Malicious PDF — malware analysis report

Static analysis result for SHA-256 b73178d3cbf59914…

MALICIOUS

PDF

44.1 KB Created: 2018-12-15 20:08:50 +03:00 Authoring application: - (via Acrobat Distiller 2.0 for Macintosh)
MD5: 05a86524d3f33fe9f7b9c7e3083e2723 SHA-1: 29dd477e75b2553e4a5ee8cb89f9f39204295837 SHA-256: b73178d3cbf59914b781413301c067fdf9f64f7eb1ee3cb2a65d6f3a678b524e
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious File

The PDF was flagged by a machine learning classifier as malicious and contains a large number of embedded links to external PDF files hosted on 'gorillawalker.com'. This suggests a link farm or distribution mechanism for potentially malicious content. No scripts were extracted, and the document body was heavily obfuscated, limiting further analysis of the specific payload.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8859

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/beyond-the-firmament-understanding-science-and-the-theology-of-creation.pdf
    • http://www.gorillawalker.com/museums-and-galleries-of-new-york-city-insight-guide-museums.pdf
    • http://www.gorillawalker.com/hobo-stories.pdf
    • http://www.gorillawalker.com/why-grow-up-philosophy-in-transit.pdf
    • http://www.gorillawalker.com/american-map-akron-summit-portage-counties-ohio-street-atlas.pdf
    • http://www.gorillawalker.com/mangosteen-shocking-discoveries.pdf
    • http://www.gorillawalker.com/the-glenn-miller-songbook-the-canadian-brass-limited-edition-series.pdf
    • http://www.gorillawalker.com/a-companion-to-the-classical-greek-world-blackwell-companions-to.pdf
    • http://www.gorillawalker.com/quiero-tocar-la-trumpeta-i-want-to-play-the-trumpet.pdf
    • http://www.gorillawalker.com/x-minus-one-old-time-radio-classic-radio-science-fiction.pdf
    • http://www.gorillawalker.com/his-captive-mortal.pdf
    • http://www.gorillawalker.com/strategic-internal-communication-how-to-build-employee-engagement-and-performance.pdf
    • http://www.gorillawalker.com/correos-de-jes-s-para-ti-coleccion-semillas-spanish-edition.pdf
    • http://www.gorillawalker.com/scintillating-fiber-detectors-proceedings-of-the-scifi-93-workshop-notre.pdf
    • http://www.gorillawalker.com/the-agnostic.pdf
    • http://www.gorillawalker.com/new-techniques-in-thoracic-imaging.pdf
    • http://www.gorillawalker.com/a-chimpanzee-in-the-wine-cellar-kindle-edition.pdf
    • http://www.gorillawalker.com/hal-leonard-recording-method-book-4-sequencing-samples-loops-music.pdf
    • http://www.gorillawalker.com/the-regulatory-challenge.pdf
    • http://www.gorillawalker.com/governor-henry-ellis-and-the-transformation-of-british-north-america.pdf
    • http://www.gorillawalker.com/sadhus-holy-men-of-india.pdf
    • http://www.gorillawalker.com/collecting-books-on-athletics-and-the-olympic-games-a-bibliography.pdf
    • http://www.gorillawalker.com/how-commodities-trading-works-real-world-economics.pdf
    • http://www.gorillawalker.com/akeldam.pdf
    • http://www.gorillawalker.com/w-rterbuch-labor-laboratory-dictionary-deutsch-englisch-english-german-german.pdf
    • http://www.gorillawalker.com/encyclopedia-of-systems-and-control.pdf
    • http://www.gorillawalker.com/malo-s-amazing-adventures-excitement-along-the-river.pdf
    • http://www.gorillawalker.com/danse-macabre-hardcover.pdf
    • http://www.gorillawalker.com/more-caribbean-cookery-for-vegans.pdf
    • http://www.gorillawalker.com/understanding-and-treating-pathological-narcissism.pdf
    • http://www.gorillawalker.com/travels-in-turkey-asia-minor-syria-and-across-the-desert.pdf
    • http://www.gorillawalker.com/first-words-primeras-palabras-flash-cards-brighter-child-flash-cards.pdf
    • http://www.gorillawalker.com/self-publisher-s-legal-handbook-the-step-by-step-guide.pdf
    • http://www.gorillawalker.com/market-timing-and-moving-averages-an-empirical-analysis-of-performance.pdf
    • http://www.gorillawalker.com/an-introduction-to-distributed-algorithms.pdf
    • http://www.gorillawalker.com/court-of-protection-practice-2010.pdf
    • http://www.gorillawalker.com/women-writing-africa-the-northern-region-v-4.pdf
    • http://www.gorillawalker.com/hybridity-limits-transformations-prospects-suny-series-explorations-in-postcolonial-studies.pdf
    • http://www.gorillawalker.com/auditory-processing-deficits-assessment-and-intervention.pdf
    • http://www.gorillawalker.com/7-day-detox-change-your-eating-habits-for-life.pdf
    • http://www.gorillawalker.com/the-glenn-miller-songbook-the-canadian-brass-limited-edition-
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.