Malicious PDF — malware analysis report

Static analysis result for SHA-256 adb707cf23e94917…

MALICIOUS

PDF

47.0 KB Created: 2019-04-03 18:18:51 +03:00 Authoring application: Adobe InDesign CS6 (Macintosh) (via Acrobat Distiller 10.1.12 (Macintosh))
MD5: d524718044d63f378352a650540837b1 SHA-1: 82b700e7755436e9737c51a4e8274fa3ff327a9d SHA-256: adb707cf23e9491749364e2a43d12f106a005cf74366f1db5aba76aaa431b4e7
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious File

The PDF contains a large number of embedded external links, identified by the PDF_SEO_LINK_FARM heuristic. These links point to various PDF files on the domain www.gorillawalker.com. The ML classifier also flagged this PDF as malicious. The primary attack pattern appears to be a link farm designed to manipulate search engine results or distribute additional malicious content via these linked PDFs.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8518

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/fourier-analysis-and-imaging.pdf
    • http://www.gorillawalker.com/la-nueva-guia-medica-de-remedios-caseros-soluciones-sencillas-ideas.pdf
    • http://www.gorillawalker.com/digger-and-daisy-go-to-the-city-i-am-a.pdf
    • http://www.gorillawalker.com/hakan-s.pdf
    • http://www.gorillawalker.com/the-wisdom-of-the-egyptians-aziloth-books.pdf
    • http://www.gorillawalker.com/an-angel-in-the-sky.pdf
    • http://www.gorillawalker.com/classical-civilisation-a-history-in-ten-chapters.pdf
    • http://www.gorillawalker.com/analyzing-the-importance-of-it-measurements-and-the-organizations-return.pdf
    • http://www.gorillawalker.com/into-africa-the-epic-adventures-of-stanley-and-livingston.pdf
    • http://www.gorillawalker.com/market-monetarism-roadmap-to-economic-prosperity.pdf
    • http://www.gorillawalker.com/moravia-gem-of-the-czech-republic.pdf
    • http://www.gorillawalker.com/the-fair-debt-collection-practices-act-and-bankruptcy-how-the.pdf
    • http://www.gorillawalker.com/ha-ven-s-song-curizan-warrior-book-1.pdf
    • http://www.gorillawalker.com/the-philosophy-of-mathematics.pdf
    • http://www.gorillawalker.com/monster-encyclopaedia-d20.pdf
    • http://www.gorillawalker.com/maturation-phenomenon-in-cerebral-ischemia-ii-neuronal-recovery-and-plasticity.pdf
    • http://www.gorillawalker.com/gace-special-education-academic-content-concentrations-secrets-study-guide-gace.pdf
    • http://www.gorillawalker.com/the-illustrated-encyclopedia-of-extraordinary-automobiles.pdf
    • http://www.gorillawalker.com/great-iowa-walks-50-strolls-rambles-hikes-and-treks-a.pdf
    • http://www.gorillawalker.com/a-field-guide-to-digital-color.pdf
    • http://www.gorillawalker.com/were-potato-chips-really-invented-by-an-angry-chef-and.pdf
    • http://www.gorillawalker.com/gewerbe-und-stra-enrechtliche-probleme-der-landwirtschaftlichen-direktvermarktung-europaeische-hochschulschriften.pdf
    • http://www.gorillawalker.com/the-kansas-city-medical-index-lancet-volume-7.pdf
    • http://www.gorillawalker.com/neural-network-training-using-genetic-algorithms-series-in-machine-perception.pdf
    • http://www.gorillawalker.com/journey-from-child-to-scientist-integrating-cognitive-development-and-the.pdf
    • http://www.gorillawalker.com/alibi-german-edition.pdf
    • http://www.gorillawalker.com/void-s-enigmatic-mansion-chapter-13-void-s-enigmatic-mansion.pdf
    • http://www.gorillawalker.com/75-hikes-in-virginia-s-shenandoah-national-park-100-hikes.pdf
    • http://www.gorillawalker.com/shortcut-to-orthopaedics-what-s-common-and-what-s-important.pdf
    • http://www.gorillawalker.com/international-women-s-rights-equality-and-justice-a-context-and.pdf
    • http://www.gorillawalker.com/hypothyroidism-hypothyroidism-diet-natural-remedies-and-foods-to-boost-your.pdf
    • http://www.gorillawalker.com/bindi-behind-the-scenes-5-bouncing-off-the-menu-kindle.pdf
    • http://www.gorillawalker.com/inequality-and-the-global-economic-crisis.pdf
    • http://www.gorillawalker.com/modern-dance-jooss-leeder-method-2nd-second-edition-by-winearls.pdf
    • http://www.gorillawalker.com/tupac-resurrection.pdf
    • http://www.gorillawalker.com/handbook-of-vowels-and-vowel-disorders-language-and-speech-disorders.pdf
    • http://www.gorillawalker.com/the-rationale-divinorum-officiorum-of-william-durand-of-mende-a.pdf
    • http://www.gorillawalker.com/the-manga-guide-to-electricity-manga-guide-to-print-replica.pdf
    • http://www.gorillawalker.com/the-new-age-of-terrorism-and-the-international-political-system.pdf
    • http://www.gorillawalker.com/spring-forest-qigong-for-healing-level-2.pdf
    • http://www.gorillawalker.com/classical-civili
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.