Malicious PDF — malware analysis report

Static analysis result for SHA-256 aa6861a2bb633a1a…

MALICIOUS

PDF

39.8 KB Created: 2018-12-14 20:22:10 +03:00 Authoring application: QuarkXPress¢â: LaserWriter 8 KH-8.7.1 (via Acrobat Distiller 4.05 for Macintosh)
MD5: b433d665dbe65e85c7289ef6e342be0d SHA-1: f94d927744e6a630fa84eff88171c3b334cd2234 SHA-256: aa6861a2bb633a1ace787e5a97547d0b9f7a9fec79270fd474c2e704aea24749
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged this PDF as malicious. The primary attack pattern appears to be a link farm designed to direct users to a large number of documents hosted on www.gorillawalker.com, potentially for SEO manipulation or to distribute other malicious content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9027

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/communicating-in-small-groups-principles-and-practices-9th-edition.pdf
    • http://www.gorillawalker.com/monster-book-of-rock-guitar-tab-play-it-like-it.pdf
    • http://www.gorillawalker.com/the-ring-of-five.pdf
    • http://www.gorillawalker.com/bigger-gender-bender-bundle.pdf
    • http://www.gorillawalker.com/delectably-undone-a-scandalous-liaison-pleasured-by-the-viking-the.pdf
    • http://www.gorillawalker.com/el-mono-inmaduro-spanish-edition.pdf
    • http://www.gorillawalker.com/xxxpleasures-wet-kisses.pdf
    • http://www.gorillawalker.com/crimson-roses-love-endures.pdf
    • http://www.gorillawalker.com/the-faerie-path-lamia-s-revenge-1-the-serpent-awakes.pdf
    • http://www.gorillawalker.com/typography-now-the-next-wave.pdf
    • http://www.gorillawalker.com/in-the-common-defense-national-security-law-for-perilous-times.pdf
    • http://www.gorillawalker.com/grammar-punctuation-usborne-better-english.pdf
    • http://www.gorillawalker.com/mastering-fireworks-smashing-ebooks-book-33-kindle-edition.pdf
    • http://www.gorillawalker.com/the-forgotten-highlander-an-incredible-wwii-story-of-survival-in.pdf
    • http://www.gorillawalker.com/eminem-and-the-detroit-rap-scene-white-kid-in-a.pdf
    • http://www.gorillawalker.com/girl-on-a-motorcycle-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/winsor-pilates-power-sculpting-with-resistance-advanced.pdf
    • http://www.gorillawalker.com/best-of-vermont.pdf
    • http://www.gorillawalker.com/unifying-themes-in-complex-systems-vol-vi-proceedings-of-the.pdf
    • http://www.gorillawalker.com/martin-s-team-kindle-edition.pdf
    • http://www.gorillawalker.com/the-real-deal-mills-boon-blaze-lose-yourself-book-2.pdf
    • http://www.gorillawalker.com/bsava-manual-of-canine-and-feline-cardiorespiratory-medicine.pdf
    • http://www.gorillawalker.com/the-experience-of-god-kindle-edition.pdf
    • http://www.gorillawalker.com/the-world-of-private-banking-studies-in-banking-and-financial.pdf
    • http://www.gorillawalker.com/the-construction-worker.pdf
    • http://www.gorillawalker.com/goodman-s-five-star-stories-discoveries.pdf
    • http://www.gorillawalker.com/being-sugar-ray-sugar-ray-robinson-america-s-greatest-boxer.pdf
    • http://www.gorillawalker.com/edexcel-certificate-international-gcse-chemistry-exam-practice-workbook-with-answers.pdf
    • http://www.gorillawalker.com/orchids.pdf
    • http://www.gorillawalker.com/the-primary-source-and-true-foundation-of-rastafari-the-holy.pdf
    • http://www.gorillawalker.com/coast-to-coast-the-grass-roots-of-new-zealand-rugby.pdf
    • http://www.gorillawalker.com/ethel-waters-stormy-weather.pdf
    • http://www.gorillawalker.com/dale-earnhardt-jr-nascar-drivers-coloring-sticker-book.pdf
    • http://www.gorillawalker.com/minecraft-70-top-minecraft-house-redstone-ideas-exposed-special-2.pdf
    • http://www.gorillawalker.com/information-literacy-assessment.pdf
    • http://www.gorillawalker.com/the-far-country.pdf
    • http://www.gorillawalker.com/higher-judo-groundwork.pdf
    • http://www.gorillawalker.com/garden-bouquets-2015-calendar-multilingual-edition.pdf
    • http://www.gorillawalker.com/wagon-master.pdf
    • http://www.gorillawalker.com/beauty-s-daughter-the-story-of-hermione-and-helen-of.pdf
    • http://www.gorillawalker.com/delectabl
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.