Malicious PDF — malware analysis report

Static analysis result for SHA-256 b43bc0a352ed036f…

MALICIOUS

PDF

43.1 KB Created: 2018-11-14 11:20:23 +03:00 Authoring application: pdftk 1.44 - www.pdftk.com (via itext-paulo-155 (itextpdf.sf.net-lowagie.com))
MD5: eb0e5798652e8df38fda5ecce13da47a SHA-1: 04c4b03f59016aef9d17a6cc47e26352e90cfbdd SHA-256: b43bc0a352ed036fe3ed11c6b6a3b22ca25bdb4798b3ff6b1c2b656edb2addda
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links pointing to external PDF files, primarily hosted on www.gorillawalker.com. This heuristic firing suggests a link farm or a method to distribute further malicious content. The ML classifier also flagged this PDF as malicious. No scripts were extracted, and the document body was not parsable.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8698

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/transformational-executive-coaching.pdf
    • http://www.gorillawalker.com/the-outdoor-living-room-stylish-ideas-for-porches-patios-and.pdf
    • http://www.gorillawalker.com/is-work-killing-you-a-doctor-s-prescription-for-treating.pdf
    • http://www.gorillawalker.com/men-s-health-best-abs-by-unknown-rodale-books-2005.pdf
    • http://www.gorillawalker.com/ferrari-the-grand-prix-cars.pdf
    • http://www.gorillawalker.com/multiphysics-simulation-electromechanical-system-applications-and-optimization-simulation-foundations-methods.pdf
    • http://www.gorillawalker.com/chicago-s-big-teams-great-moments-of-the-cubs-bears.pdf
    • http://www.gorillawalker.com/to-live-and-die-with-dignity-a-guide-to-living.pdf
    • http://www.gorillawalker.com/the-complete-beatles-songs.pdf
    • http://www.gorillawalker.com/autumn-rose-the-dark-heroine-unabridged-digital.pdf
    • http://www.gorillawalker.com/wild-in-the-city-guide-to-portland-s-natural-areas.pdf
    • http://www.gorillawalker.com/the-telling-room-a-tale-of-love-betrayal-and-the.pdf
    • http://www.gorillawalker.com/theory-and-practice-in-mediterranean-archaeology-old-world-and-new.pdf
    • http://www.gorillawalker.com/movement-for-actors.pdf
    • http://www.gorillawalker.com/the-complete-idiot-s-guide-to-pressure-cooking-idiot-s.pdf
    • http://www.gorillawalker.com/oregon-for-the-curious-revised-second-edition.pdf
    • http://www.gorillawalker.com/from-mud-huts-to-skyscrapers.pdf
    • http://www.gorillawalker.com/mel-bay-dulcimer-chord-book.pdf
    • http://www.gorillawalker.com/introduction-to-the-uniform-geometrical-theory-of-diffraction-artech-house.pdf
    • http://www.gorillawalker.com/darkstone-the-perfection-of-wisdom.pdf
    • http://www.gorillawalker.com/mayweather-the-making-of-money-sensational-story-of-floyd-mayweather.pdf
    • http://www.gorillawalker.com/gray-justice-a-tom-gray-novel.pdf
    • http://www.gorillawalker.com/this-child-will-be-great-memoir-of-a-remarkable-life.pdf
    • http://www.gorillawalker.com/battle-of-britain-harry-woods-england-1939-1941-my-story.pdf
    • http://www.gorillawalker.com/windows-vista-tips-and-tricks-in-easy-steps.pdf
    • http://www.gorillawalker.com/i-ve-got-a-grill-now-what.pdf
    • http://www.gorillawalker.com/sports-coach-teach-rec-sport.pdf
    • http://www.gorillawalker.com/applied-coding-and-information-theory-for-engineers.pdf
    • http://www.gorillawalker.com/the-mid-atlantic-region-the-greenwood-encyclopedia-of-american-regional.pdf
    • http://www.gorillawalker.com/cantabile-in-d-major-for-flute-and-piano-by-niccolo.pdf
    • http://www.gorillawalker.com/rabbit-race-animal-ark-pets-3.pdf
    • http://www.gorillawalker.com/the-birth-of-the-grand-old-party-the-republicans-first.pdf
    • http://www.gorillawalker.com/advanced-renderman-creating-cgi-for-motion-pictures-the-morgan-kaufmann.pdf
    • http://www.gorillawalker.com/un-libro-ilustrado-sobre-martin-luther-king-hijo-an-illustrated.pdf
    • http://www.gorillawalker.com/adolf-in-wonderland.pdf
    • http://www.gorillawalker.com/paleo-a-simple-start-to-the-7-day-paleo-diet.pdf
    • http://www.gorillawalker.com/adrenal-fatigue-syndrome-how-to-treat-adrenal-fatigue-naturally.pdf
    • http://www.gorillawalker.com/untethered.pdf
    • http://www.gorillawalker.com/the-golden-state-warriors-team-spirit.pdf
    • http://www.gorillawalker.com/national-labor-relations-board-nlrb-style-manual-a-guide-for.pdf
    • http://www.gorillawalker.com/chicago-s-big-teams-great-moments-of-the-cub
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.