Malicious PDF — malware analysis report

Static analysis result for SHA-256 a58ed8c0532248c1…

MALICIOUS

PDF

32.8 KB Created: 2019-05-31 19:30:02 +03:00 Authoring application: FrameMaker 7.1 (via Acrobat Distiller 7.0.5 (Windows))
MD5: 04b8ffbafdc62971b7e23a9734aafbd6 SHA-1: be27bfb6e9b5e40c7274078825897221479aec1e SHA-256: a58ed8c0532248c13706f9db9c5229951170a6fd2a4d34211d8b509bcd2a8931
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF file was flagged by a machine learning classifier and contains a large number of embedded links to external PDF files hosted on www.gorillawalker.com. This indicates a link farm or a distribution mechanism for potentially malicious content, likely aiming to lure users to click on these links. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8529

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-extinction-pandemic-a-post-apocalyptic-novel-the-hatchery-compound.pdf
    • http://www.gorillawalker.com/the-dream-of-descartes-journal-of-the-history-of-philosophy.pdf
    • http://www.gorillawalker.com/talk-like-ted-the-9-public-speaking-secrets-of-the.pdf
    • http://www.gorillawalker.com/how-the-brain-learns-mathematics.pdf
    • http://www.gorillawalker.com/jerome-c-hunsaker-and-the-rise-of-american-aeronautics.pdf
    • http://www.gorillawalker.com/after-the-dancing-days.pdf
    • http://www.gorillawalker.com/les-nuits-d-ete-opus-7.pdf
    • http://www.gorillawalker.com/the-peace-approach-to-violence-prevention-a-guide-for-administrators.pdf
    • http://www.gorillawalker.com/a-history-of-glassforming.pdf
    • http://www.gorillawalker.com/moises-saman-afghanistan-broken-promise.pdf
    • http://www.gorillawalker.com/centralized-processing-for-academic-libraries-the-final-report-phase-iii.pdf
    • http://www.gorillawalker.com/basic-clinical-biostatistics-lange-basic-science-4th-forth-edition.pdf
    • http://www.gorillawalker.com/naamah-s-kiss-kushiel-legacy.pdf
    • http://www.gorillawalker.com/washington-state-birds-a-folding-pocket-guide-to-familiar-species.pdf
    • http://www.gorillawalker.com/the-telegraph-complete-history-of-british-football-150-years-of.pdf
    • http://www.gorillawalker.com/armenia-with-nagorno-karabagh-bradt-travel-guides-by-holding-deirdre.pdf
    • http://www.gorillawalker.com/bow-the-knee.pdf
    • http://www.gorillawalker.com/writing-like-an-engineer-a-rhetorical-education-rhetoric-knowledge-and.pdf
    • http://www.gorillawalker.com/house-of-the-tragic-poet.pdf
    • http://www.gorillawalker.com/say-it-in-six-how-to-say-exactly-what-you.pdf
    • http://www.gorillawalker.com/2015-guide-to-literary-agents-the-most-trusted-guide-to.pdf
    • http://www.gorillawalker.com/a-history-of-medieval-heresy-and-inquisition-critical-issues-in.pdf
    • http://www.gorillawalker.com/bodies-and-souls-the-tragic-plight-of-three-jewish-women.pdf
    • http://www.gorillawalker.com/thermostatics-and-thermodynamics.pdf
    • http://www.gorillawalker.com/fooling-houdini-magicians-mentalists-math-geeks-and-the-hidden-powers.pdf
    • http://www.gorillawalker.com/design-of-racing-and-high-performance-engines-pt-53-progress.pdf
    • http://www.gorillawalker.com/rand-mcnally-street-guide-montgomery-county-rand-mcnally-montgomery-county.pdf
    • http://www.gorillawalker.com/custom-and-tradition-in-east-africa-nandi-customary-law.pdf
    • http://www.gorillawalker.com/my-pop-up-surprise-abc.pdf
    • http://www.gorillawalker.com/thames-path-country-national-trail-guides.pdf
    • http://www.gorillawalker.com/mine-recognition-warfare-handbook-kindle-edition.pdf
    • http://www.gorillawalker.com/pathways-to-bliss-mythology-and-personal-transformation.pdf
    • http://www.gorillawalker.com/comprehensive-hospital-medicine-expert-consult-online-and-print-1e.pdf
    • http://www.gorillawalker.com/methodist-companion.pdf
    • http://www.gorillawalker.com/morgan-s-great-raid-the-remarkable-expedition-from-kentucky-to.pdf
    • http://www.gorillawalker.com/roger-corman-blood-sucking-vampires-flesh-eating-cockroaches-and-driller.pdf
    • http://www.gorillawalker.com/the-time-of-feasting.pdf
    • http://www.gorillawalker.com/the-thirteenth-step-zombie-recovery.pdf
    • http://www.gorillawalker.com/naked-wilderness.pdf
    • http://www.gorillawalker.com/committing-journalism-the-prison-writings-of-red-hog.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.