Malicious PDF — malware analysis report

Static analysis result for SHA-256 b80a0951f79b443b…

MALICIOUS

PDF

43.5 KB Created: 2018-12-11 20:46:54 +03:00 Authoring application: Adobe InDesign CS5 (7.0) (via Acrobat Distiller 9.5.3 (Macintosh))
MD5: 35c5d6390585d69f5e0f339ae248ae03 SHA-1: 8ca70209b403375d67cc103b3fc866d48a58ca40 SHA-256: b80a0951f79b443b53f473be7228977e6426e3223feff777d03b02cbf5880447
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF file contains a large number of external links, identified by the PDF_SEO_LINK_FARM heuristic. These links point to various PDF documents on the domain 'gorillawalker.com'. The ML classifier also flagged the document as malicious. The primary attack pattern appears to be a link farm designed to manipulate search engine results or to distribute a large volume of content, potentially malicious, through a seemingly legitimate document.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8223

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/shopping-for-a-billionaire-1.pdf
    • http://www.gorillawalker.com/fundamentals-of-atomic-force-microscopy-part-i-foundations.pdf
    • http://www.gorillawalker.com/perceptions-of-iran-history-myths-and-nationalism-from-medieval-persia.pdf
    • http://www.gorillawalker.com/toward-a-feminist-philosophy-of-economics-economics-as-social-theory.pdf
    • http://www.gorillawalker.com/the-nursing-assistant.pdf
    • http://www.gorillawalker.com/sword-of-the-samurai-adventure-stories-from-japan-trophy-chapter.pdf
    • http://www.gorillawalker.com/christ-and-christmas-a-poem.pdf
    • http://www.gorillawalker.com/leibniz-and-the-kabbalah-archives-internationales-d-histoire-des-id.pdf
    • http://www.gorillawalker.com/grim-grinning-ghosts-2-part.pdf
    • http://www.gorillawalker.com/complete-ielts-bands-6-5-7-5-student-s-pack.pdf
    • http://www.gorillawalker.com/awaken-the-mighty-men-why-the-sanctity-of-life-is.pdf
    • http://www.gorillawalker.com/industrial-sociology.pdf
    • http://www.gorillawalker.com/women-and-mystical-experience-in-the-middle-ages-library-of.pdf
    • http://www.gorillawalker.com/experiment-with-fiction-the-reading-writing-teacher-s-companion.pdf
    • http://www.gorillawalker.com/release-me-humperdinck-piano-vocal-sheet-music.pdf
    • http://www.gorillawalker.com/experiencing-cities-2nd-edition.pdf
    • http://www.gorillawalker.com/the-young-sportsman-s-guide-to-surfing-the-young-sportsman.pdf
    • http://www.gorillawalker.com/dr-jonathan-v-wright-s-nutrition-healing-the-skin-cancer.pdf
    • http://www.gorillawalker.com/preventing-work-stress-addison-wesley-series-on-occupational-stress.pdf
    • http://www.gorillawalker.com/long-day-s-journey-into-night.pdf
    • http://www.gorillawalker.com/creative-lampwork-techniques-and-projects-for-the-art-of-melting.pdf
    • http://www.gorillawalker.com/jai-hind-the-amazing-story-of-subhas-chandra-bose-who.pdf
    • http://www.gorillawalker.com/star-trek-myriad-universes-3-shattered-light-star-trek-all.pdf
    • http://www.gorillawalker.com/the-new-students-veggie-cook-book.pdf
    • http://www.gorillawalker.com/while-in-turkmenistan-basic-etiquettes-and-manners-while-visiting-turkmenistan.pdf
    • http://www.gorillawalker.com/cinematography-screencraft.pdf
    • http://www.gorillawalker.com/from-early-vedanta-to-kashmir-shaivism-gaudapada-bhartrhari-and-abhinavagupta.pdf
    • http://www.gorillawalker.com/self-dori-higher-education-examination-auxiliary-reading-up-collection-legal.pdf
    • http://www.gorillawalker.com/alfred-s-basic-piano-prep-course-technic-book-d-alfred.pdf
    • http://www.gorillawalker.com/the-making-of-harcourt-general-a-history-of-growth-through.pdf
    • http://www.gorillawalker.com/book-of-readings-supplementary-readings-for-declaration-statesmanship.pdf
    • http://www.gorillawalker.com/living-faithfully-as-a-prayer-book-people.pdf
    • http://www.gorillawalker.com/the-nature-and-character-of-god.pdf
    • http://www.gorillawalker.com/when-i-m-with-you-part-viii-when-we-are.pdf
    • http://www.gorillawalker.com/firestorm-danger-com.pdf
    • http://www.gorillawalker.com/object-oriented-technology-from-diagram-to-code-with-visual-paradigm.pdf
    • http://www.gorillawalker.com/gregory-s-street-directories-queensland-brisbane.pdf
    • http://www.gorillawalker.com/what-is-packaging-design-essential-design-handbook.pdf
    • http://www.gorillawalker.com/step-by-step-indian-cooking-step-by-step-cooking.pdf
    • http://www.gorillawalker.com/gothic-art-2016-calendar.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.