Malicious PDF — malware analysis report

Static analysis result for SHA-256 ab8b998d6f683136…

MALICIOUS

PDF

42.6 KB Created: 2019-04-10 12:10:10 +03:00 Authoring application: - (via Acrobat Distiller 5.0.5 (Windows))
MD5: 02ffc99149cbb4d2218718978b097a8f SHA-1: 6ddf354364d00002f0f11c43ce483b3fea7f9ceb SHA-256: ab8b998d6f6831365fd0f2684a734d7eeca8c4554f5ce49364112a07affd50fe
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF was flagged by a machine learning classifier and a critical heuristic for containing a large number of external links. The document body contains numerous URLs pointing to various PDF files hosted on gorillawalker.com. This suggests a link farm or SEO poisoning attack, potentially designed to distribute malware or lead users to malicious sites.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9181

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-complete-idiot-s-guide-to-the-catholic-catechism-idiot.pdf
    • http://www.gorillawalker.com/haven-6-a-new-dawn.pdf
    • http://www.gorillawalker.com/the-gift-of-being-yourself-the-sacred-call-to-self.pdf
    • http://www.gorillawalker.com/mercedes-virtual-reliance-the-centerpiece-of-mercedes-design-strategy-isn.pdf
    • http://www.gorillawalker.com/50-great-horror-stories.pdf
    • http://www.gorillawalker.com/los-recomendados-2011-2012-the-recommended-guia-de-restaurantes-de.pdf
    • http://www.gorillawalker.com/mediterranean-diet-cookbook-for-dummies.pdf
    • http://www.gorillawalker.com/fun-on-the-run-324-instant-family-activities.pdf
    • http://www.gorillawalker.com/introduction-to-mathematical-modeling-and-chaotic-dynamics.pdf
    • http://www.gorillawalker.com/poetry-and-dreams.pdf
    • http://www.gorillawalker.com/discovering-the-service-imperative-how-understanding-your-customers-can-save.pdf
    • http://www.gorillawalker.com/healthcare-heal-thyself.pdf
    • http://www.gorillawalker.com/gustav-mahler-s-american-years-1907-1911-a-documentary-history.pdf
    • http://www.gorillawalker.com/emergency-war-surgery-the-survivalist-s-medical-desk-reference-kindle.pdf
    • http://www.gorillawalker.com/mcdougal-littell-middle-school-math-practice-workbook-course-1.pdf
    • http://www.gorillawalker.com/the-organist-in-season-summer.pdf
    • http://www.gorillawalker.com/bacteria-joe-goodnight-story-for-beginner-reader-in-toddlers-collection.pdf
    • http://www.gorillawalker.com/fall-in-love-with-croatia-the-free-press-invites-you.pdf
    • http://www.gorillawalker.com/building-structures-2nd-edition.pdf
    • http://www.gorillawalker.com/a-journal-of-the-plague-year-oxford-world-s-classics.pdf
    • http://www.gorillawalker.com/intuitive-eating-a-revolutionary-program-that-works.pdf
    • http://www.gorillawalker.com/futa-on-the-beach-collection-futa-on-female-cuckold-gender.pdf
    • http://www.gorillawalker.com/statistical-process-control-demystified.pdf
    • http://www.gorillawalker.com/the-life-of-christ-volume-2.pdf
    • http://www.gorillawalker.com/nine-to-five-fantasies-tales-of-sex-on-the-job.pdf
    • http://www.gorillawalker.com/challenge-the-autobiography-of-colonel-margaret-e-bailey.pdf
    • http://www.gorillawalker.com/cambridge-igcse-physics-coursebook-with-cd-rom-cambridge-international-examinations.pdf
    • http://www.gorillawalker.com/project-origami-activities-for-exploring-mathematics-second-edition.pdf
    • http://www.gorillawalker.com/wolf-six-s-salvation-a-shifter-love-story.pdf
    • http://www.gorillawalker.com/uta-schotten-my-kingdom-is-not-of-this-world.pdf
    • http://www.gorillawalker.com/biorremediaci-n-de-suelos-y-aguas-bioremediation-of-soil-and.pdf
    • http://www.gorillawalker.com/the-pillow-book-of-sei-shonagon-classics.pdf
    • http://www.gorillawalker.com/legumes-for-erosion-control-and-wildlife.pdf
    • http://www.gorillawalker.com/the-treasury-of-david-the-complete-seven-volumes-best-navigation.pdf
    • http://www.gorillawalker.com/i-miss-my-pet-a-first-look-at-when-a.pdf
    • http://www.gorillawalker.com/what-you-must-know-about-kidney-disease-a-practical-guide.pdf
    • http://www.gorillawalker.com/creative-writing-a-workbook-with-readings.pdf
    • http://www.gorillawalker.com/private-life-di-ramon-ddp-vol-viii-italian-edition-kindle.pdf
    • http://www.gorillawalker.com/ferroelectricity-at-the-nanoscale-basics-and-applications-nanoscience-and-technology.pdf
    • http://www.gorillawalker.com/the-saint-bartholomew-s-day-massacre-the-mysteries-of-a.pdf
    • http://www.gorillawalker.com/fun-on-the-run-324-instant-fam
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.