Malicious PDF — malware analysis report

Static analysis result for SHA-256 b3e17e6abf82a070…

MALICIOUS

PDF

45.2 KB Created: 2018-11-26 08:22:52 +03:00 Authoring application: Adobe InDesign CS3 (5.0.3) (via Adobe PDF Library 8.0)
MD5: d90d4b01f84ee5fef5cdc05ae4ec6952 SHA-1: 1e84a8514dccfd5e57f6856a5c0125da5ec4dda6 SHA-256: b3e17e6abf82a070cd441a1090eae952c6e28ca11d0d7fd0fd0f79a32a789b43
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded external links, as indicated by the PDF_SEO_LINK_FARM heuristic. These links point to various PDF files on the domain www.gorillawalker.com. The ML_NYX_PDF_MALICIOUS heuristic also flagged the document as malicious. The document body is heavily obfuscated and does not provide clear textual lures, but the sheer volume of links suggests a non-standard purpose, likely related to SEO manipulation or distributing further malicious content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8439

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/linda-mccartney-s-world-of-vegetarian-cooking-over-200-meat.pdf
    • http://www.gorillawalker.com/rubber-band-religion-kindle-edition.pdf
    • http://www.gorillawalker.com/father-fall-floral-funeral-bulletin.pdf
    • http://www.gorillawalker.com/santa-fe-railway-photo-archive.pdf
    • http://www.gorillawalker.com/landscaping-for-privacy-innovative-ways-to-turn-your-outdoor-space.pdf
    • http://www.gorillawalker.com/italy-handbook-for-travellers-third-part-southern-italy-and-sicily.pdf
    • http://www.gorillawalker.com/now-you-re-logging-35th-anniversary-edition.pdf
    • http://www.gorillawalker.com/a-line-in-the-sand-the-true-story-of-a.pdf
    • http://www.gorillawalker.com/garlic-and-you-the-modern-medicine.pdf
    • http://www.gorillawalker.com/primary-handbook-for-snare-drum.pdf
    • http://www.gorillawalker.com/the-myth-of-seneca-falls-memory-and-the-women-s.pdf
    • http://www.gorillawalker.com/the-fall-of-constantinople-being-the-story-of-the-fourth.pdf
    • http://www.gorillawalker.com/the-harp-its-history-technique-and-repertoire.pdf
    • http://www.gorillawalker.com/lockheed-a-12-the-cia-s-blackbird-and-other-variants.pdf
    • http://www.gorillawalker.com/gendai-no-seimei-hoken-japanese-edition.pdf
    • http://www.gorillawalker.com/islamophobia-thought-crime-of-the-totalitarian-future-kindle-edition.pdf
    • http://www.gorillawalker.com/gin-rummy-how-to-play-and-win.pdf
    • http://www.gorillawalker.com/violin-pieces-the-whole-world-plays-number-5.pdf
    • http://www.gorillawalker.com/node-js-the-right-way-practical-server-side-javascript-that.pdf
    • http://www.gorillawalker.com/health-services-management-cases-readings-and-commentary-tenth-edition.pdf
    • http://www.gorillawalker.com/baptism-in-water-and-baptism-in-the-spirit-a-biblical.pdf
    • http://www.gorillawalker.com/bad-kitty-gets-a-bath.pdf
    • http://www.gorillawalker.com/coach-yourself-to-win-7-steps-to-breakthrough-performance-on.pdf
    • http://www.gorillawalker.com/aboriginal-australia-map-small-flat.pdf
    • http://www.gorillawalker.com/the-sin-of-wages-where-the-conventional-pay-system-has.pdf
    • http://www.gorillawalker.com/grammar-matters-lessons-tips-conversations-using-mentor-texts-k-6.pdf
    • http://www.gorillawalker.com/family-time-and-industrial-time.pdf
    • http://www.gorillawalker.com/facing-the-phoenix-the-cia-and-the-political-defeat-of.pdf
    • http://www.gorillawalker.com/linear-fracture-mechanics-what-it-is-what-it-does.pdf
    • http://www.gorillawalker.com/treatment-of-cancer-by-integrated-chinese-western-medicine.pdf
    • http://www.gorillawalker.com/the-juvenile-court-system-living-with-a-special-need.pdf
    • http://www.gorillawalker.com/cpt-2006-current-procedural-terminology-standard-edition.pdf
    • http://www.gorillawalker.com/soil-biochemistry-volume-10-books-in-soils-plants-and-the.pdf
    • http://www.gorillawalker.com/the-everything-health-guide-to-arthritis-everything-health-everything-health.pdf
    • http://www.gorillawalker.com/diagnosis-and-troubleshooting-of-automotive-electrical-electronic-and-computer-systems.pdf
    • http://www.gorillawalker.com/earth-the-water-planet.pdf
    • http://www.gorillawalker.com/the-sum-of-saving-knowledge-kindle-edition.pdf
    • http://www.gorillawalker.com/granny-s-diet-after-pregnancy-granny-s-diet-series.pdf
    • http://www.gorillawalker.com/mallorca-tramuntana-sud-map-and-hiking-guide.pdf
    • http://www.gorillawalker.com/argonauts-of-the-western-pacific-routledge-classics-kindle-edition.pdf
    • http://www.gorillawalker.com/landscaping-for-privacy-innovative-ways-to-turn
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.