Malicious PDF — malware analysis report

Static analysis result for SHA-256 ac63da8b5875cff9…

MALICIOUS

PDF

48.4 KB Created: 2018-11-15 02:40:25 +03:00 Authoring application: Adobe InDesign CS5.5 (7.5.1) (via Adobe PDF Library 9.9)
MD5: 98c93bf29920a8576a419292e80d9caa SHA-1: 9de59e8d46ffa913ce921fe126b05b9889424472 SHA-256: ac63da8b5875cff91ad5cf0c9dfc680ccea57bcd531a27e6db53d9bfe955ba05
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF file contains a large number of embedded links pointing to external PDF documents on the domain 'gorillawalker.com'. This behavior is indicative of a PDF SEO link farm, a technique often used to manipulate search engine rankings or to distribute malicious payloads disguised as legitimate documents. The ML classifier also flagged this PDF as malicious with a high probability. No scripts were extracted, and the document body was unreadable, limiting further analysis of the specific lure.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8509

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/travels-in-south-eastern-asia-embracing-hindustan-malaya-siam-and.pdf
    • http://www.gorillawalker.com/unfriendly-fire-how-the-gay-ban-undermines-the-military-and.pdf
    • http://www.gorillawalker.com/jewelry-by-artists.pdf
    • http://www.gorillawalker.com/a-culinary-journey-in-gascony-recipes-and-stories-from-my.pdf
    • http://www.gorillawalker.com/los-horrores-de-filipinas-versi-n-castellana-1876-spanish-edition.pdf
    • http://www.gorillawalker.com/managing-the-construction-process-estimating-scheduling-and-project-control-3rd.pdf
    • http://www.gorillawalker.com/best-date-ever-gay-true-stories-that-celebrate-gay-relationships.pdf
    • http://www.gorillawalker.com/the-gun-digest-book-of-pistolsmithing.pdf
    • http://www.gorillawalker.com/the-greatest-christmas-gift.pdf
    • http://www.gorillawalker.com/transmitting-beam-patterns-of-the-atlantic-bottlenose-dolphin-tursiops-truncatus.pdf
    • http://www.gorillawalker.com/when-eric-met-sarah-a-short-story-guilty-displeasures-book.pdf
    • http://www.gorillawalker.com/play-together-stay-together-games-that-fortify-your-family-paperback.pdf
    • http://www.gorillawalker.com/antologia-critica-del-cuento-hispanoamericano-del-siglo-xix-del-romanticismo.pdf
    • http://www.gorillawalker.com/stoner-mctavish.pdf
    • http://www.gorillawalker.com/the-reel-world-scoring-for-pictures-updated-and-revised-edition.pdf
    • http://www.gorillawalker.com/fugal-composition-a-guide-to-the-study-of-bach-s.pdf
    • http://www.gorillawalker.com/the-science-of-soccer-a-bouncing-ball-and-a-banana.pdf
    • http://www.gorillawalker.com/mobil-travel-guide-san-francisco-mobil-travel-guide-city-guides.pdf
    • http://www.gorillawalker.com/the-nuremberg-trials-the-nazis-and-their-crimes-against-humanity.pdf
    • http://www.gorillawalker.com/moral-contexts-feminist-constructions.pdf
    • http://www.gorillawalker.com/der-winsider-i-die-macht-des-geldes-german-edition-kindle.pdf
    • http://www.gorillawalker.com/wastewater-engineering-collection-and-pumping-of-wastewater.pdf
    • http://www.gorillawalker.com/frommer-s-bahamas-2011-frommer-s-complete-guides.pdf
    • http://www.gorillawalker.com/bibliographic-guide-to-maps-and-atlases.pdf
    • http://www.gorillawalker.com/how-to-outsource-the-ultimate-guide-to-making-more-and.pdf
    • http://www.gorillawalker.com/borders-matter-homeland-security-and-the-search-for-north-america.pdf
    • http://www.gorillawalker.com/by-claire-l-wendland-a-heart-for-the-work-journeys.pdf
    • http://www.gorillawalker.com/the-ten-days-executive-and-other-stories-digital.pdf
    • http://www.gorillawalker.com/sharpen-the-fear-an-article-from-bulletin-of-the-atomic.pdf
    • http://www.gorillawalker.com/the-art-of-cutting-tradition-and-new-techniques-for-paper.pdf
    • http://www.gorillawalker.com/black-alpha-takes-the-club-girl-an-interracial-bbc-bmww.pdf
    • http://www.gorillawalker.com/cello-sonata-in-e-minor-rv-40-arrangement-for-cello.pdf
    • http://www.gorillawalker.com/what-we-know-about-implementing-the-findings-of-research-bridging.pdf
    • http://www.gorillawalker.com/the-aspern-papers-and-other-stories.pdf
    • http://www.gorillawalker.com/making-candy-at-home-illustrated.pdf
    • http://www.gorillawalker.com/eyes-wide-open-the-blackstone-affair-part-3-unabridged-audible.pdf
    • http://www.gorillawalker.com/adventures-amidst-the-equatorial-forests-and-rivers-of-south-america.pdf
    • http://www.gorillawalker.com/improving-healthcare-a-dose-of-competition-developments-in-health-economics.pdf
    • http://www.gorillawalker.com/chocolate-honey-bwwm-erotic-romance.pdf
    • http://www.gorillawalker.com/chopin-etude-op-10-no-3-instantly-download-and-print.pdf
    • http://www.gorillawalker.com/managing-the-con
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.