Malicious PDF — malware analysis report

Static analysis result for SHA-256 a636f4dd218e015c…

MALICIOUS

PDF

41.3 KB Created: 2018-12-14 20:22:59 +03:00 Authoring application: FrameMaker 7.0 (via Acrobat Distiller 5.0.5 (Windows); modified using iText® 5.5.4 ©2000-2014 iText Group NV (AGPL-version))
MD5: f98537ce49d0f133385b4fa1efd0eaa5 SHA-1: 5935a0e7397402671e4aaf2fa0880dab318cab49 SHA-256: a636f4dd218e015ca5e20f522c3a33cc8329ef5b7babaa2333036c7c128931a9
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of external links, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged the document as malicious. The primary attack pattern appears to be a link farm, likely for SEO manipulation or to distribute further malicious content, with the dominant host being www.gorillawalker.com.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8872

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-kaizen-pocket-handbook.pdf
    • http://www.gorillawalker.com/optical-design-for-visual-systems-spie-tutorial-texts-in-optical.pdf
    • http://www.gorillawalker.com/benny-s-boys-the-stable-of-benny-jacobs.pdf
    • http://www.gorillawalker.com/malignant-lymphomas-including-hodgkin-s-disease-diagnosis-management-and-special.pdf
    • http://www.gorillawalker.com/aviation-engines.pdf
    • http://www.gorillawalker.com/366-weird-movies-2011-yearbook.pdf
    • http://www.gorillawalker.com/the-amateur-gourmet.pdf
    • http://www.gorillawalker.com/vitamins-herbs-minerals-supplements-the-complete-guide.pdf
    • http://www.gorillawalker.com/ernest-l-boyer-hope-for-today-s-universities.pdf
    • http://www.gorillawalker.com/raquel-beyond-the-cleavage-by-raquel-welch-mar-29-2010.pdf
    • http://www.gorillawalker.com/poems-from-eden.pdf
    • http://www.gorillawalker.com/the-big-four-the-first-railroad-to-the-pacific-coast.pdf
    • http://www.gorillawalker.com/standards-of-brewing-formulas-for-consistency-and-excellence.pdf
    • http://www.gorillawalker.com/power-of-attorney-and-living-will-guide.pdf
    • http://www.gorillawalker.com/250-hours.pdf
    • http://www.gorillawalker.com/antarctica-6th-a-guide-to-the-wildlife-bradt-travel-guide.pdf
    • http://www.gorillawalker.com/the-andy-goldsworthy-project.pdf
    • http://www.gorillawalker.com/trident-the-forging-and-reforging-of-a-navy-seal-leader.pdf
    • http://www.gorillawalker.com/grand-slam-champions-the-official-behind-the-scenes-story-of.pdf
    • http://www.gorillawalker.com/steps-in-time-by-fred-astaire-1959-first-edition.pdf
    • http://www.gorillawalker.com/star-wars-clone-wars-adventures-vol-6.pdf
    • http://www.gorillawalker.com/houghton-mifflin-spelling-and-vocabulary-level-2.pdf
    • http://www.gorillawalker.com/harmony-and-voice-leading-volume-1-second-edition.pdf
    • http://www.gorillawalker.com/early-english-prose-romances-volume-2.pdf
    • http://www.gorillawalker.com/her-ladyship-s-guide-to-the-queen-s-english-by.pdf
    • http://www.gorillawalker.com/the-king-and-the-sea-gecko-press-titles.pdf
    • http://www.gorillawalker.com/rupaul-s-drag-race-mad-libs-adult-mad-libs.pdf
    • http://www.gorillawalker.com/a-history-of-the-comstock-silver-lode-mines-nevada-and.pdf
    • http://www.gorillawalker.com/a-vindication-of-love-reclaiming-romance-for-the-twenty-first.pdf
    • http://www.gorillawalker.com/you-know-who-killed-me-an-amos-walker-novel.pdf
    • http://www.gorillawalker.com/madsaki-jun-takahashi-gas-book-gas-book-series.pdf
    • http://www.gorillawalker.com/diagnosis-and-treatment-of-diseases-in-ayurveda.pdf
    • http://www.gorillawalker.com/introduction-to-schenkerian-analysis.pdf
    • http://www.gorillawalker.com/bible-lessons-for-manhood-from-the-battlefield-of-my-father.pdf
    • http://www.gorillawalker.com/designer-s-guide-to-osha-a-practical-design-guide-to.pdf
    • http://www.gorillawalker.com/casenote-legal-briefs-civil-procedure-keyed-to-friedenthal-miller-sexton.pdf
    • http://www.gorillawalker.com/church-administration-handbook.pdf
    • http://www.gorillawalker.com/three-slices.pdf
    • http://www.gorillawalker.com/following-the-equator-whenever-you-find-yourself-on-the-side.pdf
    • http://www.gorillawalker.com/memoires-d-un-voyage-aux-indes-orientales-1619-1622-un.pdf
    • http://www.gorillawalker.com/the-a
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.