Malicious PDF — malware analysis report

Static analysis result for SHA-256 b729ca0b9be88716…

MALICIOUS

PDF

34.0 KB Created: 2020-01-17 19:20:07 +03:00 Authoring application: FrameMaker 12.0.4 (via Acrobat Distiller 11.0 (Windows))
MD5: 4ec300146d586ff3c2dd06d04db152ab SHA-1: e18fa53fb0a600516deb77ecbf7e60262bc63d9d SHA-256: b729ca0b9be88716bf5d863b5835780c78f91e0f1ff9afff30a467cb4ca932a2
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded external links, as indicated by the PDF_SEO_LINK_FARM heuristic. These links all point to PDFs hosted on www.gorillawalker.com. The ML_NYX_PDF_MALICIOUS heuristic also flagged the document as malicious. The document body is heavily obfuscated and does not provide clear textual clues, but the sheer volume of links suggests a malicious intent, likely related to SEO manipulation or distributing further malicious content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8313

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/otaku-japan-146-s-database-animals.pdf
    • http://www.gorillawalker.com/promoting-effective-north-south-ngo-partnerships-intrac-occasional-papers.pdf
    • http://www.gorillawalker.com/raising-lazarus-the-science-of-healing-the-soul.pdf
    • http://www.gorillawalker.com/cajun-and-creole-cooking.pdf
    • http://www.gorillawalker.com/your-favorite-foods-paleo-style-part-1-and-paleo-on.pdf
    • http://www.gorillawalker.com/a-lady-first-my-life-in-the-kennedy-white-house.pdf
    • http://www.gorillawalker.com/land-and-resources-of-ancient-egypt-primary-sources-of-ancient.pdf
    • http://www.gorillawalker.com/dragons-in-persian-mughal-and-turkish-art.pdf
    • http://www.gorillawalker.com/oliver-and-amanda-s-halloween-level-2.pdf
    • http://www.gorillawalker.com/trick-or-treat-livewire-chillers.pdf
    • http://www.gorillawalker.com/houses-of-maine.pdf
    • http://www.gorillawalker.com/firenze-florence-town-plan-michelin-city-plans.pdf
    • http://www.gorillawalker.com/nursing-s-social-policy-statement-the-essence-of-the-profession.pdf
    • http://www.gorillawalker.com/oil-and-the-transformation-of-oman-the-socio-economic-impact.pdf
    • http://www.gorillawalker.com/travellers-guide-to-kenya-and-northern-tanzania.pdf
    • http://www.gorillawalker.com/community-based-system-dynamics.pdf
    • http://www.gorillawalker.com/talking-doctrine-mormons-and-evangelicals-in-conversation.pdf
    • http://www.gorillawalker.com/favorite-hymns-of-praise.pdf
    • http://www.gorillawalker.com/ready-set-learn-word-games-grd-1.pdf
    • http://www.gorillawalker.com/i-see-a-ladybug-rosen-real-readers-stem-and-steam.pdf
    • http://www.gorillawalker.com/recent-advances-in-parallel-virtual-machine-and-message-passing-interface.pdf
    • http://www.gorillawalker.com/the-ambow-vocational-education-standard-materials-the-basis-of-the.pdf
    • http://www.gorillawalker.com/carl-pruscha-himalayan-vernacular.pdf
    • http://www.gorillawalker.com/why-and-how.pdf
    • http://www.gorillawalker.com/streetwise-london-map-laminated-city-center-street-map-of-london.pdf
    • http://www.gorillawalker.com/doris-herman-s-preschool-primer-for-parents-a-question-and.pdf
    • http://www.gorillawalker.com/kapitalgesellschaftsrecht-mit-grundz-gen-des-konzern-und-umwandlungsrechts-springer-lehrbuch.pdf
    • http://www.gorillawalker.com/ethiopia-eritrea-somalia-and-djibouti-the-world-sub-national-map.pdf
    • http://www.gorillawalker.com/english-spelling-collins-webster-s-easy-learning.pdf
    • http://www.gorillawalker.com/hatred-and-forgiveness-european-perspectives-a-series-in-social-thought.pdf
    • http://www.gorillawalker.com/functional-methods-a-manual-for-palpatory-skill-development-in-osteopathic.pdf
    • http://www.gorillawalker.com/greek-lyric-the-new-school-of-poetry-and-anonymous-songs.pdf
    • http://www.gorillawalker.com/green-power-the-environment-movement-in-australia.pdf
    • http://www.gorillawalker.com/forensic-biology-second-edition.pdf
    • http://www.gorillawalker.com/250-nebraska-dmv-practice-test-questions-kindle-edition.pdf
    • http://www.gorillawalker.com/the-great-poem-book.pdf
    • http://www.gorillawalker.com/10-principles-for-doing-effective-couples-therapy.pdf
    • http://www.gorillawalker.com/n-c-a-s-level-1-hockey-coaching-manual.pdf
    • http://www.gorillawalker.com/chile-ilustrado-revista-mensual-volumes-1-2-spanish-edition.pdf
    • http://www.gorillawalker.com/russia-countries-of-the-world.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.