Malicious PDF — malware analysis report

Static analysis result for SHA-256 af141571645e310d…

MALICIOUS

PDF

43.4 KB Created: 2018-11-14 11:30:55 +03:00 Authoring application: Adobe InDesign CS5.5 (7.5.1) (via Adobe PDF Library 9.9)
MD5: 9d6c201ee171f0ff362c10c0a0e9f749 SHA-1: 60931115223701397dc6365f190f8488a5dd21f7 SHA-256: af141571645e310d783e050a9b7d12c4aaa08a071c24dbb8f4eaa6f24aba3e6a
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious File

The PDF was flagged by a critical heuristic for containing a mass external PDF link farm, with 32 links pointing to URLs hosted on gorillawalker.com. The ML classifier also strongly indicated maliciousness. While no scripts were extracted, the sheer volume of links suggests a malicious intent, possibly for SEO manipulation or to serve as a landing page for further exploits or phishing attempts.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9171

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/tunisia-countries-of-the-world.pdf
    • http://www.gorillawalker.com/museum-and-historic-site-management-a-case-study-approach-american.pdf
    • http://www.gorillawalker.com/qu-mica-ambiental-spanish-edition.pdf
    • http://www.gorillawalker.com/vee-pro-practical-graphical-programming.pdf
    • http://www.gorillawalker.com/101-things-for-kids-in-new-orleans.pdf
    • http://www.gorillawalker.com/the-problem-child-the-sisters-grimm-book-3.pdf
    • http://www.gorillawalker.com/brassica-oilseeds-breeding-and-management.pdf
    • http://www.gorillawalker.com/highland-tales-stories-from-the-highland-brides-guardians-of-the.pdf
    • http://www.gorillawalker.com/american-history.pdf
    • http://www.gorillawalker.com/winning-design-lego-mindstorms-nxt-design-patterns-for-fun-and.pdf
    • http://www.gorillawalker.com/a-test-of-time-and-a-test-of-time-revisited.pdf
    • http://www.gorillawalker.com/discipline-a-play.pdf
    • http://www.gorillawalker.com/afghanistan-cameraoscura-italian-edition.pdf
    • http://www.gorillawalker.com/what-s-out-there-a-book-about-space-reading-railroad.pdf
    • http://www.gorillawalker.com/trading-with-the-enemy-seduction-and-betrayal-on-jim-cramer.pdf
    • http://www.gorillawalker.com/contemporary-issues-in-healthcare-law-and-ethics-fourth-edition.pdf
    • http://www.gorillawalker.com/exploding-the-creativity-myth-the-computational-foundations-of-linguistic-creativity.pdf
    • http://www.gorillawalker.com/athens-rhodes-travel-guide-attractions-eating-drinking-shopping-places-to.pdf
    • http://www.gorillawalker.com/the-guy-who-lost-his-beach-house-one-minute-bible.pdf
    • http://www.gorillawalker.com/diabetes-care-quickstudy-compact.pdf
    • http://www.gorillawalker.com/berlitz-basic-french-french-edition-english-and-french-edition.pdf
    • http://www.gorillawalker.com/perl-one-liners-130-programs-that-get-things-done.pdf
    • http://www.gorillawalker.com/nine-theories-of-religion.pdf
    • http://www.gorillawalker.com/the-practice-of-econometric-theory-an-examination-of-the-characteristics.pdf
    • http://www.gorillawalker.com/choristers-prayer-john-harper-sheet-music.pdf
    • http://www.gorillawalker.com/diesel-fundamentals-and-service-4th-edition.pdf
    • http://www.gorillawalker.com/concrete-repair-and-maintenance-illustrated-problem-analysis-repair-strategy-techniques.pdf
    • http://www.gorillawalker.com/direct-oxidation-of-benzene-to-phenol-investigation-of-the-active.pdf
    • http://www.gorillawalker.com/the-lakotas-and-the-black-hills-the-struggle-for-sacred.pdf
    • http://www.gorillawalker.com/origin-of-turbulence-in-near-wall-flows.pdf
    • http://www.gorillawalker.com/the-shadow-kingdom-and-other-tales.pdf
    • http://www.gorillawalker.com/golden-age-british-civil-aviation-1945-1965.pdf
    • http://www.gorillawalker.com/in-cucina-con-banana-yoshimoto-l-amore-l-amicizia-la.pdf
    • http://www.gorillawalker.com/the-pony-express-the-american-west.pdf
    • http://www.gorillawalker.com/new-york-vertical.pdf
    • http://www.gorillawalker.com/introduction-to-the-algae-2nd-edition.pdf
    • http://www.gorillawalker.com/up-from-slavery-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/times-square-angel.pdf
    • http://www.gorillawalker.com/a-modern-theory-of-integration-graduate-studies-in-mathematics.pdf
    • http://www.gorillawalker.com/all-time-favorite-christmas-cookies.pdf
    • http://www.gorillawalker.com/brassica-oilseeds-breedin
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.