    • http://www.gorillawalker.com/standardized-work-and-standard-operating-procedures-a-solid-base-for.pdf
    • http://www.gorillawalker.com/dosage-calculations-a-ratio-proportion-approach.pdf
    • http://www.gorillawalker.com/legislacion-sobre-construccion-legislation-about-construction-normas-administrativas-laborales-y.pdf
    • http://www.gorillawalker.com/the-doctor-s-bride-heartsong-presents.pdf
    • http://www.gorillawalker.com/the-swingers-club-boxed-set-all-eight-cuckoldry-and-swinging.pdf
    • http://www.gorillawalker.com/riots-and-political-protest-digital.pdf
    • http://www.gorillawalker.com/the-lives-between-us.pdf
    • http://www.gorillawalker.com/my-own-human-body.pdf
    • http://www.gorillawalker.com/the-fourteenth-mental-measurements-yearbook-buros-mental-measurements-yearbook.pdf
    • http://www.gorillawalker.com/to-dakar-and-back-21-days-across-north-africa-by.pdf
    • http://www.gorillawalker.com/hydraulics-and-hydrology-for-stormwater-management.pdf
    • http://www.gorillawalker.com/veterinary-parasitology-reference-manual-5th-edition.pdf
    • http://www.gorillawalker.com/dork-diaries-8-tales-from-a-not-so-happily-ever.pdf
    • http://www.gorillawalker.com/analysis-and-design-of-analog-integrated-circuits-5th-edition.pdf
    • http://www.gorillawalker.com/yearning-a-first-to-dance-prequel-kindle-edition.pdf
    • http://www.gorillawalker.com/the-resonance-of-a-small-voice-william-walton-and-the.pdf
    • http://www.gorillawalker.com/the-party-line-how-the-media-dictates-public-opinion-in.pdf
    • http://www.gorillawalker.com/street-finder-orlando-and-vicinity-florida-rand-mcnally-streetfinder.pdf
    • http://www.gorillawalker.com/daily-word-problems-grade-3.pdf
    • http://www.gorillawalker.com/sri-lanka-tax-guide.pdf
    • http://www.gorillawalker.com/dante-poet-of-the-impossible-ideas.pdf
    • http://www.gorillawalker.com/end-of-days.pdf
    • http://www.gorillawalker.com/the-harmony-of-the-four-evangelists-volume-1.pdf
    • http://www.gorillawalker.com/senior-desk-atlas-kagiso-junior-senior-desk-atlas.pdf
    • http://www.gorillawalker.com/the-black-jacobins-toussaint-l-ouverture-and-the-san-domingo.pdf
    • http://www.gorillawalker.com/elemente-der-angewandten-elektronik-kompendium-f-r-ausbildung-und-beruf.pdf
    • http://www.gorillawalker.com/jet-to-japan-asian-girl-interracial-erotica.pdf
    • http://www.gorillawalker.com/billionaire-fantasies-rich-dominant-erotic-romance-collection.pdf
    • http://www.gorillawalker.com/lee-lozano-dropout-piece-afterall.pdf
    • http://www.gorillawalker.com/design-for-six-sigma-idov-methodology-kindle-edition.pdf
    • http://www.gorillawalker.com/fat-burning-snack-recipes-healthy-and-guilt-free-fat-burning.pdf
    • http://www.gorillawalker.com/the-internet-for-everyone-a-guide-for-users-and-providers.pdf
    • http://www.gorillawalker.com/sierra-nevada-natural-history-california-natural-history-guides.pdf
    • http://www.gorillawalker.com/contemporary-engineering-economics-5th-edition.pdf
    • http://www.gorillawalker.com/markham-in-peru-the-travels-of-clements-r-markham-1852.pdf
    • http://www.gorillawalker.com/standardized-work-and-standard-operating
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.