Malicious PDF — malware analysis report

Static analysis result for SHA-256 af280b3b1e0c5530…

MALICIOUS

PDF

41.5 KB Created: 2019-02-12 18:05:46 +03:00 Authoring application: Adobe InDesign CS3 (5.0) (via Adobe PDF Library 8.0)
MD5: fd8ce95c908a0b1774b50831ac03acd2 SHA-1: 3bce2c39655ec834375c52804ae347db2338f92a SHA-256: af280b3b1e0c5530f73919b30c861bf48e96968fe3a31de6378fc0207d908c81
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious File

The PDF file was flagged by a machine learning classifier as malicious and contains a large number of embedded links to external PDF files hosted on www.gorillawalker.com. This behavior is indicative of a link farm or a distribution mechanism for further malicious content, likely aimed at SEO manipulation or driving traffic to malicious sites. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8872

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/pauses-for-40-words-for-40-days.pdf
    • http://www.gorillawalker.com/regulation-of-care-scotland-bill-scottish-parliament-bills.pdf
    • http://www.gorillawalker.com/professional-archery-technique.pdf
    • http://www.gorillawalker.com/shaman-king-vol-30-kindle-edition.pdf
    • http://www.gorillawalker.com/vatican-ii-revisited-reflections-by-one-who-was-there.pdf
    • http://www.gorillawalker.com/aaa-australia-essential-guide-aaa-essential-travel-guide-series.pdf
    • http://www.gorillawalker.com/fossil-fish-found-alive-discovering-the-coelacanth-carolrhoda-photo-books.pdf
    • http://www.gorillawalker.com/hell-bent-the-crazy-truth-about-the-win-or-else.pdf
    • http://www.gorillawalker.com/string-orchestra-accompaniments-to-solos-from-volumes-1-2.pdf
    • http://www.gorillawalker.com/skin-cancer-the-biology-of-cancer.pdf
    • http://www.gorillawalker.com/the-event-and-its-terrors-ireland-famine-modernity-cultural-memory.pdf
    • http://www.gorillawalker.com/regal-legal-outllines-securities-regulation-kindle-edition.pdf
    • http://www.gorillawalker.com/christian-self-mastery.pdf
    • http://www.gorillawalker.com/time-for-bed-bunny.pdf
    • http://www.gorillawalker.com/biology-coloring-workbook-coloring-workbooks.pdf
    • http://www.gorillawalker.com/catch-a-fire-the-life-of-bob-marley.pdf
    • http://www.gorillawalker.com/special-siblings-growing-up-with-someone-with-a-disability-revised.pdf
    • http://www.gorillawalker.com/paleo-grilling-recipes-and-paleo-indian-recipes-2-book-combo.pdf
    • http://www.gorillawalker.com/the-earth-gods.pdf
    • http://www.gorillawalker.com/japan-s-postwar-history-second-edition.pdf
    • http://www.gorillawalker.com/the-power-of-unstoppable-faith-your-keys-to-a-fulfilled.pdf
    • http://www.gorillawalker.com/the-child-the-family-and-the-outside-world-classics-in.pdf
    • http://www.gorillawalker.com/the-definition-of-anti-semitism.pdf
    • http://www.gorillawalker.com/the-old-man-and-the-sea.pdf
    • http://www.gorillawalker.com/the-book-of-gold-leaves.pdf
    • http://www.gorillawalker.com/trickster-s-choice-daughter-of-the-lioness-book-1.pdf
    • http://www.gorillawalker.com/cad-layer-guidelines-computer-aided-design-management-techniques-for-architecture.pdf
    • http://www.gorillawalker.com/negro-with-a-hat-the-rise-and-fall-of-marcus.pdf
    • http://www.gorillawalker.com/prelude-to-a-secret-harmless-book-2.pdf
    • http://www.gorillawalker.com/give-me-shelter-the-failure-of-canada-s-cold-war.pdf
    • http://www.gorillawalker.com/low-dimensional-systems-theory-preparation-and-some-applications-nato-science.pdf
    • http://www.gorillawalker.com/das-verfassungsprinzip-der-toleranz-unter-besonderer-ber-cksichtigung-der-rechtsprechung.pdf
    • http://www.gorillawalker.com/a-chronicle-of-magpies.pdf
    • http://www.gorillawalker.com/the-kingdom-of-charlie.pdf
    • http://www.gorillawalker.com/clinical-anatomy-a-case-study-approach.pdf
    • http://www.gorillawalker.com/avenging-us-rocker-series-book-3.pdf
    • http://www.gorillawalker.com/basics-of-keyboard-theory-level-2.pdf
    • http://www.gorillawalker.com/hand-reflexology-revised-expanded.pdf
    • http://www.gorillawalker.com/prophecies-libels-dreams-stories.pdf
    • http://www.gorillawalker.com/building-on-soft-soils.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.