Malicious PDF — malware analysis report

Static analysis result for SHA-256 a98d3033fd728412…

MALICIOUS

PDF

33.4 KB Created: 2020-01-16 21:25:13 +03:00 Authoring application: FrameMaker 7.1 (via Acrobat Distiller 7.0.5 (Windows))
MD5: 0d6e02150387e6380d43c9a401ebd713 SHA-1: 1a1403df02cbd9d500279a57a787bf90e62766df SHA-256: a98d3033fd728412fd7cb88162d5d657663d44ea0fff39d568fe81426011d84e
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF contains a large number of external links, identified by the PDF_SEO_LINK_FARM heuristic. These links point to various book titles hosted on www.gorillawalker.com. The ML_NYX_PDF_MALICIOUS classifier also flagged the document as malicious. The embedded URLs suggest a tactic to drive traffic or potentially distribute further malicious content disguised as legitimate documents.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8529

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/strobe-edge-vol-10.pdf
    • http://www.gorillawalker.com/improvisations-in-creative-drama-a-program-of-workshops-and-dramatic.pdf
    • http://www.gorillawalker.com/angel-of-storms-book-2-of-millennium-s-rule.pdf
    • http://www.gorillawalker.com/behind-the-fence-life-as-a-pow-in-japan-1942.pdf
    • http://www.gorillawalker.com/flick-a-switch-how-electricity-gets-to-your-home-hardcover.pdf
    • http://www.gorillawalker.com/the-yankee-division-in-the-first-world-war-in-the.pdf
    • http://www.gorillawalker.com/walking-taylor-home-a-fatal-disease-a-father-s-love.pdf
    • http://www.gorillawalker.com/following-her-the-unexpected-hero-series.pdf
    • http://www.gorillawalker.com/a-history-of-barbados-from-amerindian-settlement-to-caribbean-single.pdf
    • http://www.gorillawalker.com/introduction-to-tantra-sastra-8th.pdf
    • http://www.gorillawalker.com/memes-rofl-at-these-memes.pdf
    • http://www.gorillawalker.com/my-wish-for-you-this-christmas-satb-satb-piano-sheet.pdf
    • http://www.gorillawalker.com/the-antioxidant-counter-a-pocket-guide-to-the-revolutionary-orac.pdf
    • http://www.gorillawalker.com/flesch-carl-scale-system-cello-arranged-by-wolfgang-boettcher-carl.pdf
    • http://www.gorillawalker.com/the-miracle-of-petroleum-jelly-how-petroleum-jelly-can-enhance.pdf
    • http://www.gorillawalker.com/the-laws-of-robots-crimes-contracts-and-torts-law-governance.pdf
    • http://www.gorillawalker.com/50-ways-to-cope-with-menopause-medical-book-of-remedies.pdf
    • http://www.gorillawalker.com/annual-report-of-the-massachusetts-bar-association-volume-4.pdf
    • http://www.gorillawalker.com/the-pope-and-mussolini-the-secret-history-of-pius-xi.pdf
    • http://www.gorillawalker.com/polarized-law-with-an-english-translation-of-the-hague-conventionson.pdf
    • http://www.gorillawalker.com/lust-and-greed-kindle-edition.pdf
    • http://www.gorillawalker.com/outsourcing-for-radical-change-a-bold-approach-to-enterprise-transformation.pdf
    • http://www.gorillawalker.com/group-exercises-for-adolescents-a-manual-for-therapists-second-edition.pdf
    • http://www.gorillawalker.com/darts-miscellany.pdf
    • http://www.gorillawalker.com/4-24-2015-israel-stocks-buy-sell-hold-ratings-buy.pdf
    • http://www.gorillawalker.com/the-politically-incorrect-ethnic-joke-book-with-something-to-offend.pdf
    • http://www.gorillawalker.com/sourcebook-of-little-walter-big-walter-licks-for-blues-harmonica.pdf
    • http://www.gorillawalker.com/the-training-of-toby-masters-of-the-mansion-book-2.pdf
    • http://www.gorillawalker.com/sprinkler-irrigation-3rd-edition-1969-edition.pdf
    • http://www.gorillawalker.com/love-and-fire-goldedition-german-edition.pdf
    • http://www.gorillawalker.com/im-mighty-japanese-edition.pdf
    • http://www.gorillawalker.com/sql-server-2005-practical-troubleshooting-the-database-engine.pdf
    • http://www.gorillawalker.com/the-new-retirementality-planning-your-life-and-living-your-dreams.pdf
    • http://www.gorillawalker.com/my-syndrome-x-dieting-with-pre-diabetes.pdf
    • http://www.gorillawalker.com/black-and-white-digital-photography-photo-workshop-kindle-edition.pdf
    • http://www.gorillawalker.com/ricci-maternity-pediatric-nursing-2e-text-sg-package.pdf
    • http://www.gorillawalker.com/lust-the-seven-deadly-sins-new-york-public-library-lectures.pdf
    • http://www.gorillawalker.com/jacques-brel-l-oeuvre-integrale-french-edition.pdf
    • http://www.gorillawalker.com/house-of-the-rising-son-living-after-midnight.pdf
    • http://www.gorillawalker.com/supplement-pyramid-how-to-build-your-personalized-nutritional-regimen.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.